Inspection fichier hijack
totof159
-
jimkiller Messages postés 2177 Statut Membre -
jimkiller Messages postés 2177 Statut Membre -
Bonjour,
je souhaiterais avoir votre avis sur mon fichier log merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26:55, on 25/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\RunOnce: [SpybotDeletingA3117] command.com /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4037] cmd.exe /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5750] command.com /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3913] cmd.exe /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3987] command.com /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2711] cmd.exe /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA634] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4550] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9668] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4455] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4497] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6390] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6823] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3917] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2429] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2826] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7495] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7457] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9129] command.com /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7196] cmd.exe /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6546] command.com /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9141] cmd.exe /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg"
O4 - HKCU\..\Run: [dll] rundll32 dll32,sm
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB3398] command.com /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4243] cmd.exe /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4765] command.com /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6568] cmd.exe /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3401] command.com /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD451] cmd.exe /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8367] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6328] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7341] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8690] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4687] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5417] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9349] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1920] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7576] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4227] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9224] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5933] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9507] command.com /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7480] cmd.exe /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7389] command.com /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7568] cmd.exe /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\Run: [dll] rundll32 dll32,sm (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingB3398] command.com /c del "C:\Program Files\Everest Poker\casino.exe" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingB3401] command.com /c del "C:\Program Files\Everest Poker\gvmain.exe" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingD451] cmd.exe /c del "C:\Program Files\Everest Poker\gvmain.exe" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingB8367] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingD6328] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingB7341] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingD8690] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingB4687] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingD5417] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingB9349] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingD1920] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingB7576] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingD4227] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingB9224] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingD5933] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingB9507] command.com /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingD7480] cmd.exe /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingB7389] command.com /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingD7568] cmd.exe /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08d9 -f video -m logitech -d 11.0.0.1213 (User '?')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08d9 -f video -m logitech -d 11.0.0.1213 (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/...
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
je souhaiterais avoir votre avis sur mon fichier log merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26:55, on 25/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\RunOnce: [SpybotDeletingA3117] command.com /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4037] cmd.exe /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5750] command.com /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3913] cmd.exe /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3987] command.com /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2711] cmd.exe /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA634] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4550] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9668] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4455] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4497] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6390] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6823] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3917] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2429] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2826] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7495] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7457] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9129] command.com /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7196] cmd.exe /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6546] command.com /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9141] cmd.exe /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg"
O4 - HKCU\..\Run: [dll] rundll32 dll32,sm
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB3398] command.com /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4243] cmd.exe /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4765] command.com /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6568] cmd.exe /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3401] command.com /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD451] cmd.exe /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8367] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6328] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7341] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8690] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4687] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5417] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9349] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1920] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7576] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4227] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9224] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5933] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9507] command.com /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7480] cmd.exe /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7389] command.com /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7568] cmd.exe /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\Run: [dll] rundll32 dll32,sm (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingB3398] command.com /c del "C:\Program Files\Everest Poker\casino.exe" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingB3401] command.com /c del "C:\Program Files\Everest Poker\gvmain.exe" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingD451] cmd.exe /c del "C:\Program Files\Everest Poker\gvmain.exe" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingB8367] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingD6328] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingB7341] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingD8690] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingB4687] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingD5417] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingB9349] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingD1920] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingB7576] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingD4227] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingB9224] command.com /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingD5933] cmd.exe /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingB9507] command.com /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingD7480] cmd.exe /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingB7389] command.com /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg" (User '?')
O4 - HKUS\S-1-5-21-1482476501-1409082233-725345543-1003\..\RunOnce: [SpybotDeletingD7568] cmd.exe /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08d9 -f video -m logitech -d 11.0.0.1213 (User '?')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Fichiers communs\logishrd\WUApp32.exe -v 0x046d -p 0x08d9 -f video -m logitech -d 11.0.0.1213 (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/...
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
A voir également:
- Inspection fichier hijack
- Fichier bin - Guide
- Fichier epub - Guide
- Fichier rar - Guide
- Comment réduire la taille d'un fichier - Guide
- Fichier .dat - Guide
