Sujet Précédent Sujet Suivant

Virus win 32 horst

Résolu/Fermé
gromik - 27 avril 2007 à 13:45
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 - 29 avril 2007 à 18:25
Bonjour,
je recois plein de cheval de troie que je met en vain en quarantaine,
des win32horst.....
Je suis novice en informatique
aidez moi SVP
A voir également:

5 réponses

Réponse 1 / 5
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
27 avril 2007 à 13:48
bonjour,

* Télécharge HijackThis et poste le rapport stp

http://pchelpbordeaux.free.fr/logiciels.html
Tutorial
http://pchelpbordeaux.free.fr/tuto.html
Démo en image
http://pageperso.aol.fr/balltrap34/demohijack.htm

et

* Télécharge CCleaner.

https://www.pcastuces.com/logitheque/ccleaner.htm

Installe le dans un répertoire dédié.

Décoche pendant l'installation

--- les deux cases "Ajouter l'option ... "

--- Contrôler les mises à jour

--- Ajouter la Barre d'Outils Yahoo! CCleaner

* Lance Ccleaner pour un nettoyage complet.

------

* télécharge AVG Anti-Spyware (ewido)

https://www.avg.com/en-ww/free-antivirus-download

* tu l'installes

* lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente

puis

Lance AVG Anti-Spyware

Clique sur le bouton Analyse (de la barre d'outils)

puis fait dans l'ordre stp. Tu sauvegardes le rapport APRES avoir mis les actions.

Puis sur l'onglet Paramètres,
sous : "Comment réagir "clique sur Actions recommandées. Sélectionne Quarantaine.

Reviens à l'onglet Analyse. Clique sur Analyse complète du système.

A la fin du scan, choisis l'option 3

"Appliquer toutes les actions " en bas.

Clique sur "Enregistrer le rapport".

Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

Poste le.
0
gromik
27 avril 2007 à 15:43
voici le rapport que tu m'as demandé

merci

Logfile of HijackThis v1.99.1
Scan saved at 15:39:22, on 27/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://support.microsoft.com/en-us/help/18900/consumer-antivirus-software-providers-for-windows
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?23dfda4e96094ddeb47a15dc202808f1
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?23dfda4e96094ddeb47a15dc202808f1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0C3A5C6-113A-4C90-9FF5-33C2FE1D67A1}: NameServer = 84.103.237.145 86.64.145.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
jlp
27 avril 2007 à 15:53
tu peux scanner avec A SQUARED sinon qui est tres efficace contre les troyen:
https://www.01net.com/telecharger/
0
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206 > gromik
27 avril 2007 à 16:01
re

merci mais il manque encore le rapport d'AVG stp (je ne veux pas de A2)

0
gromik > philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009
28 avril 2007 à 10:47
bonjour,
voici le rapport demandé

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 00:05:34 28/04/2007

+ Résultat de l'analyse:



C:\Documents and Settings\david genot\Local Settings\Temp\setup.exe -> Downloader.Agent.aii : Nettoyé.
C:\Documents and Settings\david genot\Cookies\david genot@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\david genot\Cookies\david genot@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\david genot\Cookies\david genot@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and Settings\david genot\Cookies\david genot@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\david genot\Cookies\david genot@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\david genot\Cookies\david genot@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\david genot\Cookies\david genot@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\david genot\Cookies\david genot@ehg-neuftelecom.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\david genot\Cookies\david genot@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\david genot\Cookies\david genot@mediaplex[2].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\david genot\Cookies\david genot@edge.ru4[1].txt -> TrackingCookie.Ru4 : Nettoyé.
C:\Documents and Settings\david genot\Cookies\david genot@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\david genot\Cookies\david genot@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\david genot\Local Settings\Temp\0exgmi.7.exe -> Worm.Medbod : Nettoyé.


Fin du rapport


et un 2ème


---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 10:17:32 28/04/2007

+ Résultat de l'analyse:



C:\Documents and Settings\david genot\Cookies\david genot@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\david genot\Cookies\david genot@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\david genot\Cookies\david genot@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\david genot\Cookies\david genot@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and Settings\david genot\Cookies\david genot@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\david genot\Cookies\david genot@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\david genot\Cookies\david genot@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\david genot\Cookies\david genot@ehg-neuftelecom.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\david genot\Cookies\david genot@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\david genot\Cookies\david genot@edge.ru4[2].txt -> TrackingCookie.Ru4 : Nettoyé.
C:\Documents and Settings\david genot\Cookies\david genot@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\david genot\Cookies\david genot@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.


Fin du rapport
0
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206 > gromik
28 avril 2007 à 15:34
bonjour,

reposte un rapport hijackthis maintenant stp
0
Réponse 2 / 5
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
28 avril 2007 à 17:58
on continue

* Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe


* Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.

* Redémarre ton ordinateur en mode sans échec

* Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.

* Appuie sur Y pour commencer le processus de nettoyage.

Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.

* Appuie sur une touche pour redémarrer le PC.

Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.

Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum,

avec un nouveau log Hijackthis
0
gromik
28 avril 2007 à 20:47
voici le rapport SDFIX


SDFix: Version 1.80

Run by david genot - 28/04/2007 - 18:53:15,04

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\DAVIDG~1\Bureau\COMBAT~1\SDFix

Safe Mode:
Checking Services:






Modified mswsock.dll Found!

File Locations:

C:\WINDOWS\system32\mswsock.dll

Infected files:



Restoring Windows Registry Values
Restoring Windows Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\MST2E.tmp - Deleted
C:\DOCUME~1\DAVIDG~1\LOCALS~1\Temp\autorun.inf - Deleted
C:\WINDOWS\odbc.INI - Deleted
C:\WINDOWS\system\smss.exe - Deleted



Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL France"
"C:\\WINDOWS\\Temp\\NavBrowser.exe"="C:\\WINDOWS\\Temp\\NavBrowser.exe:*:Enabled:NAVBrowser"
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\1exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\1exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\88exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\88exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\56exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\56exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\51exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\51exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\49exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\49exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\36exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\36exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\43exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\43exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\4exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\4exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\98exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\98exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\92exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\92exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\28exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\28exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\19exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\19exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\70exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\70exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\59exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\59exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\9exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\9exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\6exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\6exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\69exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\69exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\76exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\76exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\7exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\7exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\38exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\38exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\82exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\82exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\17exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\17exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\27exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\27exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\89exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\89exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\86exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\86exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\97exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\97exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\72exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\72exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\95exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\95exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\96exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\96exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\15exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\15exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\75exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\75exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\21exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\21exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\91exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\91exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\84exinjs.a4.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\84exinjs.a4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\70exinjs.a5.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\70exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\57exinjs.a5.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\57exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\39exinjs.a5.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\39exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\10exinjs.a5.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\10exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\2exinjs.a5.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\2exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\58exinjs.a5.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\58exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\19exinjs.a5.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\19exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\17exinjs.a5.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\17exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\48exinjs.a5.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\48exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\49exinjs.a5.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\49exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\95exinjs.a5.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\95exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\40exinjs.a5.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\40exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\89exinjs.a5.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\89exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\98exinjs.a5.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\98exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\12exinjs.a5.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\12exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\78exinjs.a5.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\78exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\77exinjs.a5.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\77exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\54exinjs.a5.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\54exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\5exinjs.a5.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\5exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\93exinjs.a5.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\93exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\61exinjs.a5.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\61exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\3exinjs.a5.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\3exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\51exinjs.a5.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\51exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\18exinjs.a5.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\18exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\69exinjs.a5.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\69exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\15exinjs.a6.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\15exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\90exinjs.a6.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\90exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\10exinjs.a6.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\10exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\8exinjs.a6.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\8exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\70exinjs.a6.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\70exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\64exinjs.a6.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\64exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\7exinjs.a6.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\7exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\74exinjs.a6.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\74exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\78exinjs.a6.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\78exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\88exinjs.a6.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\88exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\67exinjs.a6.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\67exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\60exinjs.a6.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\60exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\37exinjs.a6.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\37exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\89exinjs.a6.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\89exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\73exinjs.a6.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\73exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\18exinjs.a6.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\18exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\75exinjs.a6.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\75exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\55exinjs.a6.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\55exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\66exinjs.a6.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\66exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\91exinjs.a6.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\91exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\82exinjs.a6.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\82exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\29exinjs.a6.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\29exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\72exinjs.a6.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\72exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\23exinjs.a6.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\23exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\45exinjs.a6.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\45exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\4exinjs.a6.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\4exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\22exinjs.a6.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\22exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\69exinjs.a6.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\69exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\98exinjs.a6.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\98exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\11exinjs.a6.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\11exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\64exinjs.a7.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\64exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\22exinjs.a7.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\22exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\34exinjs.a7.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\34exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\12exinjs.a7.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\12exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\97exinjs.a7.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\97exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\15exinjs.a7.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\15exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\75exinjs.a7.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\75exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\4exinjs.a7.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\4exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\59exinjs.a7.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\59exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\95exinjs.a7.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\95exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\11exinjs.a7.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\11exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\61exinjs.a7.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\61exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\0exinjs.a7.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\0exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\53exinjs.a7.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\53exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\54exinjs.a7.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\54exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\41exinjs.a7.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\41exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\46exinjs.a7.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\46exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\69exinjs.a7.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\69exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\67exinjs.a7.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\67exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\3exinjs.a7.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\3exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\7exinjs.a7.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\7exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\39exinjs.a7.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\39exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\84exinjs.a7.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\84exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\32exinjs.a7.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\32exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\96exinjs.a7.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\96exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\96exinjs.a8.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\96exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\91exinjs.a8.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\91exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\83exinjs.a8.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\83exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\29exinjs.a8.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\29exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\55exinjs.a8.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\55exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\23exinjs.a8.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\23exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\78exinjs.a8.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\78exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\64exinjs.a8.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\64exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\68exinjs.a8.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\68exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\13exinjs.a8.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\13exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\56exinjs.a8.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\56exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\94exinjs.a8.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\94exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\14exinjs.a8.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\14exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\26exinjs.a8.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\26exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\40exinjs.a8.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\40exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\43exinjs.a8.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\43exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\67exinjs.a8.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\67exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\75exinjs.a8.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\75exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\92exinjs.a8.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\92exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\21exinjs.a8.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\21exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\70exinjs.a8.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\70exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\63exinjs.a8.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\63exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\65exinjs.a8.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\65exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\9exinjs.a8.exe"="C:\\DOCUME~1\\DAVIDG~1\\LOCALS~1\\Temp\\9exinjs.a8.exe:*:Enabled:Microsoft Update"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\DAVIDG~1\Bureau\COMBAT~1\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:


Finished
et l'autre rapport

Logfile of HijackThis v1.99.1
Scan saved at 20:46:10, on 28/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://support.microsoft.com/en-us/help/18900/consumer-antivirus-software-providers-for-windows
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?23dfda4e96094ddeb47a15dc202808f1
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?23dfda4e96094ddeb47a15dc202808f1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0C3A5C6-113A-4C90-9FF5-33C2FE1D67A1}: NameServer = 86.64.145.142 84.103.237.142
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

merci encore
0
Réponse 3 / 5
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
28 avril 2007 à 21:39
re

* Fait un scan antivirus en ligne Panda et copie colle le résultat ici
https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/fr/activescan_principal.htm

* tuto en image
https://forum.pcastuces.com/default.asp#haut

à la lettre T

0
gromik
29 avril 2007 à 00:29
voici le post :


Incident Statut Analyse

Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\david genot\Bureau\combattre les virus\SDFix\apps\Process.exe
Virus:Trj/Rizalof.AAZ Désinfecté C:\Documents and Settings\david genot\Bureau\combattre les virus\SDFix\backups\backups.zip[backups/smss.exe]
Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\david genot\Bureau\combattre les virus\SDFix.exe[SDFix\apps\Process.exe]
Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\david genot\Cookies\david genot@247realmedia[1].txt
Spyware:Cookie/2o7 No Désinfecté C:\Documents and Settings\david genot\Cookies\david genot@2o7[1].txt
Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\david genot\Cookies\david genot@advertising[1].txt
Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\david genot\Cookies\david genot@atdmt[2].txt
Spyware:Cookie/Atwola No Désinfecté C:\Documents and Settings\david genot\Cookies\david genot@atwola[1].txt
Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\david genot\Cookies\david genot@doubleclick[2].txt
Spyware:Cookie/Hitbox No Désinfecté C:\Documents and Settings\david genot\Cookies\david genot@hitbox[1].txt
Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\david genot\Cookies\david genot@mediaplex[2].txt
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\david genot\Cookies\david genot@weborama[2].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\david genot\Cookies\david genot@xiti[1].txt
Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\david genot\Temporary Internet Files\Content.IE5\GHAV81MJ\SDFix[2].exe[SDFix\apps\Process.exe]
Outil indésirable:Application/Processor No Désinfecté C:\SDFix\apps\Process.exe
0
Réponse 4 / 5
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
29 avril 2007 à 00:31
re

as tu encore des soucis avec ton pc ?

0
gromik
29 avril 2007 à 12:10
Merci encore pour tout,
apparement je n'ai plus de soucis, heureusement que tu es là car je n'aurai jamais su quoi faire.
Dois je garder les logiciels que tu m'as fait télécharger et refaire les mêmes opérations en cas de problèmes.
Bon dimanche
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
29 avril 2007 à 18:25
bonjour,

maintenant tu vas pouvoir faire ceci :



* Tu peux supprimer tous les logiciels que nous avons utilisés (Type: SmitFraufix, Blacklight, SDFix, ect.....)
qui traitent des infections spécifiques et qui sont mis à jour réguliérement.
Tu peux par contre, garder AVG antispyware et CCleaner.

* démarrer-----------panneau de configuration------------système----------
onglet Restauration système-----------coche la case (Désactiver la restauration système)--------------
redémarre l'ordinateur
réactive la ensuite

* Pour améliorer la sécurité de ton PC prend quelques instants pour lire

CECI

* Dénonce ton infection pour faire condamner les auteurs.
Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être les plus nombreux possibles, alors rends compte de ton infection :

- Voir les règles du forum : https://malwarecomplaints.info/
- Après t'être enregistré à l'aide du bouton en haut se nommant "Register"
Si tu as plus de 13 ans, choisir : "I Agree to these terms and am over or exactly 13 years of age"
Si tu as moins, clique sur : "I Agree to these terms and am under 13 years of age"

Tu as alors sous forme de liste un sujet par type d'infection (Look2Me, Smitfraud, SpywareQuake etc..).
La tienne = ******

---> https://malwarecomplaints.info/

Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas par quoi tu étais infecté(e), crée un message dans le sujet Autres infections
conforme au règle du forum (age, ville, département etc..)

Indique aussi le nom du Forum qui t'a aidé, <grad>CommentCaMarche</gras>



* met ton sujet en RESOLU stp, merci.


bonne fin de journée
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Voxbone ? qui est-ce ?
fanfan54 -
djakool4 -

158 réponses
svp 32Gb est il egal a 32Go??
William Fernand -
nemrod18 -

3 réponses