[Virus] svchost.exe s'énerve (et m'énerve)

croupier Messages postés 4 Statut Membre -  
raleuboleu Messages postés 5028 Statut Membre -
Bonjour, depuis 1-2 mois, chaque fois que je démarre mon ordi j'ai svchost.exe qui se met à 100% d'usage de CPU pour plusieurs minutes. Aussi, il arrive que des heures après démarrage, svchost.exe se remette à prendre 100% de CPu pendant plusieurs minutes.

J'ai fait un scan avec AVG Anti-Virus et il a trouvé un virus appellé "Trojan horse Dropper.Generic.FFZ" dans le fichier D:\Program Files\eMule\Incoming\Ringtone Creator 2.4.032 crack.rar:\crack.exe. AVG l'a supprimé, mais je me souviens très bien avoir executé ce fichier il y a justement 1-2 mois!!

J'ai suivi à la lettre la méthode suivante:
virus methode preliminaire de desinfection version fr

et voici les résultats.

AVG Anti-Spyware me donne ça:
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 18:41:45 2007-05-10

+ Résultat de l'analyse:

:mozilla.16:C:\Documents and Settings\Ägaren\Application Data\Mozilla\Firefox\Profiles\71xsgjtz.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.

Fin du rapport

----------------------------------------------------

J'ai fait le scanner en ligne de BitDefender et après quelques heures de scan ça disait 0 virus trouvés. Par erreur, je n'ai pas sauvé le rapport, mais croyez-moi sur parole que ça disait genre 900 000 fichiers scannés et 0 virus trouvés.

----------------------------------------------------

HiJackThis:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 00:51:53, on 2007-05-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Grisoft\AVG7\avgamsvr.exe
C:\Program\Grisoft\AVG7\avgupsvc.exe
C:\Program\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program\DU Meter\DUMeter.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Program\CyberLink\PowerDVD\PDVDServ.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Delade filer\PCSuite\DataLayer\DataLayer.exe
C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\PC Connectivity Solution\ServiceLayer.exe
C:\Program\Grisoft\AVG7\avgcc.exe
C:\Program\Druide\Antidote\Gestionnaire Antidote.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\SmsDiscount.com\SmsDiscount\SmsDiscount.exe
C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\Program\Google\Web Accelerator\googlewebaccclient.exe
C:\Program\Informatics\TypOmeter\TypOmeter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ägaren\Skrivbord\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program\FlashFXP\IEFlash.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [DU Meter] C:\Program\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AtiPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program\Delade filer\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SmsDiscount] "C:\Program\SmsDiscount.com\SmsDiscount\SmsDiscount.exe" -nosplash -minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Genväg till TypOmeter.lnk = C:\Program\Informatics\TypOmeter\TypOmeter.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{98C53A42-E86D-404C-9E14-FFA37965575B}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Program\Google\WEBACC~1\FASTSE~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8145 bytes

------------------------------------------------

Si quelqu'un peut m'aider, je vous en remercie beaucoup!

Croupier
Configuration: Windows XP
Firefox 1.5.0.11

12 réponses

  1. raleuboleu Messages postés 5028 Statut Membre 79
     
    salut

    en premier temps coche cette ligne sur hijack :

    O20 - AppInit_DLLs: C:\Program\Google\WEBACC~1\FASTSE~1.DLL

    ensuite fix cheked

    de plus fais 1 petit nettoyage via Ccleaner ici :

    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

    de suite fais 1 scan via AVG , ici :

    http://www.websiteburo.com/spip.php?article420

    Télécharger et scanner son PC avec AVG anti-spyware
    Copier/coller le rapport entier sur le forum.

    Remarque : Une fois l'analyse terminée, il faut faire un clique droit sur un fichier infecté et demander à "AVG Anti-Spyware 7.5" de le supprimer.
    Puis cliquer sur "Appliquer toutes les actions" afin de tout supprimer automatiquement :)

    un scan en ligne peut t'aider tu peuc tenter ceci :

    https://www.bitdefender.com/toolbox/

    exelllent mais ne marche que sur internet explo pas sur firefox

    postes touts rapport et + 1 nouveau log hijack apres tout cela

    wep courrage et bizoux
    0
  2. croupier Messages postés 4 Statut Membre
     
    Premièrement merci pour ton aide.

    Sauf que cette ligne que tu me demandes d'enlever n'est pas un virus/spyware/malware, c'est Google WebAccelerator donc je n'ai pas d'intérêt de l'enlever.

    Deuxièmement, tout ce que tu me demandes de faire je l'ai déjà fait...?
    0
  3. Utilisateur anonyme
     
    (Attention aux erreurs, vérifiez avant de fixer, de plus fixer sans supprimer ne sert à pas grand chose si ce n'est pas pour dire, à rien.)

    ---
    Bonjour

    Il va falloir installer un pare-feu car celui de Windows ne sert à rien.

    Désactive le pare-feu de Windows(SP2) il ne sert à rien puis installe celui ci pour plus de sécurité

    Kerio (pare-feu) : reste gratuit après la période d'essai en français
    ----> http://www.infos-du-net.com/telecharger/Firewall-Kerio-Personal,0301-390.html

    Regarde ce tutoriel si tu as besoin d'aide pour l'installation et la configuration de Kerio
    --> https://kerio.probb.fr/t250-tuto-sunbelt-personal-firewall-4-6

    Plus d'info :
    ->https://kerio.probb.fr/

    Ensuite :

    Télécharge ComboScan sur ton Bureau.
    ---> http://www.techsupportforum.com/sectools/Deckard/dss.exe
    Ferme toutes les applications en cours ; antivirus, pare-feu, etc ..
    Double-clic sur comboscan.exe A la fenêtre qui s'affiche, clic sur OK.
    Soit patient ..
    Le rapport Comboscan.txt s'affichera, copie et colle le contenu de ce fichier ici.
    0
  4. croupier Messages postés 4 Statut Membre
     
    Voila le résultat de ComboScan:

    Deckard's System Scanner v20070426.43
    Run by Ägaren on 2007-05-11 at 15:18:58
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Failed to create restore point; System Restore is disabled (service is not running).

    -- Last 5 Restore Point(s) --
    11: 2007-05-11 01:15:00 UTC - RP289 - Systemkontrollpunkt
    10: 2007-05-09 09:23:25 UTC - RP288 - Systemkontrollpunkt
    9: 2007-05-06 17:35:45 UTC - RP287 - Systemkontrollpunkt
    8: 2007-05-05 10:35:50 UTC - RP286 - Removed Google Web Accelerator
    7: 2007-05-05 10:30:27 UTC - RP285 - Installed Google Web Accelerator

    -- First Restore Point --
    1: 2007-05-02 08:07:28 UTC - RP279 - Systemkontrollpunkt

    Backed up registry hives.

    Performed disk cleanup.

    -- HijackThis (run as Ägaren.exe) ----------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 15:22:50, on 2007-05-11
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program\Grisoft\AVG7\avgamsvr.exe
    C:\Program\Grisoft\AVG7\avgupsvc.exe
    C:\Program\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program\DU Meter\DUMeter.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program\DAEMON Tools\daemon.exe
    C:\Program\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program\Synaptics\SynTP\SynTPLpr.exe
    C:\Program\Synaptics\SynTP\SynTPEnh.exe
    C:\Program\QuickTime\qttask.exe
    C:\Program\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program\Delade filer\PCSuite\DataLayer\DataLayer.exe
    C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program\Picasa2\PicasaMediaDetector.exe
    C:\Program\Druide\Antidote\Gestionnaire Antidote.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program\SmsDiscount.com\SmsDiscount\SmsDiscount.exe
    C:\Program\Google\Web Accelerator\GoogleWebAccWarden.exe
    C:\Program\U.S. Robotics 802.11g WLAN\USRWLANG.exe
    C:\Program\PC Connectivity Solution\ServiceLayer.exe
    C:\Program\Informatics\TypOmeter\TypOmeter.exe
    C:\Program\Google\Web Accelerator\googlewebaccclient.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Documents and Settings\Ägaren\Skrivbord\dss.exe
    C:\Program\HIJACK~1\Ägaren.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program\FlashFXP\IEFlash.dll
    O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O4 - HKLM\..\Run: [DU Meter] C:\Program\DU Meter\DUMeter.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AtiPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [DataLayer] C:\Program\Delade filer\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program\Druide\Antidote\Gestionnaire Antidote.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SmsDiscount] "C:\Program\SmsDiscount.com\SmsDiscount\SmsDiscount.exe" -nosplash -minimized
    O4 - Startup: Genväg till TypOmeter.lnk = C:\Program\Informatics\TypOmeter\TypOmeter.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program\Google\Web Accelerator\GoogleWebAccWarden.exe
    O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - https://www.appdirect.com/products/apphelp/
    O17 - HKLM\System\CCS\Services\Tcpip\..\{98C53A42-E86D-404C-9E14-FFA37965575B}: NameServer = 192.168.0.1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\Program\Google\WEBACC~1\FASTSE~1.DLL
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe

    -- HijackThis Fixed Entries (C:\Program\HIJACK~1\backups\) ---------------------

    backup-20060705-223507-234 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    backup-20060705-223507-269 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    backup-20060705-223507-530 O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared files\RichVideo.exe
    backup-20060705-223507-706 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
    backup-20060705-223507-794 O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program\MATLAB71\webserver\bin\win32\matlabserver.exe
    backup-20060705-223507-985 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
    backup-20060705-223517-977 O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program\MATLAB71\webserver\bin\win32\matlabserver.exe
    backup-20060705-223535-921 O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program\MATLAB71\webserver\bin\win32\matlabserver.exe

    -- File Associations -----------------------------------------------------------

    [COLOR=red].reg - Regedit.Document - DefaultIcon - unable to read value[/COLOR]
    [COLOR=red].reg - Regedit.Document - shell\open\command - unable to read value[/COLOR]
    [COLOR=red].reg - Regedit.Document - shell\edit\command - unable to read value[/COLOR]

    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
    R3 USR11G (U.S. Robotics 802.11g Wireless Turbo Adapter) - c:\windows\system32\drivers\usr11g.sys <Not Verified; U.S. Robotics; U.S. Robotics 802.11g Wireless Turbo Adapter>

    S3 Bcim (Bandwidth Controller kernel component) - c:\windows\system32\drivers\bcim.sys (file missing)
    S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
    S3 SoC PC-Camera Service (CANYON CN-WCAM21 PC-Camera) - c:\windows\system32\drivers\pfc027.sys (file missing)

    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
    R3 ServiceLayer - "c:\program\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

    S3 MSSQL$SONY_MEDIAMGR - c:\program\sony\shared plug-ins\media manager\mssql$sony_mediamgr\binn\sqlservr.exe -ssony_mediamgr <Not Verified; Microsoft Corporation; Microsoft SQL Server>
    S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program\winpcap\rpcapd.exe" -d -f "c:\program\winpcap\rpcapd.ini" <Not Verified; CACE Technologies; Remote Packet Capture Daemon>
    S3 SQLAgent$SONY_MEDIAMGR - c:\program\sony\shared plug-ins\media manager\mssql$sony_mediamgr\binn\sqlagent.exe -i sony_mediamgr <Not Verified; Microsoft Corporation; Microsoft SQL Server>

    -- Files created between 2007-04-11 and 2007-05-11 -----------------------------

    2007-05-11 10:07:52 0 d-------- C:\WINDOWS\LastGood
    2007-05-11 10:05:02 0 d-------- C:\csscod
    2007-05-10 12:53:20 0 dr-h----- C:\Documents and Settings\Ägaren\Recent
    2007-05-10 10:00:43 0 d-------- C:\Program\CCleaner
    2007-05-10 09:52:45 0 d-------- C:\WINDOWS\BDOSCAN8
    2007-05-09 16:12:05 0 d-------- C:\Documents and Settings\Ägaren\Application Data\AVG7
    2007-05-09 16:11:50 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2007-05-09 16:11:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-05-09 16:11:30 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2007-05-09 15:18:48 0 d-------- C:\Documents and Settings\Ägaren\.housecall6.6
    2007-05-04 23:53:32 0 d-------- C:\Program\Paragon Software
    2007-05-04 16:16:01 0 d-------- C:\Program\Google Video
    2007-05-03 19:32:08 0 d-------- C:\Documents and Settings\Ägaren\Application Data\SopCast
    2007-05-03 19:32:06 0 d-------- C:\Program\SopCast
    2007-05-03 13:22:27 0 d-------- C:\Program\TVUPlayer
    2007-05-03 12:55:59 0 d-------- C:\Program\mIRC
    2007-04-28 15:17:55 838144 --a------ C:\WINDOWS\system32\chtbrkr.dll <Not Verified; Microsoft Corporation; Microsoft Traditional Chinese Word Breaker>
    2007-04-28 15:17:55 1677824 --a------ C:\WINDOWS\system32\chsbrkr.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows(R)>
    2007-04-28 15:17:54 70656 --a------ C:\WINDOWS\system32\korwbrkr.dll <Not Verified; Microsoft Corporation; Korean WordBreaker>
    2007-04-28 15:17:53 98304 --a------ C:\WINDOWS\system32\msir3jp.dll <Not Verified; Microsoft Corporation; Natural Language Components>
    2007-04-28 15:17:36 218112 --a------ C:\WINDOWS\system32\c_g18030.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-04-28 15:17:25 7168 --a------ C:\WINDOWS\system32\f3ahvoas.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-04-28 15:17:02 6656 --a------ C:\WINDOWS\system32\c_is2022.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-04-28 15:16:46 811064 --a------ C:\WINDOWS\system32\imjp81k.dll <Not Verified; Microsoft Corporation; Microsoft IME 2002>
    2007-04-28 15:15:57 185344 --a------ C:\WINDOWS\system32\Thawbrkr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-04-28 15:15:56 5632 -ra------ C:\WINDOWS\system32\kbdintel.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-04-28 15:15:56 5632 -ra------ C:\WINDOWS\system32\kbdinkan.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-04-28 15:15:56 5632 -ra------ C:\WINDOWS\system32\kbdinguj.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-04-28 15:15:55 6144 -ra------ C:\WINDOWS\system32\kbdinpun.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-04-28 15:15:55 5632 -ra------ C:\WINDOWS\system32\kbdinmar.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-04-28 15:15:55 5632 -ra------ C:\WINDOWS\system32\kbdinhin.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-04-28 15:15:54 5632 -ra------ C:\WINDOWS\system32\kbdintam.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-04-28 15:15:54 5632 -ra------ C:\WINDOWS\system32\kbdindev.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-04-28 15:15:53 10752 --a------ C:\WINDOWS\system32\c_iscii.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-04-28 15:15:51 5632 -ra------ C:\WINDOWS\system32\kbdurdu.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-04-28 15:15:51 5632 -ra------ C:\WINDOWS\system32\kbdsyr2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-04-28 15:15:51 5632 -ra------ C:\WINDOWS\system32\kbdsyr1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-04-28 15:15:51 5632 -ra------ C:\WINDOWS\system32\kbddiv2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-04-28 15:15:51 5632 -ra------ C:\WINDOWS\system32\kbddiv1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-04-28 15:15:50 5632 -ra------ C:\WINDOWS\system32\kbdfa.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-04-28 15:15:49 5632 -ra------ C:\WINDOWS\system32\kbda3.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-04-28 15:15:49 5632 -ra------ C:\WINDOWS\system32\kbda2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-04-28 15:15:49 5632 -ra------ C:\WINDOWS\system32\kbda1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-04-28 15:15:45 5632 -ra------ C:\WINDOWS\system32\kbdheb.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-04-28 15:15:42 6144 -ra------ C:\WINDOWS\system32\kbdth3.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-04-28 15:15:42 6144 -ra------ C:\WINDOWS\system32\kbdth2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-04-28 15:15:42 5632 -ra------ C:\WINDOWS\system32\kbdth1.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-04-28 15:15:42 5632 -ra------ C:\WINDOWS\system32\kbdth0.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-04-28 15:15:41 6144 --a------ C:\WINDOWS\system32\ftlx041e.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-04-28 14:48:40 0 d-------- C:\WINDOWS\system32\cache
    2007-04-28 14:48:36 0 d-------- C:\Documents and Settings\Ägaren\Application Data\ppstream
    2007-04-26 22:25:58 0 d-------- C:\Documents and Settings\Ägaren\Application Data\TVU Networks
    2007-04-25 20:03:30 0 d-------- C:\Documents and Settings\Ägaren\Application Data\SmsDiscount
    2007-04-25 20:02:23 0 d-------- C:\Program\SmsDiscount.com
    2007-04-24 16:25:04 0 d-------- C:\Program\Delade filer\Skype
    2007-04-19 15:46:21 0 d-------- C:\~QTWTMP.TMP

    -- Find3M Report ---------------------------------------------------------------

    2007-05-11 09:30:06 4241 --a------ C:\Documents and Settings\Ägaren\Application Data\.googlewebacchosts
    2007-05-10 18:42:46 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Skype
    2007-05-10 16:21:02 0 d-------- C:\Documents and Settings\Ägaren\Application Data\uTorrent
    2007-05-05 12:30:31 0 d-------- C:\Program\Google
    2007-05-04 23:53:32 0 d--h----- C:\Program\InstallShield Installation Information
    2007-05-03 14:51:03 376 --a------ C:\Documents and Settings\Ägaren\Application Data\AutoGK.ini
    2007-04-29 00:35:12 0 d-------- C:\Documents and Settings\Ägaren\Application Data\SSH
    2007-04-29 00:04:56 426010 --a------ C:\WINDOWS\system32\perfh01D.dat
    2007-04-29 00:04:56 83450 --a------ C:\WINDOWS\system32\perfc01D.dat
    2007-04-26 09:40:06 0 d-------- C:\Program\Delade filer
    2007-04-24 16:25:04 0 d-------- C:\Program\Skype
    2007-04-19 17:07:17 0 d-------- C:\Program\Java
    2007-04-10 10:28:21 0 d-------- C:\Program\Xming
    2007-04-10 10:27:26 0 d-------- C:\Program\TLI
    2007-04-06 08:55:27 0 d-------- C:\Program\Delade filer\Microsoft Shared
    2007-04-06 08:55:26 0 d-------- C:\Program\Delade filer\DESIGNER
    2007-04-06 08:52:39 0 d-------- C:\Program\Publicación en Web
    2007-04-02 01:19:22 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Ethereal
    2007-04-02 01:01:54 25360 --a------ C:\netstat.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
    2007-04-02 01:00:59 0 d-------- C:\Program\Ethereal
    2007-04-02 01:00:35 0 d-------- C:\Program\WinPcap
    2007-04-01 21:07:20 0 d-------- C:\Program\Picasa2
    2007-04-01 19:09:19 0 d-------- C:\Program\Octoshape Streaming Services
    2007-04-01 10:31:47 0 d-------- C:\Program\URUSoft
    2007-04-01 10:23:57 0 d-------- C:\Program\Freecorp
    2007-03-29 22:29:02 0 d-------- C:\Program\Ringtone Creator
    2007-03-28 23:21:31 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Ringtone
    2007-03-28 22:01:39 0 d-------- C:\Documents and Settings\Ägaren\Application Data\PC Suite
    2007-03-28 22:00:31 0 d-------- C:\Program\Delade filer\PCSuite
    2007-03-28 22:00:27 0 d-------- C:\Program\Delade filer\Nokia
    2007-03-28 22:00:26 0 d-------- C:\Program\Nokia
    2007-03-28 21:33:47 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Nokia
    2007-03-28 21:32:32 0 d-------- C:\Program\DIFX
    2007-03-28 21:32:02 0 d-------- C:\Program\PC Connectivity Solution
    2007-03-28 21:27:32 0 d-------- C:\Program\Coding Workshop Ringtone Converter
    2007-03-28 21:26:31 0 d--h----- C:\Program\Zero G Registry
    2007-03-28 21:26:27 0 d-------- C:\Program\Vstplugins
    2007-03-28 17:09:03 0 d-------- C:\Program\MobiMB Mobile Media Browser
    2007-03-28 17:09:03 0 d-------- C:\Program\Delade filer\LogoManager
    2007-03-28 01:56:41 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Unwiredtec
    2007-03-27 12:25:08 155648 --a------ C:\WINDOWS\system32\WMIMPLEX.dll
    2007-03-27 12:25:08 36864 --a------ C:\WINDOWS\system32\maplec.dll
    2007-03-21 20:55:53 0 d-------- C:\Program\IrfanView
    2007-03-21 11:18:02 0 d-------- C:\Program\SSH Communications Security
    2007-03-20 10:59:44 0 d-------- C:\Program\PuTTY
    2007-03-17 12:35:57 0 d-------- C:\Program\Teamspeak2_RC2
    2007-02-21 01:19:00 1024 --a------ C:\WINDOWS\system32\pwdremover.dat

    -- Registry Dump ---------------------------------------------------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {69A87B7D-DE56-4136-9655-716BA50C19C7} C:\Program\Google\Web Accelerator\GoogleWebAccToolbar.dll
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program\Java\jre1.6.0_01\bin\ssv.dll
    {E5A1691B-D188-4419-AD02-90002030B8EE} C:\Program\FlashFXP\IEFlash.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "DU Meter"="C:\\Program\\DU Meter\\DUMeter.exe"
    "DAEMON Tools"="\"C:\\Program\\DAEMON Tools\\daemon.exe\" -lang 1033"
    "RemoteControl"="C:\\Program\\CyberLink\\PowerDVD\\PDVDServ.exe"
    "SynTPLpr"="C:\\Program\\Synaptics\\SynTP\\SynTPLpr.exe"
    "SynTPEnh"="C:\\Program\\Synaptics\\SynTP\\SynTPEnh.exe"
    "QuickTime Task"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"
    "SunJavaUpdateSched"="\"C:\\Program\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
    "CARPService"="carpserv.exe"
    "NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "AtiPTA"="C:\\Program\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
    "ATIModeChange"="Ati2mdxx.exe"
    "DataLayer"="C:\\Program\\Delade filer\\PCSuite\\DataLayer\\DataLayer.exe"
    "PCSuiteTrayApplication"="C:\\Program\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -onlytray"
    "Picasa Media Detector"="C:\\Program\\Picasa2\\PicasaMediaDetector.exe"
    "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
    "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
    "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
    "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
    "AVG7_CC"="C:\\Program\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "Gestionnaire Antidote.exe"="C:\\Program\\Druide\\Antidote\\Gestionnaire Antidote.exe"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "SmsDiscount"="\"C:\\Program\\SmsDiscount.com\\SmsDiscount\\SmsDiscount.exe\" -nosplash -minimized"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoCDBurning"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "appinit_dlls"="C:\Program\Google\WEBACC~1\FASTSE~1.DLL"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Authentication Packages REG_MULTI_SZ msv1_0\0\0
    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
    Notification Packages REG_MULTI_SZ scecli\0\0

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

    -- Hosts -----------------------------------------------------------------------

    192.168.0.1 router #PRE

    -- End of Deckard's System Scanner: finished at 2007-05-11 at 15:23:38 ---------
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    J'ai l'impression d'écrire pour rien parfois ..
    0
  7. raleuboleu Messages postés 5028 Statut Membre 79
     
    salut

    aie , pour moi que tu dis ça Boulepate?

    bizoux
    0
  8. croupier Messages postés 4 Statut Membre
     
    boulepate62 je comprends pourquoi tu dis ça, c'est parce que je n'ai pas installé le firewall, mais j'ai pas besoin de firewall car je suis derrière un NAT et de toutes façons je ne cherche pas à me protéger, je suis déjà infecté et je cherche à me débarasser du virus.

    Merci quand même de ton aide.
    0
  9. raleuboleu Messages postés 5028 Statut Membre 79
     
    bonsoir a toi

    si il te faut 1 parefeu adequat avec ton antivirus

    maintenant c'est toi qui voit mais tous le monde te le dis alors ca ne coute rien de tenter ! nan?

    bizz
    0
  10. Utilisateur anonyme
     
    raleuboleu (vendredi 11 mai 2007 à 20:39:28)

    salut

    aie , pour moi que tu dis ça Boulepate?

    bizoux

    Pas du tout mais pour l'autre personne ;-)
    0
  11. raleuboleu Messages postés 5028 Statut Membre 79
     
    looool boulepates mais oui 1 parefeu on le sais il doit y etre merci

    bizouxx
    0
  12. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    et de toutes façons je ne cherche pas à me protéger, je suis déjà infecté et je cherche à me débarasser du virus

    Tu vois Boule rien que pour des réponses comme celle là, moi je lache l'affaire !

    0
  13. raleuboleu Messages postés 5028 Statut Membre 79
     
    saluuuuuuuuuuuuuuuuuuuuuuuuuuut

    ben oui je sais bien je sais mais j'aimerais qu'il change d'avis mais bon vais pas me prendre la tete oula looool^^

    bizoux
    0