j'ai un virus aidez moi Résolu/Fermé

Question

Bonjour, voila depuis un petit moment j'ai des pay per click automatique qui apparaissent. en effet lorsque que je clique sur un lien google, de temp en ttemp j'arrive sur des site comme emule ou des site porno et je pense que j'ai un virus meme si adware et nod 32 n'ont rien trouver. donc je voudrait utiliser hijackthis mais je ne sait pas comment lire le rapport tenez le voici.
merci d'avance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:55, on 05/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset
od32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Eset
od32kui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
C:\Program Files\heho\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\KiweeIEToolbar.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\KiweeIEToolbar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - (no file)
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\KiweeIEToolbar.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
od32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [wininet.dll] regperf.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BAE3503-DF3F-471B-834C-4345A363CC83}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Ati4801vpkt - ATI Technologies Inc. - (no file)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset
od32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

jlpjlp · Answer

slt
pour ad aware il te faudra mettre la version 2008

_____________


Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau. 
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe 
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici : 
• Redémarre ton ordinateur 
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde). 
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître. 
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée". 
• Choisis ton compte. 
Déroule la liste des instructions ci-dessous : 
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script. 
• Appuie sur Y pour commencer le processus de nettoyage. 
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer. 
• Appuie sur une touche pour redémarrer le PC. 
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers. 
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished. 
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau. 
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt. 
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum


____________

Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe 
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau. 
Ensuite double clique sur navilog1.exe pour lancer l'installation. 
Une fois l'installation terminée, le fix s'exécutera automatiquement. 
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau). 

Laisse-toi guider. Au menu principal, choisis 1 et valides. 
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord) 

Patiente jusqu'au message : 
*** Analyse Termine le ..... *** 
Appuie sur une touche comme demandé, le blocnote va s'ouvrir. 
Copie-colle l'intégralité dans une réponse. Referme le blocnote. 
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

zorinho · Answer

Attention, je lis que tu as ESET Smart Security ET Symantec.

Tu devrais supprimer l'un des deux, idéalement Symantec.

Zor

bibortino · Answer

j croi k t besoin de anti spyware pas de antivir ok

juilie · Answer

voila le rapport ca a été plutot long je trouve


[b]SDFix: Version 1.187 [/b]
Run by Thomas on 05/06/2008 at 10:56

Microsoft Windows XP [version 5.1.2600]
Running From: C:\Documents and Settings\Thomas\Bureau\sdfix\SDFix

[b]Checking Services [/b]:

[b]Name [/b]: 
PowerManager

[b]Path [/b]:
"" 

PowerManager - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files [/b]: 

Trojan Files Found:

C:\Documents and Settings\Thomas\Application Data\Install.dat - Deleted
C:\WINDOWS\system\smss.exe  - Deleted
C:\WINDOWS\system32\kr_done1  - Deleted
C:\WINDOWS\system32\svcp.csv  - Deleted
C:\WINDOWS\system32\vx.tll  - Deleted
C:\WINDOWS\system32\winsub.xml  - Deleted





Removing Temp Files

[b]ADS Check [/b]:
 


                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 11:24:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:59cb5902
"s2"=dword:f4d318d3

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install\VxDs]
"CTE_32 Name"="2454536:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Install]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Install\xga-1-{89C7406E-D4E8-B51F-B619-1A479724876C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Install\xga-1-{89C7406E-D4E8-B51F-B619-1A479724876C}\Version 1.1]
"dat"="806585365:{DF69F141-5EDE-2CF6-65D4-37D113C1D048}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{6B35B4E0-AC57-039C-B844-2AEFC0D00AA2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{6B35B4E0-AC57-039C-B844-2AEFC0D00AA2}\Install]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{6B35B4E0-AC57-039C-B844-2AEFC0D00AA2}\Install\xga-1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{6B35B4E0-AC57-039C-B844-2AEFC0D00AA2}\Install\xga-1\dat]
"default"="516231179:{D770A90D-0E21-4186-3968-B7F8B0AAC98C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX\Current]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX\Current\Install]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX\Current\Install\xga-1-{89C7406E-D4E8-B51F-B619-1A479724876C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX\Current\Install\xga-1-{89C7406E-D4E8-B51F-B619-1A479724876C}\Version 3.x]
"dat"="1767914624:{01F5A309-9C2F-C473-3149-1474E2988430}"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\lxcgcoms.exe"="C:\WINDOWS\system32\lxcgcoms.exe:*:Enabled:2300 Series"
"C:\Program Files\Morpheus\Morpheus.exe"="C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:M5Shell"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Mercora\MercoraClient.exe"="C:\Program Files\Mercora\MercoraClient.exe:*:Enabled:Mercora IM Radio Client"
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe"="C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
"C:\Program Files\Mozilla Firefox\updater.exe"="C:\Program Files\Mozilla Firefox\updater.exe:*:Enabled:updater"
"C:\Program Files\Mozilla Firefox\xpicleanup.exe"="C:\Program Files\Mozilla Firefox\xpicleanup.exe:*:Enabled:xpicleanup"
"C:\Program Files\Securitoo\av_fw\backweb\8520111\Program\fspex.exe"="C:\Program Files\Securitoo\av_fw\backweb\8520111\Program\fspex.exe:*:Enabled:fspex"
"C:\Program Files\MumboJumbo\Luxor AR\luxorAR.exe"="C:\Program Files\MumboJumbo\Luxor AR\luxorAR.exe:*:Enabled:Luxor: Amun Rising"
"C:\Program Files\Spyware Doctor\swdoctor.exe"="C:\Program Files\Spyware Doctor\swdoctor.exe:*:Enabled:Spyware Doctor"
"C:\Program Files\Dofus\Dofus.exe"="C:\Program Files\Dofus\Dofus.exe:*:Enabled:Dofus"
"C:\Program Files\Codemasters\Heroes of the Pacific\Heroes.exe"="C:\Program Files\Codemasters\Heroes of the Pacific\Heroes.exe:*:Enabled:Heroes Of The Pacific"
"C:\Documents and Settings\Thomas\Bureau\MercoraClient_Web_4.0.0.0.exe"="C:\Documents and Settings\Thomas\Bureau\MercoraClient_Web_4.0.0.0.exe:*:Enabled:MercoraClient_Web_4.0.0.0"
"C:\Documents and Settings\Thomas\Bureau\MercoraWindows5.1.0.110_4014_.exe"="C:\Documents and Settings\Thomas\Bureau\MercoraWindows5.1.0.110_4014_.exe:*:Enabled:MercoraWindows5.1.0.110_4014_"
"C:\Program Files\Java\jre1.5.0_06\bin\javaws.exe"="C:\Program Files\Java\jre1.5.0_06\bin\javaws.exe:*:Enabled:javaws"
"C:\Program Files\Java\jre1.5.0_06\bin\javacpl.exe"="C:\Program Files\Java\jre1.5.0_06\bin\javacpl.exe:*:Enabled:javacpl"
"C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe"="C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe:*:Enabled:jucheck"
"C:\Program Files\Java\jre1.5.0_06\bin\java.exe"="C:\Program Files\Java\jre1.5.0_06\bin\java.exe:*:Enabled:java"
"C:\Program Files\Java\j2re1.4.0_03\bin\java.exe"="C:\Program Files\Java\j2re1.4.0_03\bin\java.exe:*:Enabled:java"
"C:\Program Files\Java\j2re1.4.0_03\bin\jinstall.exe"="C:\Program Files\Java\j2re1.4.0_03\bin\jinstall.exe:*:Enabled:jinstall"
"C:\Program Files\Java\j2re1.4.0_03\bin\keytool.exe"="C:\Program Files\Java\j2re1.4.0_03\bin\keytool.exe:*:Enabled:keytool"
"C:\Program Files\Nvu\nvu.exe"="C:\Program Files\Nvu\nvu.exe:*:Enabled:Nvu"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\eMule1\eMule.exe"="C:\Program Files\eMule1\eMule.exe:*:Enabled:eMule Plus"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Real\RealPlayer\realjbox.exe"="C:\Program Files\Real\RealPlayer\realjbox.exe:*:Enabled:realjbox"
"C:\Program Files\Real\RealPlayer\rphelperapp.exe"="C:\Program Files\Real\RealPlayer\rphelperapp.exe:*:Enabled:rphelperapp"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:firefox"
"C:\Program Files\heho\firefox.exe"="C:\Program Files\heho\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\heho\updater.exe"="C:\Program Files\heho\updater.exe:*:Enabled:updater"
"C:\Program Files\TRELLIAN\SubmitWolf\submitwolf.exe"="C:\Program Files\TRELLIAN\SubmitWolf\submitwolf.exe:*:Enabled:SubmitWolf v4.0"
"C:\Program Files\AgentWebRanking Business\AgentWebRanking.exe"="C:\Program Files\AgentWebRanking Business\AgentWebRanking.exe:*:Enabled:AgentWebRanking"
"C:\Program Files\Alias\Maya 7.0 Personal Learning Edition\bin\maya.exe"="C:\Program Files\Alias\Maya 7.0 Personal Learning Edition\bin\maya.exe:*:Enabled:Maya"
"C:\Program Files\Replay Radio 5\ReplayRadio.exe"="C:\Program Files\Replay Radio 5\ReplayRadio.exe:*:Enabled:Replay Radio 5.2"
"C:\Program Files\heho\Mozilla Firefox\firefox.exe"="C:\Program Files\heho\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Eurobarre\eb.exe"="C:\Program Files\Eurobarre\eb.exe:*:Enabled:eurobarre"
"C:\Documents and Settings\Thomas\Mes documents\Dune 2000 - PC Game\DUNE2000.DAT"="C:\Documents and Settings\Thomas\Mes documents\Dune 2000 - PC Game\DUNE2000.DAT:*:Enabled:Dune2000"
"C:\Sierra\Empire Earth\Empire Earth.exe"="C:\Sierra\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\Program Files\Goto Software\Vade Retro\Vaderetro_oe.exe"="C:\Program Files\Goto Software\Vade Retro\Vaderetro_oe.exe:*:Enabled:Vaderetro_oe"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Documents and Settings\Thomas\Local Settings\Temp\QZTEMP\7459968\DUNE2000.DAT"="C:\Documents and Settings\Thomas\Local Settings\Temp\QZTEMP\7459968\DUNE2000.DAT:*:Enabled:Dune2000"
"C:\Program Files\Dune\DUNE2000.DAT"="C:\Program Files\Dune\DUNE2000.DAT:*:Enabled:Dune2000"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Defcon\defcon.exe"="C:\Program Files\Defcon\defcon.exe:*:Enabled:Defcon"
"C:\Program Files\Copie de Defcon\defcon.exe"="C:\Program Files\Copie de Defcon\defcon.exe:*:Enabled:Defcon"
"C:\Program Files\Copie de Defcon\Defcon\defcon.exe"="C:\Program Files\Copie de Defcon\Defcon\defcon.exe:*:Enabled:Defcon"
"C:\Program Files\Ma‹do Production\IziSpot 4\IziSpot.exe"="C:\Program Files\Ma‹do Production\IziSpot 4\IziSpot.exe:*:Enabled:IziSpot"
"C:\Program Files\Dune\Westwood\Internet\REGISTER.EXE"="C:\Program Files\Dune\Westwood\Internet\REGISTER.EXE:*:Enabled:REGISTER"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\47exinjs.a7.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\47exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\54exinjs.a7.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\54exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\53exinjs.a7.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\53exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\99exinjs.a7.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\99exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\77exinjs.a7.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\77exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\48exinjs.a7.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\48exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\33exinjs.a7.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\33exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\85exinjs.a7.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\85exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\23exinjs.a7.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\23exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\38exinjs.a7.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\38exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\44exinjs.a7.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\44exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\9exinjs.a7.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\9exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\95exinjs.a7.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\95exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\49exinjs.a7.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\49exinjs.a7.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\31exinjs.a8.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\31exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\25exinjs.a8.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\25exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\27exinjs.a8.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\27exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\11exinjs.a8.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\11exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\54exinjs.a8.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\54exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\77exinjs.a8.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\77exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\7exinjs.a8.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\7exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\59exinjs.a8.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\59exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\2exinjs.a8.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\2exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\75exinjs.a8.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\75exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\94exinjs.a8.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\94exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\97exinjs.a8.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\97exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\18exinjs.a8.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\18exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\24exinjs.a8.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\24exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\97exinjs.a8.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\97exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\48exinjs.a8.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\48exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\50exinjs.a8.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\50exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\51exinjs.a8.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\51exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\16exinjs.a8.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\16exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\30exinjs.a8.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\30exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\5exinjs.a8.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\5exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\66exinjs.a8.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\66exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\64exinjs.a8.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\64exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\67exinjs.a8.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\67exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\80exinjs.a8.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\80exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\25exinjs.a8.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\25exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\79exinjs.a8.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\79exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\89exinjs.a8.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\89exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\13exinjs.a8.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\13exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\83exinjs.a8.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\83exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\46exinjs.a8.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\46exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\22exinjs.a8.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\22exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\17exinjs.a8.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\17exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\7exinjs.a8.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\7exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\53exinjs.a8.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\53exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\27exinjs.a8.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\27exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\15exinjs.a8.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\15exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\2exinjs.a8.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\2exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\13exinjs.a8.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\13exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\43exinjs.a8.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\43exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\85exinjs.a8.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\85exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\14exinjs.a8.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\14exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\35exinjs.a8.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\35exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\57exinjs.a8.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\57exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\49exinjs.a8.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\49exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\42exinjs.a8.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\42exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\91exinjs.a8.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\91exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\19exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\19exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\52exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\52exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\10exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\10exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\8exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\8exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\ruby\bin\ruby.exe"="C:\ruby\bin\ruby.exe:*:Enabled:Ruby interpreter"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\50exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\50exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\11exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\11exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\95exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\95exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\49exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\49exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\36exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\36exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\7exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\7exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\55exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\55exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\28exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\28exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\73exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\73exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\18exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\18exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\69exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\69exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\85exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\85exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\1exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\1exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\82exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\82exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\75exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\75exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\68exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\68exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\66exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\66exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\54exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\54exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\18exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\18exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\56exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\56exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\25exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\25exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\0exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\0exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\16exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\16exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\6exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\6exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\Documents and Settings\Thomas\Bureau\PWSC1.4.2\PWSC1.4.2\server\server.exe"="C:\Documents and Settings\Thomas\Bureau\PWSC1.4.2\PWSC1.4.2\server\server.exe:*:Enabled:server"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\95exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\95exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\84exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\84exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\34exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\34exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\66exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\66exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\78exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\78exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\33exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\33exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\26exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\26exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\20exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\20exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\94exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\94exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\36exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\36exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\11exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\11exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\81exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\81exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\86exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\86exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\68exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\68exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\26exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\26exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\33exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\33exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\32exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\32exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\70exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\70exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\51exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\51exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\15exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\15exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\71exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\71exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\82exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\82exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\34exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\34exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\47exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\47exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\76exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\76exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\78exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\78exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\77exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\77exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\89exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\89exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\9exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\9exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\14exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\14exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\50exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\50exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\43exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\43exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\79exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\79exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\53exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\53exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\88exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\88exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\13exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\13exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\81exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\81exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\6exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\6exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\28exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\28exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\67exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\67exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\64exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\64exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\8exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\8exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\94exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\94exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\53exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\53exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\65exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\65exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\22exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\22exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\96exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\96exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\85exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\85exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\0exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\0exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\33exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\33exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\35exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\35exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\77exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\77exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\79exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\79exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\37exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\37exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\80exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\80exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\5exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\5exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\42exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\42exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\27exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\27exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\93exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\93exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\73exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\73exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\7exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\7exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\98exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\98exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\45exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\45exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\46exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\46exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\2exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\2exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\39exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\39exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\93exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\93exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\32exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\32exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\Documents and Settings\Thomas\Bureau\Cracking\atomicmail40\AtomicMAil4.exe"="C:\Documents and Settings\Thomas\Bureau\Cracking\atomicmail40\AtomicMAil4.exe:*:Enabled:Morph Button for DELPHI"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\23exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\23exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\62exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\62exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\88exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\88exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\25exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\25exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\86exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\86exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\31exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\31exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\89exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\89exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\67exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\67exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\80exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\80exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\16exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\16exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\2exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\2exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\96exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\96exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\37exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\37exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\17exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\17exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\14exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\14exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\57exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\57exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\46exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\46exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\66exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\66exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\99exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\99exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\52exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\52exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\57exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\57exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\92exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\92exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\83exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\83exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\99exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\99exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\11exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\11exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\60exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\60exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\48exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\48exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\45exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\45exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\30exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\30exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\4exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\4exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\24exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\24exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\44exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\44exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\94exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\94exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\76exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\76exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\46exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\46exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\71exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\71exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\75exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\75exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\61exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\61exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\86exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\86exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\85exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\85exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\29exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\29exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\84exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\84exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\54exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\54exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\91exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\91exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\27exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\27exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\44exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\44exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\19exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\19exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\24exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\24exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\91exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\91exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\39exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\39exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\64exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\64exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\82exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\82exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\38exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\38exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\52exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\52exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\42exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\42exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\74exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\74exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\87exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\87exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\70exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\70exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\77exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\77exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\78exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\78exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\Documents and Settings\Thomas\Bureau\DnLDownloader.exe"="C:\Documents and Settings\Thomas\Bureau\DnLDownloader.exe:*:Enabled:DnLDownloader"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\12exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\12exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\22exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\22exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\30exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\30exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\1exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\1exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\92exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\92exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\63exinjs.a9.exe"="C:\DOCUME~1\JEAN-P~1\LOCALS~1\Temp\63exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\99exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\99exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\Thomas\LOCALS~1\Temp\21exinjs.a9.exe"="C:\DOCUME~1\Thomas\LOCALS~1\Temp\21exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\23exinjs.a9.exe"="C:\DOCUME~1\BNDICT~1\LOCALS~1\Temp\23exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\Documents and Settings\Jean-Philippe\Bureau\RollerCoaster_Tycoon\rct.exe"="C:\Documents and Settings\Jean-Philippe\Bureau\RollerCoaster_Tycoon\rct.exe:*:Enabled:rct"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Outil de diagnostic Microsoft DirectX"
"C:\Program Files\Fichiers communs\PocketSoft\RTPatch\AutoRTP\artpschd.exe"="C:\Program Files\Fichiers communs\PocketSoft\RTPatch\AutoRTP\artpschd.exe:*:Enabled:artpschd"
"C:\Program Files\Autodesk\Maya 8.5 Personal Learning Edition\bin\maya.exe"="C:\Program Files\Autodesk\Maya 8.5 Personal Learning Edition\bin\maya.exe:*:Enabled:Maya"
"C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe"="C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe:*:Enabled:Dragon NaturallySpeaking 9.0"
"C:\3dsmax6\3dsmax.exe"="C:\3dsmax6\3dsmax.exe:*:Enabled:3ds max application"
"C:\Program Files\Autodesk\Backburner\monitor.exe"="C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\Program Files\Autodesk\Backburner\manager.exe"="C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\Program Files\Autodesk\Backburner\server.exe"="C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server"
"C:\Program Files\Side Effects Software\Houdini 9.0.702\bin\hmaster.exe"="C:\Program Files\Side Effects Software\Houdini 9.0.702\bin\hmaster.exe:*:Enabled:hmaster"
"C:\Program Files\Rapidown\rapidown.exe"="C:\Program Files\Rapidown\rapidown.exe:*:Enabled:rapidown"
"C:\Program Files\Invisible Browsing\InvisibleBrowsing.exe"="C:\Program Files\Invisible Browsing\InvisibleBrowsing.exe:*:Enabled:Invisible Browsing"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\MSN Spy 2004\MSN Spy 2004.EXE"="C:\Program Files\MSN Spy 2004\MSN Spy 2004.EXE:*:Enabled:MSN Spy 2004"
"C:\Program Files\backburner 2\manager.exe"="C:\Program Files\backburner 2\manager.exe:*:Enabled:backburner Manager Application"
"C:\Documents and Settings\Thomas\Bureau\Defcon\defcon.exe"="C:\Documents and Settings\Thomas\Bureau\Defcon\defcon.exe:*:Enabled:Defcon"
"C:\Program Files\Ma‹do\IziSpot 4\IziSpot.exe"="C:\Program Files\Ma‹do\IziSpot 4\IziSpot.exe:*:Enabled:IziSpot"
"C:\Program Files\counter strike 1.6\hl.exe"="C:\Program Files\counter strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe"="C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Disabled:Ex‚cuter une DLL en tant qu'application"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\Thomas\Bureau\Chessmaster 9000_atk_49_Wawamania\Chessmaster 9000\Chessmaster.exe"="C:\Documents and Settings\Thomas\Bureau\Chessmaster 9000_atk_49_Wawamania\Chessmaster 9000\Chessmaster.exe:*:Enabled:Chessmaster 9000"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Pando Networks\Pando\pando.exe"="C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled:Pando Application"
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\Program Files\Hidden Administrator\ha_server\ha_server.exe"="C:\Program Files\Hidden Administrator\ha_server\ha_server.exe:*:Enabled:Hidden Administrator Server"
"C:\Program Files\Hidden Administrator\ha_client\ha_client.exe"="C:\Program Files\Hidden Administrator\ha_client\ha_client.exe:*:Enabled:Hidden Administrator Client"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Radmin Viewer 3.0\Radmin.exe"="C:\Program Files\Radmin Viewer 3.0\Radmin.exe:*:Enabled:Radmin Viewer 3.0"
"C:\Program Files\FlashGet\FlashGet.exe"="C:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Documents and Settings\Thomas\Bureau\Worms armageddon up by evilkart for wawa mania\wormsarm\WA.exe"="C:\Documents and Settings\Thomas\Bureau\Worms armageddon up by evilkart for wawa mania\wormsarm\WA.exe:*:Enabled:Worms Armageddon"
"C:\Program Files\NetAppel\NetAppel.exe"="C:\Program Files\NetAppel\NetAppel.exe:*:Enabled:NetAppel"
"C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe"="C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:*:Enabled:VoipBuster"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\DOCUME~1\Thomas\Bureau\sdfix\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:


[b]Finished![/b]

jlpjlp · Answer

Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

juilie · Answer

oui ne t'inquiete pas je suis en train de le faire mais c'est pluto long je comprend pas
il dise 10 minute pourtant je sait pas ca lag je te met ca bientot

jlpjlp · Answer

ok

juilie · Answer

voila

Search Navipromo version 3.5.7 commencé le 05/06/2008 à 11:52:35,45

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "Thomas" 

Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180 
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\menudÉ~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Thomas\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\BNDICT~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\JEAN-P~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\Thomas\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\JEAN-P~1\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\Thomas\menudm~1\progra~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\JEAN-P~1\menudm~1\progra~1" *** 

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Thomas\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\JEAN-P~1\locals~1\applic~1" * 



*** Recherche fichiers *** 


C:\WINDOWS\pack.epk trouvé !
C:\WINDOWS\system32
vs2.inf trouvé !

*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

isughjtvfa.dat trouvé !
isughjtvfa_nav.dat trouvé !
isughjtvfa_navps.dat trouvé !
jxflsoadk.dat trouvé !
jxflsoadk_nav.dat trouvé !
jxflsoadk_navps.dat trouvé !
tkupisn.dat trouvé !
tkupisn_nav.dat trouvé !
tkupisn_navps.dat trouvé !

* Dans "C:\Documents and Settings\Thomas\locals~1\applic~1" : 


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" : 


* Dans "C:\DOCUME~1\JEAN-P~1\locals~1\applic~1" : 


3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 05/06/2008 à 12:14:08,14 ***

jlpjlp · Answer

= Lance navilog1 
= Cette fois-ci choisi l'option 2 
= Navilog va faire le nettoyage.. patient jusqu'à ce qui soit marqué *** Nettoyage Termine le ..... *** 
= Un rapport va être génrer sur ton C:\ qui sera en option 2 
Note: le bureau disparaît 

= colle le contenu du rapport de navilog (qui est en option2) 


PS:Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches. 
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter" 
Tape explorer et valide. Celà te fera apparaitre ton bureau. 

_________________

recolle un nouvel hijakchtis et dis tes soucis actuels

juilie · Answer

donc voila pour le rapport navilog

Clean Navipromo version 3.5.7 commencé le 05/06/2008 à 12:44:41,90

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "Thomas" 

Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS

Mode suppression automatique 
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur


 
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
 

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\Thomas\locals~1\applic~1" * 


* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * 


* Suppression dans "C:\DOCUME~1\JEAN-P~1\locals~1\applic~1" * 



*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\menudÉ~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Thomas\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\BNDICT~1\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\JEAN-P~1\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\Thomas\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\JEAN-P~1\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\Thomas\menudm~1\progra~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\JEAN-P~1\menudm~1\progra~1" *** 



*** Suppression fichiers ***

C:\WINDOWS\pack.epk supprimé !
C:\WINDOWS\system32
vs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Thomas\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *

isughjtvfa.dat trouvé !
Copie isughjtvfa.dat réalisée avec succès !
isughjtvfa.dat supprimé !

jxflsoadk.dat trouvé !
Copie jxflsoadk.dat réalisée avec succès !
jxflsoadk.dat supprimé !

tkupisn.dat trouvé !
Copie tkupisn.dat réalisée avec succès !
tkupisn.dat supprimé !

isughjtvfa_nav.dat trouvé !
Copie isughjtvfa_nav.dat réalisée avec succès !
isughjtvfa_nav.dat supprimé !

jxflsoadk_nav.dat trouvé !
Copie jxflsoadk_nav.dat réalisée avec succès !
jxflsoadk_nav.dat supprimé !

tkupisn_nav.dat trouvé !
Copie tkupisn_nav.dat réalisée avec succès !
tkupisn_nav.dat supprimé !

isughjtvfa_navps.dat trouvé !
Copie isughjtvfa_navps.dat réalisée avec succès !
isughjtvfa_navps.dat supprimé !

jxflsoadk_navps.dat trouvé !
Copie jxflsoadk_navps.dat réalisée avec succès !
jxflsoadk_navps.dat supprimé !

tkupisn_navps.dat trouvé !
Copie tkupisn_navps.dat réalisée avec succès !
tkupisn_navps.dat supprimé !


* Dans "C:\Documents and Settings\Thomas\locals~1\applic~1" * 


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * 


* Dans "C:\DOCUME~1\JEAN-P~1\locals~1\applic~1" * 


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 05/06/2008 à 12:58:18,12 ***



-------------------------------------------------------- et Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:00:49, on 05/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset
od32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Eset
od32kui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\heho\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\KiweeIEToolbar.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\KiweeIEToolbar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - (no file)
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\KiweeIEToolbar.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
od32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [wininet.dll] regperf.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BAE3503-DF3F-471B-834C-4345A363CC83}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Ati4801vpkt - ATI Technologies Inc. - (no file)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset
od32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

jlpjlp · Answer

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked". 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Policies\Explorer\Run: [wininet.dll] regperf.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

_________________

scan avec 
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/ 

_________________

télécharge combofix (par sUBs) ici : 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

et enregistre le sur le bureau. 

déconnecte toi d'internet et ferme toutes tes applications. 

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware) 


double-clique sur combofix.exe et suis les instructions 

à la fin, il va produire un rapport C:\ComboFix.txt 

réactive ton parefeu, ton antivirus, la garde de ton antispyware 

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse. 

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi. 

Tu as un tutoriel complet ici : 

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix 

_________________


smit fraud fix (colle le rapport)

1/ telecharger :

http://siri.urz.free.fr/Fix/SmitfraudFix.php


2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. 
_________________

recolle un nouvel hijakhcits

juilie · Answer

c'est pas mal long quand meme
la je suis sur le premier depuis que t'a envoyer le mesage il m'a trouvé 10 infections je t'envoie tout les scan quand j'aurait tout fini donc je sait pas quand bref merci encore et aussi la je suis sur mon ordi portable pendant que mon pc fixe scan et fasse les différent scan
je te tient au courant je pense les mettre en ligne vers 14h30, 15h tout dépend des scan

juilie · Answer

malwarebytes anti malware en est a 11 infection et 400000 fichiers recherché je suis dans le dossier windows maintenant a quand ca va finir je vous colle tout je ne sait pas quand a vrai dire mais pk cette discussion est elle terminé??

juilie · Answer

ComboFix 08-06-04.5 - Thomas 2008-06-05 15:51:10.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.344 [GMT 2:00] Endroit: C:\Documents and Settings\Thomas\Bureau\ComboFix.exe * Création d'un nouveau point de restauration * Resident AV is active . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Thomas\Application Data\inst.exe C:\Documents and Settings\Thomas\Application Data\ShoppingReport C:\Documents and Settings\Thomas\Application Data\ShoppingReport\cs\Config.xml C:\Program Files\Fichiers communs\inetget2 C:\Program Files\Fichiers communs\system32.dll C:\Program Files\msmovies C:\Program Files\ShoppingReport C:\Program Files\ShoppingReport\Uninst.exe C:\Program Files\winsupdater C:\WINDOWS\dobe~1 C:\WINDOWS\dobe~1\?dobe\ C:\WINDOWS\system32\1.txt C:\WINDOWS\system32\2.txt . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NTIO256 -------\Service_ntio256 ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))))))) . 2008-06-05 13:25 . 2008-06-05 13:25 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-05 13:25 . 2008-06-05 13:25 d-------- C:\Documents and Settings\Thomas\Application Data\Malwarebytes 2008-06-05 13:25 . 2008-06-05 13:25 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-06-05 13:25 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-06-05 13:25 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-06-05 11:51 . 2008-06-05 12:58 d-------- C:\Program Files\Navilog1 2008-06-05 10:53 . 2008-06-05 10:53 d-------- C:\WINDOWS\ERUNT 2008-06-05 10:14 . 2008-06-05 10:14 d-------- C:\Program Files\Trend Micro 2008-06-04 20:36 . 2008-06-04 20:36 d-------- C:\Program Files\Trapcode 2008-06-04 20:36 . 2008-06-04 20:36 36,868 --a------ C:\Program Files\uninst-3DStroke.exe 2008-06-04 20:22 . 2008-06-04 20:22 d-------- C:\Program Files\electricFX 2008-06-04 19:57 . 2008-06-04 19:57 d-------- C:\Program Files\cyberzeka.com 2008-06-04 19:52 . 2008-06-04 19:53 d-------- C:\Program Files\FilmFX2 2008-06-04 16:54 . 2008-06-04 16:56 d-------- C:\Documents and Settings\Thomas\Application Data\VoipBuster 2008-06-04 16:52 . 2008-06-04 16:52 d-------- C:\Program Files\VoipBuster.com 2008-06-04 16:23 . 2008-06-04 16:28 d-------- C:\Documents and Settings\Thomas\Application Data\NetAppel 2008-06-04 16:21 . 2008-06-04 16:39 d-------- C:\Program Files\NetAppel 2008-06-01 20:32 . 2006-11-08 10:51 62,336 --------- C:\WINDOWS\system32\drivers\rspndr.sys 2008-06-01 20:32 . 2006-11-08 10:51 10,752 --------- C:\WINDOWS\system32\rspndr.exe 2008-05-28 21:58 . 2008-05-28 21:58 d-------- C:\Program Files\Lavasoft 2008-05-28 21:58 . 2008-05-29 18:45 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-28 18:21 . 2008-05-28 18:21 83 --a------ C:\Documents and Settings\Thomas\tim.bat 2008-05-26 22:00 . 2008-05-26 22:00 d-------- C:\Program Files\Worms armagedon 2008-05-24 20:02 . 2008-05-24 20:03 d-------- C:\Program Files\Nouveau dossier 2008-05-24 19:05 . 2008-05-24 19:49 d-------- C:\Program Files\DirectX1 2008-05-17 19:14 . 2008-05-24 13:53 d-------- C:\Program Files\LimeWire 2008-05-17 19:14 . 2008-06-04 22:22 d-------- C:\Documents and Settings\Thomas\Application Data\LimeWire 2008-05-17 16:18 . 2008-06-05 12:58 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-17 16:18 . 2008-05-17 16:18 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-17 16:17 . 2008-05-17 16:17 d-------- C:\Program Files\iTunes 2008-05-17 16:17 . 2008-05-17 16:17 d-------- C:\Program Files\iPod 2008-05-17 16:15 . 2008-05-17 16:15 d-------- C:\Program Files\QuickTime 2008-05-14 22:16 . 2008-05-14 22:19 d-------- C:\Program Files\Dofus 2008-05-14 21:43 . 2005-09-03 23:48 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll 2008-05-14 21:43 . 2005-09-03 23:48 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll 2008-05-14 21:42 . 2008-05-19 17:30 d-------- C:\Program Files\Cheat Engine 2008-05-11 18:42 . 2008-05-11 18:45 d-------- C:\Program Files\VirtualDub 2008-05-11 15:43 . 2008-05-11 15:43 107 --a------ C:\WINDOWS\ifoedit.INI 2008-05-10 10:20 . 2008-06-04 22:24 d-------- C:\Program Files\FlashGet 2008-05-05 19:12 . 2008-05-05 19:12 d-------- C:\Program Files\AutoIt3 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-05 11:21 --------- d-----w C:\Program Files\heho 2008-06-04 20:24 --------- d-----w C:\Program Files\Rail Simulator 2008-06-04 20:23 --------- d-----w C:\Program Files\AV Vcs 6.0 DIAMOND 2008-06-04 20:23 --------- d-----w C:\Documents and Settings\Thomas\Application Data\Azureus 2008-06-04 20:22 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-06-04 20:22 --------- d-----w C:\Program Files\Celtx 2008-06-04 20:21 --------- d-----w C:\Program Files\Xfire 2008-06-04 20:21 --------- d-----w C:\Program Files\RPG Maker VX 2008-06-04 20:21 --------- d-----w C:\Program Files\eBoostr 2008-06-04 20:21 --------- d-----w C:\Program Files\DVDlabPro 2008-06-04 20:21 --------- d-----w C:\Program Files\Dune 2008-06-04 18:26 4,721 ----a-w C:\Program Files\uninstal.log 2008-06-04 13:21 --------- d-----w C:\Program Files\Google 2008-06-04 12:20 --------- d-----w C:\Program Files\Wanadoo 2008-06-02 13:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\eboostr 2008-05-30 16:34 --------- d-----w C:\Documents and Settings\Thomas\Application Data\Skype 2008-05-30 16:04 --------- d-----w C:\Documents and Settings\Thomas\Application Data\skypePM 2008-05-28 19:57 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-05-27 19:35 --------- d-----w C:\Documents and Settings\Thomas\Application Data\Vso 2008-05-27 17:01 --------- d-----w C:\Program Files\Yahoo! 2008-05-24 17:33 --------- d-----w C:\Program Files\ESET 2008-05-24 16:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-05-19 16:17 --------- d-----w C:\Program Files\Micro Application 2008-05-17 17:27 --------- d-----w C:\Program Files\The Foundry 2008-05-17 14:03 --------- d-----w C:\Program Files\Apple Software Update 2008-05-12 18:15 2,944 ----a-w C:\WINDOWS\system32\drivers\bbcap.sys 2008-05-12 17:06 --------- d-----w C:\Documents and Settings\Thomas\Application Data\Blueberry 2008-05-06 18:55 --------- d-----w C:\Program Files\Luxor 3 2008-05-06 17:49 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-04 16:33 --------- d-----w C:\Program Files\Radmin Viewer 3.0 2008-05-04 15:24 --------- d-----w C:\Documents and Settings\Thomas\Application Data\Radmin 2008-05-02 20:16 --------- d-----w C:\Documents and Settings\Thomas\Application Data\ATI 2008-05-02 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI 2008-05-02 20:09 --------- d-----w C:\Program Files\ATI Technologies 2008-05-02 19:58 --------- d-----w C:\Documents and Settings\Jean-philippe_2\Application Data\ATI 2008-05-02 19:54 --------- d-----w C:\Program Files\Fichiers communs\ATI Technologies 2008-04-28 11:18 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2008-04-28 11:18 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys 2008-04-28 09:48 --------- d-----w C:\Documents and Settings\Jean-philippe_2\Application Data\DivX 2008-04-27 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET 2008-04-26 07:25 --------- d-----w C:\Program Files\RichFX 2008-04-23 16:46 --------- d-----w C:\Documents and Settings\Thomas\Application Data\ma-config.com 2008-04-22 08:59 88 --sh--r C:\Documents and Settings\All Users\Application Data\EF1A8131E4.sys 2008-04-22 08:59 848 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys 2008-04-22 08:56 --------- d-----w C:\Program Files\Fichiers communs\Enterbrain 2008-04-17 19:40 --------- d-----w C:\Program Files\Astase 2008-04-17 19:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo 2008-04-17 19:19 --------- d-----w C:\Program Files\ReflexiveArcade 2008-04-16 12:16 92,280 ----a-w C:\WINDOWS\system32\drivers\EBoost.sys 2008-04-15 19:00 --------- d-----w C:\Program Files\Windows Doctor 2008-04-13 17:38 --------- d-----w C:\Program Files\Managed DirectX (0901) 2008-04-13 14:48 --------- d-----w C:\Program Files\directx 2008-04-10 18:00 --------- d-----w C:\Documents and Settings\Thomas\Application Data\Weezo 2008-04-10 17:42 --------- d-----w C:\Program Files\Hidden Administrator 2008-04-06 20:21 338 ----a-w C:\muxmp4.bat 2008-03-21 22:53 47,360 ----a-w C:\Documents and Settings\Thomas\Application Data\pcouffin.sys 2007-11-27 19:41 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2005-10-12 19:06 140,800 ----a-w C:\Documents and Settings\Thomas\a.exe 1999-07-07 00:00 6 --sh--r C:\WINDOWS\@@desktop@@.dat 1999-07-07 00:00 6 --sh--r C:\WINDOWS\@desktop@.dat 2005-05-17 16:11 56 --sh--r C:\WINDOWS\system32\E431811AEF.sys . [code]

----a-w           293,842 2004-02-11 18:56:50  C:\Documents and Settings\Thomas\Mes documents\Adobe Premiere Pro v7.0 Fr + tutoriaux + crack\Adobe Premiere 7 Pro Crack .exe
----a-w         5,529,863 2007-04-15 09:33:06  C:\Documents and Settings\Thomas\Mes documents\tout et n'importe quoi\BB FlashBack + KeyGen up by akdm\BB FlashBack\setup BB FlashBack .exe

/code ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}] 2007-10-31 17:10 296256 --a------ C:\Program Files\Kiwee Toolbar\KiweeIEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "C:\Program Files\Kiwee Toolbar\KiweeIEToolbar.dll" [2007-10-31 17:10 296256] [HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}] [HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}] [HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 17:15 221184] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-28 13:18 949376] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "wininet.dll"= regperf.exe [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-04-24 13:13 282624] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] LMIinit.dll 2007-10-18 21:47 75064 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.enc"= ITIG726.acm "VIDC.SP54"= SP5X_32.DLL "vidc.yv12"= yv12vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^eBoostr Control Panel.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\eBoostr Control Panel.lnk backup=C:\WINDOWS\pss\eBoostr Control Panel.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ONSPEED.lnk] backup=C:\WINDOWS\pss\ONSPEED.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^PI Monitor.lnk] backup=C:\WINDOWS\pss\PI Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Thomas^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk] path=C:\Documents and Settings\Thomas\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Thomas^Menu Démarrer^Programmes^Démarrage^LemonScreen.lnk] path=C:\Documents and Settings\Thomas\Menu Démarrer\Programmes\Démarrage\LemonScreen.lnk backup=C:\WINDOWS\pss\LemonScreen.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-20 01:09 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instant Access] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-02-16 17:15 221184 C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiweeHook] --a------ 2007-10-31 17:12 62776 C:\Program Files\Kiwee Toolbar\kwtbaim.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] --a------ 2007-02-07 17:21 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetAppel] --a------ 2008-01-03 09:24 8844592 C:\Program Files\NetAppel\NetAppel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2007-02-07 17:24 71216 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] --a------ 2006-10-25 10:03 210472 C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] --a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMCRRS] --a------ 2005-07-15 13:56 203 C:\WINDOWS\system32\WMCRRS.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT] --a------ 2004-08-23 14:50 122880 C:\PROGRA~1\Wanadoo\Shell.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] --------- 2004-10-14 16:55 32768 C:\PROGRA~1\Wanadoo\GestMaj.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] --------- 2004-08-23 14:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "VCSSecS"=2 (0x2) "SNDSrvc"=3 (0x3) "SDhelper"=2 (0x2) "PowerManager"=2 (0x2) "IDriverT"=3 (0x3) "FSDFWD"=3 (0x3) "dmadmin"=3 (0x3) "Alerter"=2 (0x2) "Boonty Games"=3 (0x3) "EBOOSTRSVC"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "SerialNumber"="A109A-K13-3ZXD-BAP5-TE" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\WINDOWS\system32\lxcgcoms.exe"= "C:\Program Files\Azureus\Azureus.exe"= "C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe"= "C:\Program Files\Dofus\Dofus.exe"= "C:\Program Files\Java\j2re1.4.0_03\bin\java.exe"= "C:\Program Files\Java\j2re1.4.0_03\bin\jinstall.exe"= "C:\Program Files\Java\j2re1.4.0_03\bin\keytool.exe"= "C:\Program Files\heho\firefox.exe"= "C:\Program Files\heho\updater.exe"= "C:\Program Files\GameSpy Arcade\Aphex.exe"= "C:\Program Files\Dune\DUNE2000.DAT"= "C:\WINDOWS\system32\dpvsetup.exe"= "C:\Program Files\Defcon\defcon.exe"= "C:\Program Files\Dune\Westwood\Internet\REGISTER.EXE"= "C:\WINDOWS\system32\javaw.exe"= "C:\WINDOWS\system32\dpnsvr.exe"= "C:\WINDOWS\system32\dxdiag.exe"= "C:\Program Files\Fichiers communs\PocketSoft\RTPatch\AutoRTP\artpschd.exe"= "C:\Program Files\Autodesk\Maya 8.5 Personal Learning Edition\bin\maya.exe"= "C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe"= "C:\Program Files\Autodesk\Backburner\monitor.exe"= "C:\Program Files\Autodesk\Backburner\manager.exe"= "C:\Program Files\Autodesk\Backburner\server.exe"= "C:\Program Files\Xfire\xfire.exe"= "C:\Program Files\backburner 2\manager.exe"= "C:\Program Files\Bonjour\mDNSResponder.exe"= "C:\Program Files\Pando Networks\Pando\pando.exe"= "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"= "C:\Program Files\Hidden Administrator\ha_client\ha_client.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"= "C:\Program Files\iTunes\iTunes.exe"= "C:\Program Files\Skype\Phone\Skype.exe"= "C:\Program Files\NetAppel\NetAppel.exe"= "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "21:TCP"= 21:TCP:nvu "21:UDP"= 21:UDP:sdrg "832:TCP"= 832:TCP:mozilla "57852:TCP"= 57852:TCP:Pando P2P TCP Listening Port "57852:UDP"= 57852:UDP:Pando P2P UDP Listening Port R0 eBoost;eBoostr caching filter driver;C:\WINDOWS\system32\drivers\eBoost.sys [2008-04-16 14:16] R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-03-03 15:19] R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys [2008-05-12 20:15] R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 17:07] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0/u00.fcl [2006-11-02 17:51] R2 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 09:48] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-09-12 11:20] R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08] S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-05-20 19:27] S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-05-20 19:27] S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [2005-05-20 19:28] S3 mirrorv3;mirrorv3;C:\WINDOWS\system32\DRIVERS\rminiv3.sys [2006-11-01 05:01] S3 PVUSB;CESG502 USB Driver;C:\WINDOWS\system32\DRIVERS\CESG502.sys [2002-06-12 22:50] S3 SaiUA503;SaiUA503;C:\WINDOWS\system32\DRIVERS\SaiUA503.sys [2006-08-21 14:01] S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-03-28 17:00] S4 EBOOSTRSVC;eBoostr Service;"C:\Program Files\eBoostr\EBstrSvc.exe" [2008-04-16 14:16] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-05-31 12:29:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2004-05-10 19:20:00 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job" - C:\WINDOWS\System32\OOBE\oobebaln.exe "2004-05-16 16:50:00 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job" - C:\WINDOWS\System32\OOBE\oobebaln.exe "2004-05-23 17:20:00 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job" - C:\WINDOWS\System32\OOBE\oobebaln.exe "2008-05-30 22:00:35 C:\WINDOWS\Tasks\Scheduled scanning task.job" - C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\fsav.exe` /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\report.txt $C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1.SYSTEM#Task added by F-Secure Anti-Virus. "2008-05-28 18:35:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe "2008-01-19 19:35:12 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-05 16:05:04 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... folder error: C:\DOCUME~1\Thomas\LOCALS~1\Temp\ Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet009\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\[u]0/u00.fcl" . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\FTRTSVC.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\MDM.EXE C:\Program Files\ESET\nod32krn.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\system32\searchindexer.exe . ************************************************************************** . Temps d'accomplissement: 2008-06-05 16:26:38 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-05 14:26:32 Pre-Run: 71,533,633,536 octets libres Post-Run: 71,391,363,072 octets libres 345 et hijackthis

juilie · Answer

SmitFraudFix v2.323

Rapport fait à 16:29:31,54, 05/06/2008
Executé à partir de C:\Documents and Settings\Thomas\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset
od32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Eset
od32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\heho\firefox.exe
C:\Documents and Settings\Thomas\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\1024\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Thomas


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Thomas\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Thomas\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: VIA Rhine II Fast Ethernet Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2BAE3503-DF3F-471B-834C-4345A363CC83}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4C62BABD-89E5-4D2D-BD1A-83FA5C7EABC7}: NameServer=80.10.246.130 80.10.246.3
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4C62BABD-89E5-4D2D-BD1A-83FA5C7EABC7}: NameServer=80.10.246.130 80.10.246.3


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

juilie · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:31:53, on 05/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset
od32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Eset
od32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\heho\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\KiweeIEToolbar.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\KiweeIEToolbar.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\KiweeIEToolbar.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
od32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [wininet.dll] regperf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BAE3503-DF3F-471B-834C-4345A363CC83}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Ati4801vpkt - ATI Technologies Inc. - (no file)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset
od32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

jlpjlp · Answer

ok c'est mieux mais il en reste:

redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général) puis lance smitfraudfix , sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée

_______________


remplace ta version AD AWARE par la version 2008 (pour la gratuite prendre celle d'evaluation et lors de l'installation choisir gratuit)

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/11643.html

_________________


encore des soucis????

recolle un dernier hijakhcits j'espere!

juilie · Answer

SmitFraudFix v2.323

Rapport fait à 17:43:53,21, 05/06/2008
Executé à partir de C:\Documents and Settings\Thomas\Mes documents\Protection de l'ordinateur\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\system32\1024\ supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: VIA Rhine II Fast Ethernet Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2BAE3503-DF3F-471B-834C-4345A363CC83}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4C62BABD-89E5-4D2D-BD1A-83FA5C7EABC7}: NameServer=80.10.246.130 80.10.246.3
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4C62BABD-89E5-4D2D-BD1A-83FA5C7EABC7}: NameServer=80.10.246.130 80.10.246.3


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
 
Nettoyage terminé. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

et le hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:56:36, on 05/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset
od32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Eset
od32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
C:\WINDOWS\system32\cleanmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\heho\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\KiweeIEToolbar.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\KiweeIEToolbar.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\KiweeIEToolbar.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
od32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [wininet.dll] regperf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BAE3503-DF3F-471B-834C-4345A363CC83}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Ati4801vpkt - ATI Technologies Inc. - (no file)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset
od32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

jlpjlp · Answer

utilise  pour supprimer tes traces 

CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo 
https://www.malekal.com/tutoriel-ccleaner/
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

________________


Télécharger OAD (Outil d'Aide au Diagnostic) < http://sosvirus.changelog.fr/OAD.exe > 
&#8594; Enregistre-le sur ton bureau 
&#8594; Lancer 'OAD.exe' en faisant un double clique sur le fichier 

&#8594; Saisir la valeur recherchée -> ' regperf.exe  ' ( fait un copier/coller ) 

&#8594; Type de recherche : sélectionner l'option 6 puis valide [entrée] 
&#8594; OAD va maintenant rechercher le fichier. 
&#8594; Laisse-le travailler jusqu'à ce qu'il en ait terminé. 
&#8594; Suivant la taille des disques durs, cette recherche peut prendre plusieurs minutes. 

------------- Patienter. -------------- 

&#8594; Le rapport de recherche s'affichera automatiquement dès qu'il en aura terminé. 
&#8594; Faire un copier/coller de ce rapport dans ton prochain post. 


(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller ) 

Note: Certains Antivirus peuvent émettre une alerte lors du téléchargement / utilisation > ignore 







______________________


pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif


_______________________

Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :






Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"wininet.dll"=- 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instant Access]






Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

J'ai un virus aidez moi

19 réponses

Discussions similaires