Aller au contenu

ptipolo

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    68

  • Inscription

  • Dernière visite

Tout ce qui a été posté par ptipolo

  1. ptipolo
    bonjour, Voici le rapport de malwarebyte Malwarebytes' Anti-Malware 1.33 Version de la base de données: 1712 Windows 6.0.6001 Service Pack 1 01/02/2009 15:49:40 mbam-log-2009-02-01 (15-49-40).txt Type de recherche: Examen complet (C:\|D:\|E:\|F:\|N:\|) Eléments examinés: 247019 Temps écoulé: 2 hour(s), 14 minute(s), 22 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 6 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Windows\System32\regedit.com (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\System32\cmd.com (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\System32\ping.com (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\System32\netstat.com (Worm.Alcra) -> Quarantined and deleted successfully. C:\Windows\System32\tasklist.com (Worm.Alcra) -> Quarantined and deleted successfully. C:\Windows\System32\tracert.com (Worm.Alcra) -> Quarantined and deleted successfully. Et voici le rapport hijickthis. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:51:56, on 01/02/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\CyberLink\PCM4Everio\EverioService.exe C:\Windows\System32\rundll32.exe C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Valve\Steam\Steam.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe C:\Program Files\Common Files\Teleca Shared\logger.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe C:\Program Files\HomePlayer\HomePlayer.exe C:\Program Files\HomePlayer\vlc\vlc.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe C:\Users\ptipolo\AppData\Local\Temp\ARCAE51\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 7072 bytes
  2. ptipolo
    bonjour j ai effectué un scan de mon DD principal avec Avast antivirus et je trouve des infections par win32 trojan-gen et win32 adware-gen. Du coup j ai realiser un rapport hijackthis que je vous soumet pour m apporter une aide pour virer ces sales betes svp Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:08:02, on 31/01/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\CyberLink\PCM4Everio\EverioService.exe C:\Windows\System32\rundll32.exe C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\taskeng.exe C:\Program Files\Valve\Steam\Steam.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\rundll32.exe C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Common Files\Teleca Shared\logger.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe C:\Windows\System32\mobsync.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe C:\PROGRA~1\IZArc\IZArc.exe C:\Users\ptipolo\AppData\Local\Temp\ARC13C4\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [MRT] "C:\Windows\system32\MRT.exe" /R O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 7109 bytes merci
  3. ptipolo
    merci pour les conseils Donc MSNFix, ne trouve rien et MalwareByte meme resultat, les deux ne trouvent rien de suspect sur mon ordi. je ne sais aps si je dois m en rejouir ou pas merci de toute façon du coup de main, au moins je sais que mon systeme est sain
  4. ptipolo
    je viens de faire le scan avec DSS. voici le rapport Deckard's System Scanner v20071014.68 Run by ptipolo on 2008-07-10 12:04:09 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 5 Restore Point(s) -- 14: 2008-07-09 22:00:01 UTC - RP116 - Point de contrôle planifié 13: 2008-07-09 01:00:52 UTC - RP115 - Windows Update 12: 2008-07-08 21:57:01 UTC - RP114 - Point de contrôle planifié 11: 2008-07-07 22:11:38 UTC - RP113 - Point de contrôle planifié 10: 2008-07-06 23:43:59 UTC - RP112 - Windows Update -- First Restore Point -- 1: 2008-07-01 05:12:56 UTC - RP103 - Service Pack 1 de Windows Vista Backed up registry hives. Performed disk cleanup. -- HijackThis (run as ptipolo.exe) --------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:05:37, on 10/07/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe C:\Program Files\CyberLink\PCM4Everio\EverioService.exe C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe C:\Windows\System32\rundll32.exe C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\ptipolo\Desktop\hijackthis\dss.exe C:\Windows\system32\conime.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\ptipolo\Desktop\HIJACK~1\ptipolo.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\\Steam.exe -silent O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 5664 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- All drivers whitelisted. -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 x10nets (X10 Device Network Service) - c:\progra~1\common~1\x10\common\x10nets.exe <Not Verified; X10; x10 Module> S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home> S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; Microsoft Corporation; Windows Live installer> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Files created between 2008-06-10 and 2008-07-10 ----------------------------- 2008-07-01 07:41:05 0 d-------- C:\PerfLogs 2008-06-28 14:23:03 0 d-------- C:\Program Files\IZArc 2008-06-24 00:26:34 0 d-------- \ProgramData\Macrovision 2008-06-24 00:26:31 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-06-23 11:10:26 0 d-------- C:\Program Files\Ubisoft 2008-06-23 10:52:35 0 d-------- C:\Program Files\Microsoft Xbox 360 Accessories 2008-06-17 23:07:56 0 d-------- C:\Program Files\Common Files\Sony Ericsson Shared 2008-06-17 23:07:42 0 d-------- C:\Program Files\Common Files\Teleca Shared 2008-06-17 23:06:09 0 d-------- C:\Windows\Downloaded Installations 2008-06-16 17:57:17 0 d-------- C:\Program Files\Microsoft Works 2008-06-16 17:56:44 0 d-------- C:\Program Files\Microsoft.NET 2008-06-16 17:53:21 0 dr-h----- C:\MSOCache 2008-06-14 16:14:26 0 d-------- C:\Program Files\VideoLAN 2008-06-11 23:20:48 0 d-------- C:\Program Files\Common Files\Adobe(1) 2008-06-11 23:20:48 0 d-------- C:\Program Files\Adobe(0) 2008-06-11 23:11:11 0 d-------- C:\Program Files\Intuwave 2008-06-11 23:11:08 0 d-------- C:\Program Files\Symbian 2008-06-11 23:10:49 0 d-------- \ProgramData\Sony Ericsson 2008-06-11 23:10:43 0 d-------- C:\Program Files\Sony Ericsson 2008-06-11 23:10:43 0 d-------- \ProgramData\Teleca -- Find3M Report --------------------------------------------------------------- 2008-07-10 12:04:10 0 d-------- \Windows 2008-07-10 12:04:06 0 d-------- \Deckard 2008-07-10 00:00:12 0 d--hs---- \System Volume Information 2008-07-09 03:12:32 669340 --a------ C:\Windows\system32\perfh00C.dat 2008-07-09 03:12:32 123350 --a------ C:\Windows\system32\perfc00C.dat 2008-07-09 03:07:50 2143821824 --ahs---- \hiberfil.sys 2008-07-09 03:07:49 2147483647 --ahs---- \pagefile.sys 2008-07-09 03:06:51 0 d-------- C:\Program Files\Windows Mail 2008-07-08 23:15:40 0 d--h----- \ProgramData 2008-07-01 07:47:49 0 d--hs---- \Boot 2008-07-01 07:47:41 174 --ahs---- C:\Program Files\desktop.ini 2008-07-01 07:41:40 0 d-------- C:\Program Files\Windows Sidebar 2008-07-01 07:41:40 0 d-------- C:\Program Files\Windows Calendar 2008-07-01 07:41:40 0 d-------- C:\Program Files\Movie Maker 2008-07-01 07:41:39 0 d-------- C:\Program Files\Windows Photo Gallery 2008-07-01 07:41:39 0 d-------- C:\Program Files\Windows Journal 2008-07-01 07:41:39 0 d-------- C:\Program Files\Windows Collaboration 2008-07-01 07:41:38 0 d-------- C:\Program Files\Windows Defender 2008-07-01 07:41:05 0 d-------- \PerfLogs 2008-06-28 14:23:03 0 dr------- \Program Files 2008-06-24 09:08:43 0 d-------- C:\Program Files\Common Files\Adobe 2008-06-24 00:26:31 0 d-------- C:\Program Files\Common Files 2008-06-24 00:25:07 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-06-20 21:35:43 0 d-------- C:\Program Files\Common Files\Steam 2008-06-16 17:53:21 0 dr-h----- \MSOCache 2008-06-09 18:21:41 0 d-------- C:\Program Files\Valve 2008-06-09 15:30:21 0 d-------- C:\Program Files\HomePlayer 2008-06-08 15:59:49 0 d-------- C:\Program Files\Microsoft Silverlight 2008-06-08 15:54:02 0 d-------- C:\Program Files\CyberLink 2008-06-08 15:53:43 0 d-------- C:\Program Files\Home Cinema 2008-06-08 15:17:47 0 d-------- C:\Program Files\MSXML 4.0 2008-06-08 15:14:39 0 d-------- C:\Program Files\Windows Live 2008-06-08 15:14:26 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller 2008-06-08 14:49:10 0 d--hs---- \$RECYCLE.BIN 2008-06-08 14:48:38 0 dr------- \Users 2008-06-08 14:44:58 0 d-------- C:\Program Files\Windows NT 2008-06-08 14:44:58 0 d--hs---- C:\Program Files\Fichiers communs -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 16:40] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [11/08/2005 17:30] "QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [05/07/2006 01:01] "RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [06/12/2006 19:37] "LanguageShortcut"="C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe" [05/12/2006 23:55] "EverioService"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" [06/06/2007 14:34] "PC Suite for Smartphones"="C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [25/12/2007 14:53] "XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [26/09/2007 18:05] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16] "NvSvc"="C:\Windows\system32\nvsvc.dll" [06/11/2007 20:00] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [06/11/2007 20:00] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [06/11/2007 20:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [19/01/2008 09:33] "Steam"="C:\Program Files\Valve\Steam\\Steam.exe" [09/06/2008 18:33] "mRouterConfig"="C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [02/03/2006 11:54] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [24/06/2008 00:26:14] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) "EnableUIADesktopToggle"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7395f6f0-4026-11dd-bec0-0019db4fd236}] AutoRun\command- M:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec28e05f-355f-11dd-82e9-806e6f6e6963}] AutoRun\command- G:\install.EXE id= ver=1.0.0.0 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec28e060-355f-11dd-82e9-806e6f6e6963}] AutoRun\command- H:\FileRgn.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-07-10 12:07:10 ------------
  5. ptipolo
    Bonjour à tous, JE vous post mon rapport hijackthis cause j ai tout le temps de messages intempstifs du genre http://*******.imagefrosty.info qui se balance à tous ses contacts et que je reçois egalement. du couop j ai penser a poster un rapport pour voir si quelque chose cloche (le contraire m etonnerai ) merci pour le coup de main Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:43:56, on 10/07/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe C:\Program Files\CyberLink\PCM4Everio\EverioService.exe C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe C:\Windows\System32\rundll32.exe C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Users\ptipolo\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [steam] C:\Program Files\Valve\Steam\\Steam.exe -silent O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 5152 bytes
  6. ptipolo
    ceci etant dit alex32 si tu as dejà une petite idée du probleme et enventuellement de la solution surtout n hesite
  7. ptipolo
    c est pas faux, mais je n en sais pas plus que ça. apparament un pb depûis msn qui a ouvert une fenetre et depuis il ne peut plus acceder a sa boite hotmail et ni msn sinon pour ma part j ai dejà poster plusieurs fois des rapport HJT et meme sans mettre un detail du pb rencontrer on a toujours été en mesure de me dire ce qu il y avai comme probleme et quel solution apporter merci tout de meme, j attends bien sur quand meme de l aide a qui voudra bien
  8. ptipolo
    pouvez vous m aider svp, c est pour un ami qui est en galere
  9. ptipolo
    bonjour a tous gros probleme sur pc portable impossible de se connecter sur toutes les boites de messageries visiblement un troyen mais je capte aps tout merci du coup de main voici le rapport hijickthis Logfile of HijackThis v1.99.1 Scan saved at 00:05:11, on 28/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\acer\epm\epm-dm.exe C:\Program Files\Arcade\PCMService.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\PowerKey.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSDCtrl.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\MessengerSkinner\MessengerSkinner.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe" O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [oqrstvdxfb] c:\windows\system32\oqrstvdxfb.exe oqrstvdxfb O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [yxrvpda] c:\windows\system32\yxrvpda.exe yxrvpda O4 - HKLM\..\Run: [fpqmkb] c:\windows\system32\fpqmkb.exe fpqmkb O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\felicia\LOCALS~1\Temp\winlogon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/ O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.0.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O21 - SSODL: printers - {07A13A3D-EFDB-40EC-9BF9-6BBFDAC7EAF0} - msn.dll (file missing) O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: MS Internet Countermeasures Framework (ICF) - Unknown owner - C:\WINDOWS\system32\icf.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
  10. ptipolo
    Logfile of HijackThis v1.99.1 Scan saved at 00:05:11, on 28/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\acer\epm\epm-dm.exe C:\Program Files\Arcade\PCMService.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\PowerKey.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSDCtrl.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\MessengerSkinner\MessengerSkinner.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe" O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [oqrstvdxfb] c:\windows\system32\oqrstvdxfb.exe oqrstvdxfb O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [yxrvpda] c:\windows\system32\yxrvpda.exe yxrvpda O4 - HKLM\..\Run: [fpqmkb] c:\windows\system32\fpqmkb.exe fpqmkb O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\felicia\LOCALS~1\Temp\winlogon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/ O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.0.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O21 - SSODL: printers - {07A13A3D-EFDB-40EC-9BF9-6BBFDAC7EAF0} - msn.dll (file missing) O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: MS Internet Countermeasures Framework (ICF) - Unknown owner - C:\WINDOWS\system32\icf.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
  11. ptipolo
    rapport hijackthis Logfile of HijackThis v1.99.1 Scan saved at 21:55:52, on 23/03/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE D:\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe D:\Griasoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\WINDOWS\system32\imapi.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\UPHClean\uphclean.exe D:\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe D:\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe D:\D-Tools\daemon.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe D:\Grisoft\AVG Anti-Spyware 7.5\avgas.exe D:\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe D:\Microsoft ActiveSync\WCESCOMM.EXE D:\Logitech\SetPoint\SetPoint.exe C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE C:\WINDOWS\system32\svchost.exe D:\MOZILL~1\FIREFOX.EXE F:\MARC\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MsnMsgr] "D:\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Microsoft ActiveSync\WCESCOMM.EXE" O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O17 - HKLM\System\CCS\Services\Tcpip\..\{A6A7B538-1B8F-4676-A3E2-4AB0D4CB5EE5}: NameServer = 212.27.32.5,212.27.32.176 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WBSrv - D:\\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Tuneuputility2007\WinStylerThemeSvc.exe O23 - Service: WMP54Gv4SVC - Unknown owner - D:\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing) rapport avg --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 21:47:44 23/03/2007 + Résultat de l'analyse: :mozilla.23:C:\Documents and Settings\MARCO\Application Data\Mozilla\Firefox\Profiles\9uhbuy6b.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé. C:\Documents and Settings\MARCO\Cookies\marco@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé. :mozilla.26:C:\Documents and Settings\MARCO\Application Data\Mozilla\Firefox\Profiles\9uhbuy6b.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.27:C:\Documents and Settings\MARCO\Application Data\Mozilla\Firefox\Profiles\9uhbuy6b.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.28:C:\Documents and Settings\MARCO\Application Data\Mozilla\Firefox\Profiles\9uhbuy6b.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. Fin du rapport rapport sdfix SDFix: Version 1.74 Run by MARCO - 23/03/2007 - 21:49:47,73 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Entries Restoring Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found... ADS Check: C:\WINDOWS\system32 No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "E:\\Battlefield 2\\BF2.exe"="E:\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2" "D:\\MSN Messenger\\msnmsgr.exe"="D:\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0" "D:\\MSN Messenger\\msncall.exe"="D:\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "D:\\eMule\\emule.exe"="D:\\eMule\\emule.exe:*:Enabled:eMule" "D:\\Freeplayer\\vlc\\vlc.exe"="D:\\Freeplayer\\vlc\\vlc.exe:*:Enabled:VLC media player" "E:\\Cod2\\CoD2MP_s.exe"="E:\\Cod2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s" "D:\\Xfire\\Xfire.exe"="D:\\Xfire\\Xfire.exe:*:Enabled:Xfire" "E:\\counter\\SteamApps\\marc902\\counter-strike source\\hl2.exe"="E:\\counter\\SteamApps\\marc902\\counter-strike source\\hl2.exe:*:Enabled:hl2" "C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\2ex9.modul32.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\2ex9.modul32.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\37exinjs21.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\37exinjs21.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\26ex10.modul32.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\26ex10.modul32.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\78exinjs21.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\78exinjs21.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\71ex10.modul32.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\71ex10.modul32.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\92exinjs21.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\92exinjs21.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\46exinjs31.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\46exinjs31.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\79exinjs31.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\79exinjs31.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\59exinjs31.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\59exinjs31.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\2exinjs31.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\2exinjs31.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\74exinjs31.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\74exinjs31.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\22exinjs31.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\22exinjs31.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\53exinjs31.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\53exinjs31.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\16exinjs31.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\16exinjs31.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\53exinjs32.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\53exinjs32.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\96exinjs32.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\96exinjs32.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\89exinjs32.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\89exinjs32.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\95exinjs32.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\95exinjs32.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\18exinjs32.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\18exinjs32.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\6exinjs.1.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\6exinjs.1.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\92exinjs.1.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\92exinjs.1.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\14exinjs.1.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\14exinjs.1.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\66exinjs.3.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\66exinjs.3.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\68exinjs.3.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\68exinjs.3.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\14exinjs.3.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\14exinjs.3.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\75exinjs.3.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\75exinjs.3.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\81exinjs.3.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\81exinjs.3.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\62exinjs.3.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\62exinjs.3.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\26exinjs.3.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\26exinjs.3.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\61exinjs.5.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\61exinjs.5.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\92exinjs.5.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\92exinjs.5.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\40exinjs.5.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\40exinjs.5.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\84exinjs.5.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\84exinjs.5.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\63exinjs.5.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\63exinjs.5.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\29exinjs.5.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\29exinjs.5.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\41exinjs.j.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\41exinjs.j.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\49exinjs.j.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\49exinjs.j.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\30exinjs.j.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\30exinjs.j.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\32exed32.1.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\32exed32.1.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\54exinjs.j.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\54exinjs.j.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\99exinjs.j.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\99exinjs.j.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\84exinjs.j.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\84exinjs.j.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\exinjs.j.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\exinjs.j.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\57exinjs.j.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\57exinjs.j.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\92exinjs.j.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\92exinjs.j.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\74exinjs.j.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\74exinjs.j.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\29exinjs.j.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\29exinjs.j.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\56exinjs.j.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\56exinjs.j.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\45exinjs.j.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\45exinjs.j.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\11exinjs.j.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\11exinjs.j.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\79exinjs.j.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\79exinjs.j.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\82exed32.1.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\82exed32.1.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\75exinjs.j.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\75exinjs.j.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\1exinjs.j.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\1exinjs.j.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\52exinjs.j.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\52exinjs.j.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\23exinjs.j.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\23exinjs.j.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\67exinjs.j.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\67exinjs.j.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\69exed32.1.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\69exed32.1.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\17exinjs.j.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\17exinjs.j.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\53exinjs.j.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\53exinjs.j.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\68exinjs.j.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\68exinjs.j.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\78exinjs.j.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\78exinjs.j.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\71exed32.1.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\71exed32.1.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\92exml32.1.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\92exml32.1.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\58exinjs.j.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\58exinjs.j.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\38exinjs.j.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\38exinjs.j.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\94exinjs.k.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\94exinjs.k.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\54exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\54exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\92exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\92exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\77exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\77exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\30exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\30exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\61exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\61exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\47exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\47exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\6exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\6exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\10exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\10exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\24exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\24exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\28exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\28exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\43exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\43exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\67exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\67exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\29exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\29exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\88exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\88exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\44exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\44exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\11exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\11exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\15exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\15exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\83exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\83exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\33exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\33exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\16exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\16exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\58exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\58exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\23exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\23exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\85exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\85exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\17exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\17exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\32exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\32exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\60exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\60exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\21exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\21exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\75exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\75exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\49exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\49exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\89exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\89exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\31exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\31exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\94exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\94exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\19exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\19exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\22exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\22exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\74exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\74exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\79exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\79exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\55exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\55exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\34exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\34exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\59exinjs.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\59exinjs.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\36exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\36exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\33exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\33exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\70exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\70exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\67exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\67exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\56exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\56exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\61exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\61exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\87exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\87exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\30exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\30exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\58exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\58exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\74exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\74exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\77exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\77exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\86exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\86exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\32exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\32exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\80exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\80exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\94exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\94exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\71exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\71exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\57exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\57exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\62exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\62exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\44exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\44exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\1exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\1exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\50exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\50exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\21exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\21exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\53exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\53exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\3exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\3exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\99exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\99exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\65exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\65exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\19exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\19exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\89exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\89exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\79exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\79exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\49exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\49exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\98exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\98exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\16exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\16exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\28exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\28exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\34exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\34exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\27exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\27exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\48exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\48exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\51exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\51exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\84exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\84exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\73exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\73exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\31exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\31exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\37exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\37exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\68exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\68exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\23exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\23exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\95exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\95exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\60exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\60exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\52exinjs.m.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\52exinjs.m.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\47exinjs.n.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\47exinjs.n.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\40exinjs.n.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\40exinjs.n.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\23exinjs.n.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\23exinjs.n.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\74exinjs.n.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\74exinjs.n.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\7exinjs.n.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\7exinjs.n.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\66exinjs.n.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\66exinjs.n.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\5exinjs.n.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\5exinjs.n.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\53exinjs.n.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\53exinjs.n.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\86exinjs.n.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\86exinjs.n.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\1exinjs.n.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\1exinjs.n.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\59exinjs.n.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\59exinjs.n.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\63exmodul32f.f.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\63exmodul32f.f.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\5exmodul32f.i.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\5exmodul32f.i.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\43exmodul32f.i.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\43exmodul32f.i.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\40exmodul32f.i.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\40exmodul32f.i.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\85exmodul32f.i.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\85exmodul32f.i.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\29exmodul32f.i.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\29exmodul32f.i.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\24exmodul32f.i.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\24exmodul32f.i.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\87exmodul32f.i.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\87exmodul32f.i.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\75exmodul32f.i.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\75exmodul32f.i.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\81exmodul32f.i.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\81exmodul32f.i.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\36exmodul32f.i.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\36exmodul32f.i.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\58exmodul32f.i.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\58exmodul32f.i.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\78exmodul32f.i.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\78exmodul32f.i.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\62exmodul32f.i.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\62exmodul32f.i.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\17exmodul32f.j.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\17exmodul32f.j.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\30exmodul32f.j.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\30exmodul32f.j.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\21exmodul32f.k.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\21exmodul32f.k.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\86exmodul32f.k.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\86exmodul32f.k.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\23exmodul32f.k.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\23exmodul32f.k.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\96exmodul32f.k.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\96exmodul32f.k.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\58exmodul32f.k.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\58exmodul32f.k.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\14exmodul32f.k.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\14exmodul32f.k.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\85exmodul32f.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\85exmodul32f.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\43exmodul32f.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\43exmodul32f.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\18exmodul32f.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\18exmodul32f.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\89exmodul32f.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\89exmodul32f.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\12exmodul32f.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\12exmodul32f.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\38exmodul32f.l.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\38exmodul32f.l.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\17exmodul32f.n.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\17exmodul32f.n.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\27exmodul32f.n.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\27exmodul32f.n.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\86exmodul32f.n.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\86exmodul32f.n.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\41exmodul32f.n.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\41exmodul32f.n.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\88exmodul32f.n.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\88exmodul32f.n.exe:*:Enabled:Microsoft Update" "C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\1exmodul32f.o.exe"="C:\\DOCUME~1\\MARCO\\LOCALS~1\\Temp\\1exmodul32f.o.exe:*:Enabled:Microsoft Update" "E:\\Battlefield_2142-Razor1911\\BF2142.exe"="E:\\Battlefield_2142-Razor1911\\BF2142.exe:*:Enabled:Battlefield 2" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "D:\\Microsoft ActiveSync\\wcescomm.exe"="D:\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\\MSN Messenger\\msnmsgr.exe"="D:\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0" "D:\\MSN Messenger\\msncall.exe"="D:\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files: --------------- Checking For Files with Hidden Attributes : C:\Documents and Settings\MARCO\Local Settings\Application Data\Microsoft\Messenger\lanfa1973@hotmail.com\Sharing Folders\dominic.76@hotmail.fr\Thumbs.db C:\Documents and Settings\MARCO\Local Settings\Application Data\Microsoft\Messenger\lanfa1973@hotmail.com\Sharing Folders\miel76000@hotmail.com\Thumbs.db C:\Documents and Settings\MARCO\Local Settings\Application Data\Microsoft\Messenger\lanfa1973@hotmail.com\Sharing Folders\miel76000@hotmail.com\Photos Lanfa\Thumbs.db C:\Documents and Settings\MARCO\Local Settings\Application Data\Microsoft\Messenger\lanfa1973@hotmail.com\Sharing Folders\miel76000@hotmail.com\Photos Miel\Ordinateur Michel\Thumbs.db C:\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe C:\Documents and Settings\All Users\DRM\Cache\Indiv04.tmp Finished
  12. ptipolo
    voici le rapport --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 20:56:54 23/03/2007 + Résultat de l'analyse: C:\Documents and Settings\MARCO\Local Settings\Temp\tmp1.tmp -> Downloader.Zlob : Aucune action entreprise. C:\WINDOWS\system32\nvsvcd.exe -> Downloader.Zlob : Aucune action entreprise. C:\Documents and Settings\All Users\Documents\setup.exe -> Proxy.Horst.wz : Aucune action entreprise. C:\Documents and Settings\MARCO\Local Settings\Temp\setup.exe -> Proxy.Horst.wz : Aucune action entreprise. C:\WINDOWS\system32\spool\drivers\setup.exe -> Proxy.Horst.wz : Aucune action entreprise. C:\Documents and Settings\MARCO\Cookies\marco@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise. C:\Documents and Settings\MARCO\Cookies\marco@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise. C:\Documents and Settings\MARCO\Cookies\marco@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise. C:\Documents and Settings\MARCO\Cookies\marco@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Aucune action entreprise. C:\WINDOWS\system\smss.exe -> Trojan.Agent.xa : Aucune action entreprise. F:\Divers\Michel\Ecrans de Veille\Ecrans de veille\dossier\Screensavers - Ecrans De Veille - 45 Differents\screensavers\SnowFall.scr -> Trojan.NSAnti.A : Aucune action entreprise. Fin du rapport
  13. ptipolo
    euh les gens se serai cool de doner un coup de main sont pc est visiblement verolé mais je ne sais pas avec quoi
  14. ptipolo
    pouvez m aider le pc de mon pote deconne a fond, et le formatage me parai la solution des faible^^ j aimerai votre aide sur le rapport hijackthis que voici pc amd 3500+ 2giga memoire Logfile of HijackThis v1.99.1 Scan saved at 18:59:14, on 23/03/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE D:\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\UPHClean\uphclean.exe D:\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe D:\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe D:\D-Tools\daemon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe D:\Logitech\SetPoint\SetPoint.exe C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\svchost.exe D:\Microsoft ActiveSync\WCESCOMM.EXE C:\DOCUME~1\MARCO\LOCALS~1\Temp\28exym50_2.2.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE D:\WinRAR\WinRAR.exe C:\DOCUME~1\MARCO\LOCALS~1\Temp\Rar$EX00.406\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [MsnMsgr] "D:\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Microsoft ActiveSync\WCESCOMM.EXE" O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O17 - HKLM\System\CCS\Services\Tcpip\..\{A6A7B538-1B8F-4676-A3E2-4AB0D4CB5EE5}: NameServer = 212.27.32.5,212.27.32.176 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WBSrv - D:\\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Tuneuputility2007\WinStylerThemeSvc.exe O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe O23 - Service: WMP54Gv4SVC - Unknown owner - D:\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
  15. ptipolo
    en fait je protege mon pc en allant pas surfer n importe ou et en supprimant les mails de personnes inconnues http://forum.zebulon.fr/style_images/1/fol...icons/icon4.gif http://forum.zebulon.fr/style_images/1/fol...icons/icon4.gif donc je ne n ai pas d anti virus, puisqu il ne servent a dire que je suis infecter et non pas eviter l infectionhttp://forum.zebulon.fr/style_images/1/folder_post_icons/icon13.gif http://forum.zebulon.fr/style_images/1/fol...cons/icon13.gif antivir je suis aller le chercher puisqu il me semblai bien que j avais choper une verole. je vais finir comme tu le precise et merci encore pour le coup de main zeb ça dechire http://forum.zebulon.fr/style_images/1/fol...cons/icon12.gif http://forum.zebulon.fr/style_images/1/fol...cons/icon12.gif
  16. ptipolo
    rapport kapersky ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Thursday, February 22, 2007 8:44:38 PM Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 22/02/2007 Enregistrements dans la base antivirus Kaspersky : 257219 ------------------------------------------------------------------------------- Paramètres d'analyse: Analyser avec la base antivirus suivante: standard Analyser les archives: vrai Analyser les bases de messagerie: vrai Cible de l'analyse - Dossiers: C:\ Statistiques de l'analyse: Total d'objets analysés: 39495 Nombre de virus trouvés: 0 Nombre d'objets infectés: 0 / 0 Nombre d'objets suspects: 0 Durée de l'analyse: 00:29:10 Nom de l'objet infecté / Nom du virus / Dernière action C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\ptipolo\Application Data\Mozilla\Firefox\Profiles\pm9kdodp.default\cert8.db L'objet est verrouillé ignoré C:\Documents and Settings\ptipolo\Application Data\Mozilla\Firefox\Profiles\pm9kdodp.default\formhistory.dat L'objet est verrouillé ignoré C:\Documents and Settings\ptipolo\Application Data\Mozilla\Firefox\Profiles\pm9kdodp.default\history.dat L'objet est verrouillé ignoré C:\Documents and Settings\ptipolo\Application Data\Mozilla\Firefox\Profiles\pm9kdodp.default\key3.db L'objet est verrouillé ignoré C:\Documents and Settings\ptipolo\Application Data\Mozilla\Firefox\Profiles\pm9kdodp.default\parent.lock L'objet est verrouillé ignoré C:\Documents and Settings\ptipolo\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\ptipolo\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\ptipolo\Local Settings\Application Data\Microsoft\Messenger\ptipolo@free.fr\SharingMetadata\Logs\Dfsr00005.log L'objet est verrouillé ignoré C:\Documents and Settings\ptipolo\Local Settings\Application Data\Microsoft\Messenger\ptipolo@free.fr\SharingMetadata\pending.dat L'objet est verrouillé ignoré C:\Documents and Settings\ptipolo\Local Settings\Application Data\Microsoft\Messenger\ptipolo@free.fr\SharingMetadata\Working\database_7CA4_AA9E_A4AA_5B02\dfsr.db L'objet est verrouillé ignoré C:\Documents and Settings\ptipolo\Local Settings\Application Data\Microsoft\Messenger\ptipolo@free.fr\SharingMetadata\Working\database_7CA4_AA9E_A4AA_5B02\fsr.log L'objet est verrouillé ignoré C:\Documents and Settings\ptipolo\Local Settings\Application Data\Microsoft\Messenger\ptipolo@free.fr\SharingMetadata\Working\database_7CA4_AA9E_A4AA_5B02\fsrtmp.log L'objet est verrouillé ignoré C:\Documents and Settings\ptipolo\Local Settings\Application Data\Microsoft\Messenger\ptipolo@free.fr\SharingMetadata\Working\database_7CA4_AA9E_A4AA_5B02\tmp.edb L'objet est verrouillé ignoré C:\Documents and Settings\ptipolo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\ptipolo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\ptipolo\Local Settings\Application Data\Microsoft\Windows Live Contacts\ptipolo@free.fr\real\members.stg L'objet est verrouillé ignoré C:\Documents and Settings\ptipolo\Local Settings\Application Data\Microsoft\Windows Live Contacts\ptipolo@free.fr\shadow\members.stg L'objet est verrouillé ignoré C:\Documents and Settings\ptipolo\Local Settings\Application Data\Mozilla\Firefox\Profiles\pm9kdodp.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré C:\Documents and Settings\ptipolo\Local Settings\Application Data\Mozilla\Firefox\Profiles\pm9kdodp.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré C:\Documents and Settings\ptipolo\Local Settings\Application Data\Mozilla\Firefox\Profiles\pm9kdodp.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré C:\Documents and Settings\ptipolo\Local Settings\Application Data\Mozilla\Firefox\Profiles\pm9kdodp.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré C:\Documents and Settings\ptipolo\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\ptipolo\Local Settings\Historique\History.IE5\MSHist012007022220070223\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\ptipolo\Local Settings\Temp\~DF1322.tmp L'objet est verrouillé ignoré C:\Documents and Settings\ptipolo\Local Settings\Temp\~DF132D.tmp L'objet est verrouillé ignoré C:\Documents and Settings\ptipolo\Local Settings\Temp\~DFA62.tmp L'objet est verrouillé ignoré C:\Documents and Settings\ptipolo\Local Settings\Temp\~DFA6D.tmp L'objet est verrouillé ignoré C:\Documents and Settings\ptipolo\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré C:\Documents and Settings\ptipolo\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\ptipolo\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\ptipolo\ntuser.dat.LOG L'objet est verrouillé ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\System Volume Information\_restore{E90FA1F1-7E03-470A-AAAA-D3EFE839B059}\RP80\change.log L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\EventCache\{E8B25882-8B58-43C5-A18C-953B18650747}.bin L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré Analyse terminée.
  17. ptipolo
    voici le rapport hijackthis apres desinfection totale via navilog et ashampoo Logfile of HijackThis v1.99.1 Scan saved at 17:35:58, on 22/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\ptipolo\Bureau\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O10 - Broken Internet access because of LSP provider 'xfire_lsp_11078.dll' missing O11 - Options group: [iNTERNATIONAL] International* O17 - HKLM\System\CCS\Services\Tcpip\..\{8CCC6415-0028-46F2-91FB-8A1CC2207226}: NameServer = 86.64.145.142 84.103.237.142 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  18. ptipolo
    desinfection ok, voici le raport Clean Navipromo version 1.0.3 commencé le 22/02/2007 à 17:09:15,76 Fix lancé depuis C:\Documents and Settings\ptipolo\Bureau\navilog Mise a jour le 21.02.2007 a 17h00 by IL-MAFIOSO Executé en mode sans echec Mode suppression par méthode manuelle Nom du fichier saisi : crgujencxf *** Recherche, Creation backups et suppression *** C:\WINDOWS\system32\crgujencxf_navup.dat absent ! C:\WINDOWS\system32\crgujencxf_navtmp.dat absent ! C:\WINDOWS\system32\crgujencxf_m2s.xml absent ! C:\WINDOWS\system32\crgujencxf.exe trouvé ! Copie C:\WINDOWS\system32\crgujencxf.exe réalisé avec succès ! C:\WINDOWS\system32\crgujencxf.exe supprimé ! C:\WINDOWS\system32\crgujencxf.dat trouvé ! Copie C:\WINDOWS\system32\crgujencxf.dat réalisé avec succès ! C:\WINDOWS\system32\crgujencxf.dat supprimé ! C:\WINDOWS\system32\crgujencxf_nav.dat trouvé ! Copie C:\WINDOWS\system32\crgujencxf_nav.dat réalisé avec succès ! C:\WINDOWS\system32\crgujencxf_nav.dat supprimé ! C:\WINDOWS\system32\crgujencxf_navps.dat trouvé ! Copie C:\WINDOWS\system32\crgujencxf_navps.dat réalisé avec succès ! C:\WINDOWS\system32\crgujencxf_navps.dat supprimé ! C:\WINDOWS\prefetch\crgujencxf*.pf trouvé ! Copie C:\WINDOWS\prefetch\crgujencxf*.pf réalisé avec succès ! C:\WINDOWS\prefetch\crgujencxf*.pf supprimé ! *** Suppression dossiers dans C:\WINDOWS *** *** Suppression dossiers dans C:\Program Files *** *** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data *** *** Suppression dossiers dans C:\Documents and Settings\Administrateur\Application Data *** *** Suppression fichiers *** C:\WINDOWS\tmlpcert2007 supprimé ! C:\WINDOWS\system32\nvs2.inf supprimé ! C:\WINDOWS\system32\prodsrvs.exe supprimé ! *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\Administrateur\Local Settings\Temp effectué ! *** Sauvegarde du registre vers dossier Backupnavi*** sauvegarde du registre réalisée avec succès ! *** Nettoyage registre *** Nettoyage registre Ok *** Module de recherche complémentaire *** (recherche fichiers spécifiques) Le fix ne traite pas ce résultat. Fichiers à supprimer si nécéssaire *** Nettoyage termine le 22/02/2007 à 17:13:53,92 ***
  19. ptipolo
    toujours aussi rapides voici le rapport 02/22/07 16:35:54 [info]: BlackLight Engine 1.0.55 initialized 02/22/07 16:35:54 [info]: OS: 5.1 build 2600 (Service Pack 2) 02/22/07 16:35:54 [Note]: 7019 4 02/22/07 16:35:54 [Note]: 7005 0 02/22/07 16:35:56 [Note]: 7006 0 02/22/07 16:35:56 [Note]: 7011 1920 02/22/07 16:35:56 [Note]: 7026 0 02/22/07 16:35:56 [Note]: 7026 0 02/22/07 16:35:56 [Note]: 7024 3 02/22/07 16:35:56 [info]: Hidden process: C:\windows\system32\crgujencxf.exe 02/22/07 16:35:57 [Note]: FSRAW library version 1.7.1021 02/22/07 16:37:39 [info]: Hidden file: c:\WINDOWS\system32\crgujencxf.dat 02/22/07 16:37:39 [Note]: 10002 1 02/22/07 16:37:40 [info]: Hidden file: C:\windows\system32\crgujencxf.exe 02/22/07 16:37:40 [Note]: 10002 1 02/22/07 16:37:40 [info]: Hidden file: c:\WINDOWS\system32\crgujencxf_nav.dat 02/22/07 16:37:40 [Note]: 10002 1 02/22/07 16:37:41 [info]: Hidden file: c:\WINDOWS\system32\crgujencxf_navps.dat 02/22/07 16:37:41 [Note]: 10002 1 02/22/07 16:38:36 [Note]: 7007 0
  20. ptipolo
    toujours aussi rapides voici le rapport 02/22/07 16:35:54 [info]: BlackLight Engine 1.0.55 initialized 02/22/07 16:35:54 [info]: OS: 5.1 build 2600 (Service Pack 2) 02/22/07 16:35:54 [Note]: 7019 4 02/22/07 16:35:54 [Note]: 7005 0 02/22/07 16:35:56 [Note]: 7006 0 02/22/07 16:35:56 [Note]: 7011 1920 02/22/07 16:35:56 [Note]: 7026 0 02/22/07 16:35:56 [Note]: 7026 0 02/22/07 16:35:56 [Note]: 7024 3 02/22/07 16:35:56 [info]: Hidden process: C:\windows\system32\crgujencxf.exe 02/22/07 16:35:57 [Note]: FSRAW library version 1.7.1021 02/22/07 16:37:39 [info]: Hidden file: c:\WINDOWS\system32\crgujencxf.dat 02/22/07 16:37:39 [Note]: 10002 1 02/22/07 16:37:40 [info]: Hidden file: C:\windows\system32\crgujencxf.exe 02/22/07 16:37:40 [Note]: 10002 1 02/22/07 16:37:40 [info]: Hidden file: c:\WINDOWS\system32\crgujencxf_nav.dat 02/22/07 16:37:40 [Note]: 10002 1 02/22/07 16:37:41 [info]: Hidden file: c:\WINDOWS\system32\crgujencxf_navps.dat 02/22/07 16:37:41 [Note]: 10002 1 02/22/07 16:38:36 [Note]: 7007 0
  21. ptipolo
    bonjour a tous juste besoin de votre avis sur ce rapport, merci d avance Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\Xfire\Xfire.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Valve\Steam\Steam.exe C:\WINDOWS\system32\prodsrvs.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\ptipolo\Bureau\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [instant Access] C:\WINDOWS\system32\prodsrvs.exe /res O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O10 - Broken Internet access because of LSP provider 'xfire_lsp_11078.dll' missing O11 - Options group: [iNTERNATIONAL] International* O17 - HKLM\System\CCS\Services\Tcpip\..\{8CCC6415-0028-46F2-91FB-8A1CC2207226}: NameServer = 84.103.237.144 86.64.145.144 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  22. ptipolo
    bonjour les gens, je vais m appuyer sur le precedent topic deposer par ricou et reviendrai au cas ou merci encore pour la rapidité et l efficacité @++
  23. ptipolo
    bonjour zebulonniens zebulonniennes j aimerai pouvoir numeriser mes quelques videos de vacances passées qui sont sur des k7 vhs ou mini k7 vhs je n aimerai pas mettre plus de 100€ dans le materiel et/ou logiciel merci d avance
  24. ptipolo

    gros prob avec mes avi !

    ptipolo a répondu à un(e) sujet de raziel007 dans Software

    Salut raziel, je ne comprends pas comment ces fichiers on t pu disparaitre, en revanche j ai dejà eu des problemes similaire de fichiers qui disparaiise, notament grace a partition magic . Pour retrouver mes fichiers j ai fait appel a; O&O diskrecovery et le resulat est garantie car il permet de recuperer tout les fichiers effacés et donc tes fichires AVI y compris j espere que ma reponse t aidera
  25. ptipolo

    counter strike source

    ptipolo a répondu à un(e) sujet de ptipolo dans Software

    desoler d avoir été long a repondre , mais comme ça fonctionnais pas....il a fallut chercher ailleur et la reponse est venue de zone alarm. je l ai virer (il lui arrive d etre en conflit avec d autres logiciels) et j ai install kerio personnal firewall et depuis ça fonctionne au poil. merci a tous de votre aide
×
×
  • Créer...