Lecture résumé HIJACKTHIS

ROSALLY Messages postés 80 Statut Membre -
ROSALLY Messages postés 80 Statut Membre - 6 mars 2009 à 15:16

Bonjour,
pourriez vous lire mon resumé suite à un scan avec hijackthis
et me dire s'il y a reparation a faire, je pense que oui, parce que j'ai tjrs le meme probleme a savoir site Chinois en page d'accueil au lancement de internet explorer... suivi par d'autres sans les avoir ouvert...
j'ai l'impression qu'il prend possession de mon pc et je ne peux rie n faire j'ai beau instalé des anti virus, anti spam, rien a faire...
merci d'avance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:39:13, on 20/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system\rund1132.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system\rund1132.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\common32.exe
C:\WINDOWS\WinShell.\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\Goto Software\Vaderetro_Mgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\sys1E.tmp
C:\WINDOWS\Fonts\TIMPIatform.exe
C:\WINDOWS\system32\wauafe.exe
C:\WINDOWS\system32\wauafe.exe
C:\WINDOWS\system32\wauafe.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wauafe.exe
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temporary Internet Files\Content.IE5\3J3A4KDM\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://luck114.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F3 - REG:win.ini: load=C:\WINDOWS\system\rund1132.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system\rund1132.exe,
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\PushWare\cpush0.dll
O2 - BHO: Info cache - {296AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\WINDOWS\Intel\baiduc.dll
O2 - BHO: IETimber - {489873CE-F3E1-44A3-8E89-04BE26BE4446} - C:\Program Files\Internet Explorer\IETimber\IETimber.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\FenUnika.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [OaZeC] C:\WINDOWS\hxyjlul.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Á³# L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hxyjlul.exe
O4 - HKLM\..\Run: [Yhyjczvn] C:\Program Files\Xkljec\Bsnub.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [VadeRetro Outlook] C:\Program Files\Goto Software\Vade Retro\VrMoRegister.exe -s
O4 - HKLM\..\Run: [VRManager] C:\Program Files\Fichiers communs\Goto Software\Vaderetro_Mgr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [Livecom] "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [cmdhlpadm] C:\WINDOWS\system32\vkvadezy.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKLM\..\Policies\Explorer\Run: [mysys] C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\common32.exe
O4 - HKLM\..\Policies\Explorer\Run: [user] C:\WINDOWS\WinShell..\daemon.exe
O4 - HKLM\..\Policies\Explorer\Run: [360safe] C:\WINDOWS\Fonts\wuauclt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: karna.dat
O20 - Winlogon Notify: xrkfgusi - xrkfgusi32.dll (file missing)
O23 - Service: Securitoo AntiVirus (BackWeb Client - 174112) - Unknown owner - C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\System32\PSSDNSVC.EXE

Afficher la suite

A voir également:

Lecture résumé HIJACKTHIS
Hijackthis - Télécharger - Antivirus & Antimalwares
Lecture epub sur pc - Guide
Accusé de lecture gmail - Guide
Confirmation de lecture whatsapp - Guide
Télécharger livre de lecture ce2 gratuit pdf - Télécharger - Éducatifs

123 réponses

Réponse 41 / 123

ROSALLY Messages postés 80 Statut Membre

nouvelle tentation est la bonne
ci-après le rapport Hijacthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:25:51, on 24/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system\rund1132.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\winsscoo.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system\rund1132.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\common32.exe
C:\WINDOWS\WinShell.\daemon.exe
C:\WINDOWS\Fonts\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\smss.exe
C:\WINDOWS\Fonts\TIMPIatform.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MediaChannel\Navvy 5.2\NavvyMan.exe
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\115129
C:\WINDOWS\system32\waubfe.exe
C:\WINDOWS\system32\waubfe.exe
C:\WINDOWS\system32\waubfe.exe
C:\WINDOWS\system32\waubfe.exe
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\494920
C:\WINDOWS\system32\waubfe.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\Fichiers Internet temporaires\Content.IE5\DAXNM3UZ\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://luck114.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F3 - REG:win.ini: load=C:\WINDOWS\system\rund1132.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system\rund1132.exe,
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\PushWare\cpush0.dll
O2 - BHO: Info cache - {296AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\WINDOWS\Intel\baiduc.dll
O2 - BHO: IETimber - {489873CE-F3E1-44A3-8E89-04BE26BE4446} - C:\Program Files\Internet Explorer\IETimber\IETimber.dll
O2 - BHO: (no name) - {5419706F-9AD1-49BB-A91F-EE6B62E2881E} - C:\Program Files\Internet Explorer\PowerJo.ase
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {912F6837-CCB6-424B-BC9C-8BB5541AFB54} - C:\Program Files\Internet Explorer\PowerJv.ask
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Rankey Toolbar(&N) - {C4672F26-5862-40FE-94B8-7B35285DAF82} - C:\Program Files\MediaChannel\Navvy 5.2\NavvyTB.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Rankey Toolbar(&N) - {C4672F26-5862-40FE-94B8-7B35285DAF82} - C:\Program Files\MediaChannel\Navvy 5.2\NavvyTB.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\FenUnika.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [OaZeC] C:\WINDOWS\hxyjlul.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Á³# L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hxyjlul.exe
O4 - HKLM\..\Run: [Yhyjczvn] C:\Program Files\Xkljec\Bsnub.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NavvyUp] C:\Program Files\MediaChannel\Navvy 5.2\NavvyUp.exe
O4 - HKLM\..\Run: [msexe.exe] C:\WINDOWS\system32\msexe.exe
O4 - HKLM\..\Run: [zxexe.exe] C:\WINDOWS\system32\zxexe.exe
O4 - HKLM\..\Run: [kdexe.exe] C:\WINDOWS\system32\kdexe.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [Livecom] "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [cmdhlpadm] C:\WINDOWS\system32\vkvadezy.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKLM\..\Policies\Explorer\Run: [mysys] C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\common32.exe
O4 - HKLM\..\Policies\Explorer\Run: [user] C:\WINDOWS\WinShell..\daemon.exe
O4 - HKLM\..\Policies\Explorer\Run: [svchstt] C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\494920
O4 - HKLM\..\Policies\Explorer\Run: [360safe] C:\WINDOWS\Fonts\wuauclt.exe
O4 - HKLM\..\Policies\Explorer\Run: [nwiz] alimoto32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ojdnnlnf.dll,cockgddc.dll,homegdpk.dll,ebhpliad.dll,odgildpe.dll,iobdplci.dll,mfgncgfe.dll,hpdkkijb.dll,hkcilmoi.dll,jlkcebmc.dll,ihhdbbgo.dll,nchiedik.dll,cdemgfda.dll,nihdgagb.dll,ecllbhmc.dll,ddafchog.dll,likfanej.dll,hpnmkehm.dll
O20 - Winlogon Notify: xrkfgusi - xrkfgusi32.dll (file missing)
O21 - SSODL: 8D025D9E - {8D025D9E-A5AC-49DB-968D-1F2A3C030840} - C:\WINDOWS\system32\odgildpe.dll
O21 - SSODL: EB1952AD - {EB1952AD-75E8-4E4E-B626-2C415DA35709} - C:\WINDOWS\system32\ebhpliad.dll
O21 - SSODL: 186E0D94 - {186E0D94-F863-43EF-9B43-38DAC43C064B} - C:\WINDOWS\system32\homegdpk.dll
O21 - SSODL: C8C40DDC - {C8C40DDC-9B46-4266-BA0B-5AF248442C3B} - C:\WINDOWS\system32\cockgddc.dll
O21 - SSODL: 83D7757F - {83D7757F-4582-4300-9F03-C3D1A544A9D0} - C:\WINDOWS\system32\ojdnnlnf.dll
O21 - SSODL: A5D82254 - {A5D82254-2505-417B-BAFF-37A20BC2FFD3} - C:\WINDOWS\system32\aldoiilk.dll
O21 - SSODL: 1E2FEAD8 - {1E2FEAD8-3897-4A01-BD3B-098693626973} - C:\WINDOWS\system32\heifeado.dll
O21 - SSODL: A6B283F7 - {A6B283F7-EAC4-4110-ACAA-A2D0B85466B7} - C:\WINDOWS\system32\ambiojfn.dll
O21 - SSODL: 28BD95C2 - {28BD95C2-8FE5-408C-BA5A-3757E5DF71A8} - C:\WINDOWS\system32\iobdplci.dll
O21 - SSODL: 6F07C0FE - {6F07C0FE-C26E-40D3-8CD7-0DDB62C8845C} - C:\WINDOWS\system32\mfgncgfe.dll
O21 - SSODL: 19D4423B - {19D4423B-B5AF-4DF2-9151-336A203EBCA8} - C:\WINDOWS\system32\hpdkkijb.dll
O21 - SSODL: 14C25682 - {14C25682-4613-421F-B9E5-8D1538FD867D} - C:\WINDOWS\system32\hkcilmoi.dll
O21 - SSODL: 354CEB6C - {354CEB6C-78EF-412F-85CA-58BF62C6CC30} - C:\WINDOWS\system32\jlkcebmc.dll
O21 - SSODL: 211DBB08 - {211DBB08-ED35-4379-A965-9C22087F8C0A} - C:\WINDOWS\system32\ihhdbbgo.dll
O21 - SSODL: 7C12ED24 - {7C12ED24-8FDB-4D82-BD1D-1272D28CE53E} - C:\WINDOWS\system32\nchiedik.dll
O21 - SSODL: CDE60FDA - {CDE60FDA-927A-44E1-AD8B-C20D13610147} - C:\WINDOWS\system32\cdemgfda.dll
O21 - SSODL: 721D0A0B - {721D0A0B-90E0-42E2-97E5-CE94431BFBEA} - C:\WINDOWS\system32\nihdgagb.dll
O21 - SSODL: EC55B16C - {EC55B16C-FB41-47C5-82D8-9CD681F93BB7} - C:\WINDOWS\system32\ecllbhmc.dll
O21 - SSODL: DDAFC180 - {DDAFC180-E0F2-4732-9AAA-4FF2EF407C6B} - C:\WINDOWS\system32\ddafchog.dll
O21 - SSODL: 524FA7E3 - {524FA7E3-330D-4B4C-90B7-47A38D6AC07F} - C:\WINDOWS\system32\likfanej.dll
O21 - SSODL: 19764E16 - {19764E16-1C63-4594-B55A-923565FACF43} - C:\WINDOWS\system32\hpnmkehm.dll
O23 - Service: Securitoo AntiVirus (BackWeb Client - 174112) - Unknown owner - C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\System32\PSSDNSVC.EXE

Réponse 42 / 123

Utilisateur anonyme

Est ce que tu peux lancer la machine en mode sans echec ?

Réponse 43 / 123

ROSALLY Messages postés 80 Statut Membre

non tjrs pas de demarage sans echec

il redemarre normalement apres qlq seconde

Réponse 44 / 123

Utilisateur anonyme

Qu'est ce que la machine te dis ?

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 45 / 123

ROSALLY Messages postés 80 Statut Membre

apres le lancement, qlq recherche et apres il y a un message qui dit
un nouveau logicil ou matériel est responsable de cec probleme

il un compte a rebourre : qlq seconde apres il redemarre en mode normal

Réponse 46 / 123

ROSALLY Messages postés 80 Statut Membre

ci-après le rapport de ComboFix

ComboFix 09-02-21.01 - CKS Andre SNEYAERT 2009-02-24 1:11:10.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.894.400 [GMT 1:00]
Lancé depuis: c:\documents and settings\CKS Andre SNEYAERT\Bureau\Combo-Fix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\CKSAND~1\LOCALS~1\Temp\tmp2.tmp
c:\program files\bccd.pif
c:\program files\Fichiers communs\PushWare
c:\program files\Fichiers communs\PushWare\cpush0.dll
c:\program files\Fichiers communs\PushWare\Uninst.exe
c:\program files\internet optimizer
c:\windows\Intel\baiduc.dll
c:\windows\KB611311.log
c:\windows\smss.exe
c:\windows\system32\16AF66EB.cfg
c:\windows\system32\16AF66EB.dll
c:\windows\system32\201476D0.cfg
c:\windows\system32\404Fix.exe
c:\windows\system32\4FBFD5A4.cfg
c:\windows\system32\4FBFD5A4.dll
c:\windows\system32\A1A6BC2E.cfg
c:\windows\system32\A1A6BC2E.dll
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\ali5fcd6.dll
c:\windows\system32\aliced9.dll
c:\windows\system32\alid580.dll
c:\windows\system32\alidafe.dll
c:\windows\system32\alidc56.dll
c:\windows\system32\alie00f.dll
c:\windows\system32\alie02e.dll
c:\windows\system32\alie3d8.dll
c:\windows\system32\alie3e7.dll
c:\windows\system32\alie52f.dll
c:\windows\system32\alie6a6.dll
c:\windows\system32\alif424.dll
c:\windows\system32\alif481.dll
c:\windows\system32\B4eocaps.SRG
c:\windows\system32\Com\Config.cfg
c:\windows\system32\DA63E650.cfg
c:\windows\system32\DA63E650.dll
c:\windows\system32\dadfln.dll
c:\windows\system32\drivers\acpidisk.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\drivers\pcidump.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\F65BDEC7.cfg
c:\windows\system32\F65BDEC7.dll
c:\windows\system32\gprmsgse.axz
c:\windows\system32\gscpx32r.det
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\killkb.dll
c:\windows\system32\mscpx32r.det
c:\windows\system32\o4Patch.exe
c:\windows\system32\Packet.dll
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\temp#01.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\WS2Fix.exe
c:\windows\TEMP\~my1.tmp
c:\windows\Temp\1002.exe
c:\windows\Temp\20090122.exe
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ACPIDISK
-------\Legacy_FCI
-------\Legacy_ICF
-------\Legacy_MEDIACENTER
-------\Legacy_NPF
-------\Legacy_ZG
-------\Service_acpidisk
-------\Service_aliimz
-------\Service_MediaCenter
-------\Service_npf

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-24 au 2009-02-24 ))))))))))))))))))))))))))))))))))))
.

2009-02-24 01:17 . 2009-02-24 01:17 35,564 --a------ c:\program files\bccd.pif
2009-02-23 16:50 . 2009-02-23 16:50 64,000 --a------ C:\WINDOWSupdate.dll
2009-02-23 16:50 . 2004-08-05 13:00 4,224 --a------ c:\windows\system32\drivers\beep.sys
2009-02-23 16:50 . 2004-08-05 13:00 4,224 --a--c--- c:\windows\system32\dllcache\beep.sys
2009-02-23 08:33 . 2009-02-23 08:33 13,352 --a------ c:\windows\system32\kdexe.exe
2009-02-22 14:24 . 2009-02-24 01:00 13,531 --a------ c:\windows\system32\waubfe.exe
2009-02-21 18:19 . 2009-02-21 18:19 132,096 --a------ c:\windows\winsscoo.exe
2009-02-21 18:19 . 2009-02-21 18:19 21,248 --a------ c:\windows\system32\drivers\winyyy.sys
2009-02-21 10:35 . 2009-02-21 10:35 13,976 --ahs---- c:\windows\system32\1957817A.dll
2009-02-21 10:35 . 2009-02-21 10:35 300 --ahs---- c:\windows\system32\1957817A.cfg
2009-02-21 00:31 . 2009-02-21 00:31 13,352 --a------ c:\windows\system32\zxexe.exe
2009-02-21 00:30 . 2009-02-21 00:30 13,926 --ahs---- c:\windows\system32\198FF3D8.dll
2009-02-21 00:30 . 2009-02-21 00:30 200 --ahs---- c:\windows\system32\198FF3D8.cfg
2009-02-21 00:27 . 2009-02-21 00:27 16,632 --a------ c:\windows\system32\msexe.exe
2009-02-21 00:27 . 2009-02-24 01:16 1,249 --a------ c:\windows\system32\asdfasdf
2009-02-21 00:01 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-21 00:00 . 2009-02-21 00:01 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-21 00:00 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-20 23:13 . 2009-02-20 23:13 396,288 --a------ c:\windows\HijackThis.exe
2009-02-20 22:23 . 2009-02-20 23:00 <REP> d-------- C:\ToolBar SD
2009-02-20 21:43 . 2009-02-20 21:43 16,656 --a------ C:\mbam-log-2009-02-20 (21-42-58)VIRUS
2009-02-20 19:50 . 2009-02-20 19:50 15,069 --a------ c:\windows\system32\telechargement-159-hijackthis.htm
2009-02-20 19:04 . 2009-02-20 19:04 <REP> d-------- c:\program files\MediaChannel
2009-02-20 16:08 . 2009-02-20 16:08 <REP> d-------- c:\documents and settings\CKS Andre SNEYAERT\Application Data\Malwarebytes
2009-02-20 16:08 . 2009-02-20 16:08 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-20 13:11 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\system32\mfc71.dll
2009-02-20 13:01 . 2009-02-20 13:01 520,052 --a------ c:\windows\system32\mfc71.7z
2009-02-20 12:55 . 2009-02-20 13:00 <REP> d-------- c:\windows\system32\mfc71
2009-02-20 12:01 . 2009-02-20 12:02 514,940 -rah----- c:\windows\system32\mfc71.zip
2009-02-20 11:45 . 2009-02-20 11:45 1,678,248 --a------ c:\windows\system32\registryboosterppcg15.exe
2009-02-20 11:31 . 2009-02-20 11:31 <REP> d-------- c:\documents and settings\CKS Andre SNEYAERT\Application Data\Uniblue
2009-02-20 09:11 . 2009-02-21 22:41 13,531 --a------ c:\windows\system32\wauafe.exe
2009-02-20 09:10 . 2009-02-20 14:56 19,456 --a------ c:\windows\system32\dfln.dll
2009-02-19 18:50 . <REP> c:\windows\$WIND$
2009-02-19 18:50 . 2009-02-19 18:50 2 --a------ c:\windows\sysinfo.tmp
2009-02-19 18:45 . 2009-02-20 22:16 <REP> d-------- c:\program files\Goto Software
2009-02-19 18:45 . 2009-02-20 22:16 <REP> d-------- c:\program files\Fichiers communs\Goto Software
2009-02-19 18:45 . 2009-02-19 18:45 <REP> d-------- c:\documents and settings\CKS Andre SNEYAERT\Application Data\VadeRetro
2009-02-19 18:45 . 2009-02-20 22:16 <REP> d-------- c:\documents and settings\All Users\Application Data\VadeRetro
2009-02-19 16:43 . <REP> c:\windows\WinShell
2009-02-19 16:43 . 2009-02-19 16:43 36,864 --a------ c:\windows\system\rund1132.exe
2009-02-19 07:28 . 2009-02-19 23:56 13,531 --a------ c:\windows\system32\waunafe.exe
2009-02-19 07:27 . 2009-02-19 23:13 19,456 --a------ c:\windows\system32\dafln.dll
2009-02-18 19:42 . 2009-02-18 19:42 31,232 --a------ C:\Relevé de compte LAW YAT au 31.12.2008.doc
2009-02-18 18:15 . 2009-02-18 18:15 386,560 ----s---- c:\windows\system32\MSPolicyAgent.dll
2009-02-18 18:15 . 2009-02-18 18:15 6 --a------ c:\windows\system32\types.tmp
2009-02-18 16:12 . 2009-02-18 21:31 13,531 --a------ c:\windows\system32\waumafe.exe
2009-02-18 07:55 . 2009-02-18 11:05 13,531 --a------ c:\windows\system32\waulafe.exe
2009-02-18 07:54 . 2009-02-18 07:54 18,944 --a------ c:\windows\system32\fasadf.dll
2009-02-17 15:03 . 2009-02-24 00:59 24,278 --a------ c:\windows\system32\somspring.dat
2009-02-17 15:03 . 2009-02-24 01:14 401 --a------ c:\windows\system32\romarshal.dat
2009-02-17 14:56 . 2009-02-04 07:58 121,476 --a------ c:\windows\system32\drivers\pnpmem.sys
2009-02-17 14:56 . 2009-02-17 14:56 32 --a------ c:\windows\system32\ormsgse.axz
2009-02-17 14:47 . 2009-02-24 01:11 <REP> d-------- c:\windows\Intel
2009-02-17 14:47 . 2009-02-17 14:47 13,531 --a------ c:\windows\system32\waukafe.exe
2009-02-17 14:46 . 2009-02-17 14:46 19,456 --a------ c:\windows\system32\flzaitian.dll
2009-02-17 14:46 . 2009-02-24 01:17 141 --a------ c:\windows\system32\exlds.ini
2009-02-17 14:45 . 2008-04-14 03:33 19,968 --a--c--- c:\windows\system32\dllcache\linkinfo.dll
2009-02-07 23:10 . 2009-02-07 23:10 170,496 --a------ C:\FINE CRUSH LTD.doc
2009-02-02 21:59 . 2009-02-02 21:59 66,048 --a------ C:\Proposition APOLLO pour Ile MAURICE.doc
2009-02-02 17:57 . 2009-02-02 17:57 48,640 --a------ C:\Clients Ile MAURICE.doc
2009-02-02 12:23 . 2009-02-05 11:49 25,088 --a------ C:\A T T E S T A T I O N Impotsssssssssss.doc
2009-02-02 10:47 . 2009-02-02 10:47 30,720 --a------ C:\A T T E S T A T I O N - I m p o t s.doc
2009-01-31 13:51 . 2009-01-31 20:37 26,624 --a------ C:\Demande prolongation stage.doc
2009-01-27 10:10 . 2009-01-27 11:00 32,256 --a------ C:\Courrier André SNEYAERT.doc

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 00:17 --------- d-----w c:\program files\Wanadoo
2009-02-24 00:16 --------- d-----w c:\documents and settings\CKS Andre SNEYAERT\Application Data\Skype
2009-02-24 00:15 247,296 --sha-w c:\windows\smss.exe
2009-02-23 22:43 431,922 ----a-w c:\program files\HJTInstall.7z
2009-02-23 15:50 3 ----a-w c:\windows\system32\drivers\52438666.txt
2009-02-23 15:33 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-20 16:26 --------- d-----w c:\program files\cacmchc
2009-02-18 18:10 --------- d-----w c:\program files\Google
2009-02-15 16:18 13,317 ----a-w c:\program files\Fichiers communs\qybabiqylo.dl
2009-01-28 19:06 15,445 ----a-w c:\program files\Fichiers communs\vexomigaga._sy
2009-01-23 20:27 15,310 ----a-w c:\program files\Fichiers communs\vodeqet.ban
2009-01-23 20:21 --------- d-----w c:\documents and settings\All Users\Application Data\288537758
2009-01-21 19:07 --------- d-----w c:\program files\EnveloppesEditor1.09
2009-01-21 16:56 --------- d-----w c:\documents and settings\CKS Andre SNEYAERT\Application Data\PC-FAX TX
2009-01-17 14:20 32,768 ----a-w c:\windows\system32\drivers\ati4twxx.sys
2009-01-17 14:02 137,664 ----a-w c:\windows\system32\drivers\ethcjxre.sys
2009-01-16 17:15 137,664 ----a-w c:\windows\system32\drivers\adiusbaw.sys
2008-09-22 09:52 85,504 ----a-w c:\documents and settings\CKS Andre SNEYAERT\Application Data\GDIPFONTCACHEV1.DAT
2008-09-04 14:43 1,940 ----a-w c:\documents and settings\CKS Andre SNEYAERT\Application Data\ViewerApp.dat
2009-02-19 15:43 159,744 ----a-w c:\program files\internet explorer\plugins\icwres.dll
2008-09-27 10:02 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-04-14 02:33 23,368 --sh--w c:\windows\system32\alimoto32.exe
2004-08-17 19:00 74,752 --sh--w c:\windows\system32\RamrtwC.dll
.

------- Sigcheck -------

2004-08-05 13:00 15360 5584247b568c2e53934873f4b655fe6a c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 03:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-14 03:33 15360 9bc8230dda8e37e375a5a9aa551a8f76 c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}]
2009-02-10 04:30 196608 --a------ c:\program files\Fichiers communs\PushWare\cpush.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{296AB8C6-FB22-4D17-8834-064E2BA0A6F0}]
2009-03-09 04:43 155648 -ra------ c:\windows\Intel\baiduc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{489873CE-F3E1-44A3-8E89-04BE26BE4446}]
2009-02-10 05:14 193912 --a------ c:\program files\Internet Explorer\IETimber\IETimber.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5419706F-9AD1-49BB-A91F-EE6B62E2881E}]
2009-02-22 15:11 70789 --ahs---- c:\program files\Internet Explorer\PowerJo.ase

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{912F6837-CCB6-424B-BC9C-8BB5541AFB54}]
2009-02-24 01:06 70789 --ahs---- c:\program files\Internet Explorer\PowerJv.ask

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"Livecom"="c:\progra~1\Livecom\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" [2006-02-23 237568]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-02-09 25388584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 68856]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 204863]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fenaffiche"="c:\program files\FenAffiche\FenUnika.exe" [2004-07-23 36864]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Microsoft Works Update Detection"="c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 28672]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2003-10-13 184320]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-27 29744]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"NavvyUp"="c:\program files\MediaChannel\Navvy 5.2\NavvyUp.exe" [2009-02-12 49152]
"msexe.exe"="c:\windows\system32\msexe.exe" [2009-02-21 16632]
"zxexe.exe"="c:\windows\system32\zxexe.exe" [2009-02-21 13352]
"kdexe.exe"="c:\windows\system32\kdexe.exe" [2009-02-23 13352]
"SiSPower"="SiSPower.dll" [2005-04-12 c:\windows\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2005-03-24 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9d.exe" [2007-06-11 190696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"svchstt"="c:\docume~1\CKSAND~1\LOCALS~1\Temp\502514" [X]
"360safe"="c:\windows\Fonts\wuauclt.exe" [2009-02-23 19968]

c:\documents and settings\CKS Andre SNEYAERT\Menu D‚marrer\Programmes\D‚marrage\
Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-07-19 385024]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-04-28 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-04-28 106496]
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2007-04-20 835584]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{8D025D9E-A5AC-49DB-968D-1F2A3C030840}"= "c:\windows\system32\odgildpe.dll" [2008-08-14 249856]
"{5419706F-9AD1-49BB-A91F-EE6B62E2881E}"= "c:\program files\Internet Explorer\PowerJo.ase" [2009-02-22 70789]
"{EB1952AD-75E8-4E4E-B626-2C415DA35709}"= "c:\windows\system32\ebhpliad.dll" [2008-08-14 30208]
"{186E0D94-F863-43EF-9B43-38DAC43C064B}"= "c:\windows\system32\homegdpk.dll" [2008-08-14 30720]
"{C8C40DDC-9B46-4266-BA0B-5AF248442C3B}"= "c:\windows\system32\cockgddc.dll" [2008-08-14 245760]
"{912F6837-CCB6-424B-BC9C-8BB5541AFB54}"= "c:\program files\Internet Explorer\PowerJv.ask" [2009-02-24 70789]
"{83D7757F-4582-4300-9F03-C3D1A544A9D0}"= "c:\windows\system32\ojdnnlnf.dll" [2008-08-14 245760]
"{A5D82254-2505-417B-BAFF-37A20BC2FFD3}"= "c:\windows\system32\aldoiilk.dll" [2008-08-14 45056]
"{1E2FEAD8-3897-4A01-BD3B-098693626973}"= "c:\windows\system32\heifeado.dll" [2008-08-14 45056]
"{A6B283F7-EAC4-4110-ACAA-A2D0B85466B7}"= "c:\windows\system32\ambiojfn.dll" [2008-08-14 45056]
"{4D4DFE57-FF9C-4ADB-86BA-4C8733E53A71}"= "c:\windows\system32\kdkdfeln.dll" [2008-08-14 65536]
"{88ADD287-BA8E-49E4-A36E-A46F3AABA9F1}"= "c:\windows\system32\ooaddion.dll" [2008-08-14 34304]
"{7DAE50F5-6A99-4454-BED4-5A99C5013A05}"= "c:\windows\system32\ndaelgfl.dll" [2008-08-14 40960]
"{CCBF2CF2-E157-495C-BBA3-658B5B04ADA7}"= "c:\windows\system32\ccbficfi.dll" [2008-08-14 37376]
"{0A3D97EC-5C2D-4C5A-B6C9-DF0DC337072E}"= "c:\windows\system32\gajdpnec.dll" [2008-08-14 34816]
"{24DA96C6-3E20-4D04-8262-4F04219702BF}"= "c:\windows\system32\ikdapmcm.dll" [2008-08-14 40960]
"{DBF429BD-3780-44EA-8F03-E9837B1CCF85}"= "c:\windows\system32\dbfkipbd.dll" [2008-08-14 28672]
"{80C6FDAF-FB37-4002-96A4-AD30EFBCC2A8}"= "c:\windows\system32\ogcmfdaf.dll" [2008-08-14 229376]
"{54474074-C37C-44F2-BE8E-55B2AAE427C6}"= "c:\windows\system32\lkknkgnk.dll" [2008-08-14 40960]
"{4FF880AC-3036-42AF-88C2-365BA6CA00C5}"= "c:\windows\system32\kffoogac.dll" [2008-08-14 32256]
"{A48541C4-558A-4B47-B672-43E1955CEF96}"= "c:\windows\system32\akolkhck.dll" [2008-08-14 249856]
"{88359C2B-7363-46A8-9F92-E2C3D458DF66}"= "c:\windows\system32\oojlpcib.dll" [2008-08-14 40960]
"{E839C197-380B-4F2A-8C2B-98A9284BE790}"= "c:\windows\system32\eojpchpn.dll" [2008-08-14 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"8D025D9E"= {8D025D9E-A5AC-49DB-968D-1F2A3C030840} - c:\windows\system32\odgildpe.dll [2008-08-14 249856]
"EB1952AD"= {EB1952AD-75E8-4E4E-B626-2C415DA35709} - c:\windows\system32\ebhpliad.dll [2008-08-14 30208]
"186E0D94"= {186E0D94-F863-43EF-9B43-38DAC43C064B} - c:\windows\system32\homegdpk.dll [2008-08-14 30720]
"C8C40DDC"= {C8C40DDC-9B46-4266-BA0B-5AF248442C3B} - c:\windows\system32\cockgddc.dll [2008-08-14 245760]
"83D7757F"= {83D7757F-4582-4300-9F03-C3D1A544A9D0} - c:\windows\system32\ojdnnlnf.dll [2008-08-14 245760]
"A5D82254"= {A5D82254-2505-417B-BAFF-37A20BC2FFD3} - c:\windows\system32\aldoiilk.dll [2008-08-14 45056]
"1E2FEAD8"= {1E2FEAD8-3897-4A01-BD3B-098693626973} - c:\windows\system32\heifeado.dll [2008-08-14 45056]
"A6B283F7"= {A6B283F7-EAC4-4110-ACAA-A2D0B85466B7} - c:\windows\system32\ambiojfn.dll [2008-08-14 45056]
"4D4DFE57"= {4D4DFE57-FF9C-4ADB-86BA-4C8733E53A71} - c:\windows\system32\kdkdfeln.dll [2008-08-14 65536]
"88ADD287"= {88ADD287-BA8E-49E4-A36E-A46F3AABA9F1} - c:\windows\system32\ooaddion.dll [2008-08-14 34304]
"7DAE50F5"= {7DAE50F5-6A99-4454-BED4-5A99C5013A05} - c:\windows\system32\ndaelgfl.dll [2008-08-14 40960]
"CCBF2CF2"= {CCBF2CF2-E157-495C-BBA3-658B5B04ADA7} - c:\windows\system32\ccbficfi.dll [2008-08-14 37376]
"0A3D97EC"= {0A3D97EC-5C2D-4C5A-B6C9-DF0DC337072E} - c:\windows\system32\gajdpnec.dll [2008-08-14 34816]
"24DA96C6"= {24DA96C6-3E20-4D04-8262-4F04219702BF} - c:\windows\system32\ikdapmcm.dll [2008-08-14 40960]
"DBF429BD"= {DBF429BD-3780-44EA-8F03-E9837B1CCF85} - c:\windows\system32\dbfkipbd.dll [2008-08-14 28672]
"80C6FDAF"= {80C6FDAF-FB37-4002-96A4-AD30EFBCC2A8} - c:\windows\system32\ogcmfdaf.dll [2008-08-14 229376]
"54474074"= {54474074-C37C-44F2-BE8E-55B2AAE427C6} - c:\windows\system32\lkknkgnk.dll [2008-08-14 40960]
"4FF880AC"= {4FF880AC-3036-42AF-88C2-365BA6CA00C5} - c:\windows\system32\kffoogac.dll [2008-08-14 32256]
"A48541C4"= {A48541C4-558A-4B47-B672-43E1955CEF96} - c:\windows\system32\akolkhck.dll [2008-08-14 249856]
"88359C2B"= {88359C2B-7363-46A8-9F92-E2C3D458DF66} - c:\windows\system32\oojlpcib.dll [2008-08-14 40960]
"E839C197"= {E839C197-380B-4F2A-8C2B-98A9284BE790} - c:\windows\system32\eojpchpn.dll [2008-08-14 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,c:\windows\system\rund1132.exe,"

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=c:\windows\system\rund1132.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360rpt.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safe.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safebox.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360tray.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ANTIARP.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArSwp.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ast.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoRun.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoRunKiller.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvMonitor.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP.COM]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCenter.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Frameworkservice.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GFUpd.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GuardField.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\HijackThis.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IceSword.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Iparmor.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KASARP.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kav32.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVPFW.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavstart.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kissvc.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kmailmon.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPfwSvc.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRegEx.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonxp.KXP]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVSrvXP.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVWSC.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kwatch.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Mmsk.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Navapsvc.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32krn.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nod32kui.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFW.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQDoctor.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAV.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMon.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMonD.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ravservice.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavStub.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavTask.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAVTRAY.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Regedit.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwmain.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwProxy.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwsrv.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rfwstub.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsAgent.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rsaupd.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsMain.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rsnetsvr.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RSTray.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Runiep.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safeboxTray.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ScanFrm.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SREngLdr.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojanDetector.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Trojanwall.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojDie.KXP]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPC32.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPTRAY.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WOPTILITIES.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4twxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8quxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Livecom\\Application\\eConfv4\\livecomp.exe"=
"c:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=

R2 MSPolicyAgent;Microsoft IPsec Policy Agent;c:\windows\System32\svchost.exe -k MSPolicyAgent [2008-04-14 14336]
R2 pnpmem;pnpmem;c:\windows\system32\drivers\pnpmem.sys [2009-02-17 121476]
R2 WinSSCOM;COM+ Windows System;c:\windows\winsscoo.exe [2009-02-21 132096]
R3 MyProt;Network Monitor Protocol Driver;c:\windows\system32\drivers\winyyy.sys [2009-02-21 21248]
S0 ati4twxx;ati4twxx;c:\windows\system32\drivers\ati4twxx.sys [2008-12-16 32768]
S0 ati8quxx;ati8quxx;c:\windows\system32\drivers\ati8quxx.sys [2008-11-25 32768]
S1 ethcjxre;ethcjxre;c:\windows\system32\drivers\ethcjxre.sys [2009-01-17 137664]
S2 BackWeb Client - 174112;Securitoo AntiVirus;c:\progra~1\SECURI~1\174112\Program\SERVIC~1.EXE --> c:\progra~1\SECURI~1\174112\Program\SERVIC~1.EXE [?]
S3 alsk;alsk;\??\c:\windows\fonts\alsk.sys --> c:\windows\fonts\alsk.sys [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-11-21 29744]
S3 naks;naks;\??\c:\windows\fonts\naks.sys --> c:\windows\fonts\naks.sys [?]
S3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\drivers\P1120Vid.sys [2006-02-01 1252474]
S3 PsShutdownSvc;PsShutdown;c:\windows\system32\PSSDNSVC.EXE [2005-08-22 65536]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\drivers\WlanUZXP.sys [2007-04-20 260608]
S3 UPDATEDATA;UPDATEDATA;c:\windows\system32\drivers\acpiec.sys [2001-08-23 12032]
S3 ZDCndis5;ZDCndis5 Protocol Driver;c:\windows\system32\zdcndis5.sys [2009-01-16 137664]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - NPF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
MSPolicyAgent REG_MULTI_SZ MSPolicyAgent

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c3c2482-be0b-11dd-8d64-00142a50775a}]
\shell\explore\command - E:\CC.PIF
\shell\open\Command - E:\CC.PIF
.
Contenu du dossier 'Tâches planifiées'

2009-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 14:21]

2009-02-23 c:\windows\Tasks\At1.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At10.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At11.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At12.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At13.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At14.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At15.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At16.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At17.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At18.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At19.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-24 c:\windows\Tasks\At2.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At20.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At21.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At22.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At23.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At24.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At25.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-24 c:\windows\Tasks\At26.job
- c:\windows\system32\7f7lMNDh.exe []

2009-01-23 c:\windows\Tasks\At27.job
- c:\windows\system32\7f7lMNDh.exe []

2009-01-23 c:\windows\Tasks\At28.job
- c:\windows\system32\7f7lMNDh.exe []

2009-01-23 c:\windows\Tasks\At29.job
- c:\windows\system32\7f7lMNDh.exe []

2009-01-23 c:\windows\Tasks\At3.job
- c:\windows\system32\7f7lMNDh.exe []

2009-01-23 c:\windows\Tasks\At30.job
- c:\windows\system32\7f7lMNDh.exe []

2009-01-23 c:\windows\Tasks\At31.job
- c:\windows\system32\7f7lMNDh.exe []

2009-01-23 c:\windows\Tasks\At32.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-19 c:\windows\Tasks\At33.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At34.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At35.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At36.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At37.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At38.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At39.job
- c:\windows\system32\7f7lMNDh.exe []

2009-01-23 c:\windows\Tasks\At4.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At40.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At41.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At42.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At43.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At44.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At45.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At46.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At47.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At48.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At49.job
- c:\windows\system32\7f7lMNDh.exe []

2009-01-23 c:\windows\Tasks\At5.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-24 c:\windows\Tasks\At50.job
- c:\windows\system32\7f7lMNDh.exe []

2009-01-23 c:\windows\Tasks\At51.job
- c:\windows\system32\7f7lMNDh.exe []

2009-01-23 c:\windows\Tasks\At52.job
- c:\windows\system32\7f7lMNDh.exe []

2009-01-23 c:\windows\Tasks\At53.job
- c:\windows\system32\7f7lMNDh.exe []

2009-01-23 c:\windows\Tasks\At54.job
- c:\windows\system32\7f7lMNDh.exe []

2009-01-23 c:\windows\Tasks\At55.job
- c:\windows\system32\7f7lMNDh.exe []

2009-01-23 c:\windows\Tasks\At56.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-19 c:\windows\Tasks\At57.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At58.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At59.job
- c:\windows\system32\7f7lMNDh.exe []

2009-01-23 c:\windows\Tasks\At6.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At60.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At61.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At62.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At63.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At64.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At65.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At66.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At67.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At68.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At69.job
- c:\windows\system32\7f7lMNDh.exe []

2009-01-23 c:\windows\Tasks\At7.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At70.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At71.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At72.job
- c:\windows\system32\7f7lMNDh.exe []

2009-01-23 c:\windows\Tasks\At8.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-19 c:\windows\Tasks\At9.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-23 15:32]

2009-02-23 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-cmdhlpadm - c:\windows\system32\vkvadezy.exe
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKLM-Run-IST Service - c:\program files\ISTsvc\istsvc.exe
HKLM-Run-OaZeC - c:\windows\hxyjlul.exe
HKLM-Run-Internet Optimizer - c:\program files\Internet Optimizer\optimize.exe
HKLM-Run-Á³# Lh'þ9Óœð3rÅWc:\program files\ISTsvc\istsvc.exe - c:\windows\hxyjlul.exe
HKLM-Run-Yhyjczvn - c:\program files\Xkljec\Bsnub.exe
HKLM-Run-farstone - (no file)
HKLM-Explorer_Run-user - c:\windows\WinShell..\daemon.exe
ShellExecuteHooks-{198FF3D8-56F1-466B-A36F-F9C28B43E440} - 198FF3D8.dll
ShellExecuteHooks-{1957817A-94B2-4CAC-B113-A331809B5730} - 1957817A.dll
Notify-xrkfgusi - xrkfgusi32.dll

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://luck114.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
FF - ProfilePath - c:\documents and settings\CKS Andre SNEYAERT\Application Data\Mozilla\Firefox\Profiles\h6n3nsr0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-24 01:16:23
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
user = c:\windows\WinShell..\daemon.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Recherche de fichiers cachés ...

c:\windows\system32\wpcap.dll 240496 bytes executable
c:\windows\system32\Packet.dll 88952 bytes executable
c:\windows\system32\WanPacket.dll 68480 bytes executable

Scan terminé avec succès
Fichiers cachés: 3

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Á³# L\"h'þ9Óœð3rÅWc:\\Program Files\\ISTsvc\\istsvc.exe"="c:\\WINDOWS\\hxyjlul.exe"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\syslib .dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\WinShell.\daemon.exe
c:\windows\smss.exe
c:\progra~1\Wanadoo\TaskBarIcon.exe
c:\windows\Fonts\TIMPIatform.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
c:\progra~1\Wanadoo\EspaceWanadoo.exe
c:\progra~1\Wanadoo\ComComp.exe
c:\progra~1\Wanadoo\Toaster.exe
c:\progra~1\Wanadoo\Inactivity.exe
c:\progra~1\Wanadoo\PollingModule.exe
c:\program files\MediaChannel\Navvy 5.2\NavvyMan.exe
c:\windows\system32\ALERTM~1\ALERTM~1.EXE
c:\windows\system32\dwwin.exe
c:\windows\system32\dwwin.exe
c:\windows\system32\waubfe.exe
.
**************************************************************************
.
Heure de fin: 2009-02-24 1:24:38 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-02-24 00:24:35

Avant-CF: 153 155 641 344 octets libres
Après-CF: 154,490,363,904 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

704 --- E O F --- 2009-02-11 20:24:11

Réponse 47 / 123

Utilisateur anonyme

Refais moi un rapport HiJackthis STP

Réponse 48 / 123

ROSALLY Messages postés 80 Statut Membre

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:36:01, on 24/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system\rund1132.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\winsscoo.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system\rund1132.exe
C:\WINDOWS\WinShell.\daemon.exe
C:\WINDOWS\smss.exe
C:\WINDOWS\Fonts\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\Fonts\TIMPIatform.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MediaChannel\Navvy 5.2\NavvyMan.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\system32\waubfe.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\waubfe.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\Fichiers Internet temporaires\Content.IE5\KCH0MI48\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://luck114.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F3 - REG:win.ini: load=C:\WINDOWS\system\rund1132.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system\rund1132.exe,
O1 - Hosts: 127.0.0.2 ymsdasdw1.cn
O1 - Hosts: 127.0.0.3 h96b.info
O1 - Hosts: 127.0.0.0 fuck.zttwp.cn
O1 - Hosts: 127.0.0.0 www.hackerbf.cn
O1 - Hosts: 127.0.0.0 ww.popdm.cn
O1 - Hosts: 127.1.1.1 bbt.etimes888.com
O1 - Hosts: 127.0.0.0 zzz.2008wyt.net
O1 - Hosts: 127.1.1.1 999.2005wyt.com
O1 - Hosts: 127.1.1.1 219.147.13.53
O1 - Hosts: 127.1.1.1 dl.360safe.com
O1 - Hosts: 127.1.1.1 20068080.cn
O1 - Hosts: 127.1.1.1 l.neter888.cn
O1 - Hosts: 127.1.1.1 stat.untang.com
O1 - Hosts: 127.1.1.1 www.ikdy.cn
O1 - Hosts: 127.0.0.0 geekbyfeng.cn
O1 - Hosts: 127.0.0.0 121.14.101.68
O1 - Hosts: 127.0.0.0 ppp.etimes888.com
O1 - Hosts: 127.0.0.0 www.bypk.com
O1 - Hosts: 127.0.0.0 CSC3-2004-crl.verisign.com
O1 - Hosts: 127.0.0.0 udp.hjob123.com
O1 - Hosts: 127.1.1.1 999.hfdy2828.com
O1 - Hosts: 127.1.1.1 www.hfdy2929.com
O1 - Hosts: 127.1.1.1 www.xiazaide1.cn
O1 - Hosts: 127.1.1.1 www.vuf51579.cn
O1 - Hosts: 127.1.1.1 wm.eo2q.cn
O1 - Hosts: 127.1.1.1 d.www-263.com
O1 - Hosts: 127.1.1.1 www.ssy1688.cn
O1 - Hosts: 127.1.1.1 121.12.173.218
O1 - Hosts: 127.1.1.1 qq.18i16.net
O1 - Hosts: 127.1.1.1 a.baidu-6661.com
O1 - Hosts: 127.1.1.1 www.vuf51579.cn
O1 - Hosts: 127.1.1.1 www.1079223105.cn
O1 - Hosts: 127.1.1.1 home.xzx6.cn
O1 - Hosts: 127.1.1.1 top.fgc3.cn
O1 - Hosts: 127.1.1.1 165.246.44.228
O1 - Hosts: 127.1.1.1 wwww.ttfafa.com
O1 - Hosts: 127.1.1.1 pa.tt-09.com
O1 - Hosts: 127.0.0.2 bnasnd83nd.cn
O1 - Hosts: 127.0.0.0 www.gamehacker.com.cn
O1 - Hosts: 127.0.0.0 gamehacker.com.cn
O1 - Hosts: 127.1.1.1 www.cctv-100008.cn
O1 - Hosts: 127.1.1.1 222.73.208.141
O1 - Hosts: 127.0.0.3 adlaji.cn
O1 - Hosts: 127.1.1.1 aiyyw.com
O1 - Hosts: 127.1.1.1 bnasnd83nd.cn
O1 - Hosts: 127.0.0.0 user1.12-27.net
O1 - Hosts: 127.0.0.0 fengent.cn
O1 - Hosts: 127.0.0.0 www.sony888.cn
O1 - Hosts: 127.0.0.0 user1.asp-33.cn
O1 - Hosts: 127.0.0.0 www.netkwek.cn
O1 - Hosts: 127.0.0.0 ymsdkad6.cn
O1 - Hosts: 127.0.0.0 www.lkwueir.cn
O1 - Hosts: 127.0.1.1 user1.23-17.net
O1 - Hosts: 127.0.0.0 upa.luzhiai.net
O1 - Hosts: 127.0.0.0 www.guccia.net
O1 - Hosts: 127.0.0.0 4m9mnlmi.cn
O1 - Hosts: 127.0.0.0 mm119mkssd.cn
O1 - Hosts: 127.0.0.0 61.128.171.115:8080
O1 - Hosts: 127.0.0.0 www.1119111.com
O1 - Hosts: 127.0.0.0 win.nihao69.cn
O1 - Hosts: 127.0.0.0 puc.lianxiac.net
O1 - Hosts: 127.0.0.0 pud.lianxiac.net
O1 - Hosts: 127.0.0.0 210.76.0.133
O1 - Hosts: 127.0.0.0 61.166.32.2
O1 - Hosts: 127.0.0.0 218.92.186.27
O1 - Hosts: 127.0.0.0 www.fsfsfag.cn
O1 - Hosts: 127.0.0.0 ovo.ovovov.cn
O1 - Hosts: 127.0.0.0 dw.com.com
O1 - Hosts: 127.0.0.0 t.myblank.cn
O1 - Hosts: 127.0.0.0 x.myblank.cn
O1 - Hosts: 127.0.0.0 qq-xing.com.cn
O1 - Hosts: 127.0.0.0 59.125.231.177:17777
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\PushWare\cpush0.dll
O2 - BHO: Info cache - {296AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\WINDOWS\Intel\baiduc.dll
O2 - BHO: IETimber - {489873CE-F3E1-44A3-8E89-04BE26BE4446} - C:\Program Files\Internet Explorer\IETimber\IETimber.dll
O2 - BHO: (no name) - {5419706F-9AD1-49BB-A91F-EE6B62E2881E} - C:\Program Files\Internet Explorer\PowerJo.ase
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {912F6837-CCB6-424B-BC9C-8BB5541AFB54} - C:\Program Files\Internet Explorer\PowerJv.ask
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Rankey Toolbar(&N) - {C4672F26-5862-40FE-94B8-7B35285DAF82} - C:\Program Files\MediaChannel\Navvy 5.2\NavvyTB.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Rankey Toolbar(&N) - {C4672F26-5862-40FE-94B8-7B35285DAF82} - C:\Program Files\MediaChannel\Navvy 5.2\NavvyTB.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\FenUnika.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Á³# L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hxyjlul.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NavvyUp] C:\Program Files\MediaChannel\Navvy 5.2\NavvyUp.exe
O4 - HKLM\..\Run: [msexe.exe] C:\WINDOWS\system32\msexe.exe
O4 - HKLM\..\Run: [zxexe.exe] C:\WINDOWS\system32\zxexe.exe
O4 - HKLM\..\Run: [kdexe.exe] C:\WINDOWS\system32\kdexe.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [Livecom] "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [svchstt] C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\502514
O4 - HKLM\..\Policies\Explorer\Run: [360safe] C:\WINDOWS\Fonts\wuauclt.exe
O4 - HKLM\..\Policies\Explorer\Run: [user] C:\WINDOWS\WinShell..\daemon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: akolkhck.dll,kffoogac.dll,lkknkgnk.dll,ogcmfdaf.dll,dbfkipbd.dll,ikdapmcm.dll,gajdpnec.dll,ccbficfi.dll,ndaelgfl.dll,ooaddion.dll,kdkdfeln.dll,heifeado.dll,aldoiilk.dll,ojdnnlnf.dll,cockgddc.dll,homegdpk.dll,ebhpliad.dll,odgildpe.dll,oojlpcib.dll,eojpchpn.dll
O21 - SSODL: 8D025D9E - {8D025D9E-A5AC-49DB-968D-1F2A3C030840} - C:\WINDOWS\system32\odgildpe.dll
O21 - SSODL: EB1952AD - {EB1952AD-75E8-4E4E-B626-2C415DA35709} - C:\WINDOWS\system32\ebhpliad.dll
O21 - SSODL: 186E0D94 - {186E0D94-F863-43EF-9B43-38DAC43C064B} - C:\WINDOWS\system32\homegdpk.dll
O21 - SSODL: C8C40DDC - {C8C40DDC-9B46-4266-BA0B-5AF248442C3B} - C:\WINDOWS\system32\cockgddc.dll
O21 - SSODL: 83D7757F - {83D7757F-4582-4300-9F03-C3D1A544A9D0} - C:\WINDOWS\system32\ojdnnlnf.dll
O21 - SSODL: A5D82254 - {A5D82254-2505-417B-BAFF-37A20BC2FFD3} - C:\WINDOWS\system32\aldoiilk.dll
O21 - SSODL: 1E2FEAD8 - {1E2FEAD8-3897-4A01-BD3B-098693626973} - C:\WINDOWS\system32\heifeado.dll
O21 - SSODL: A6B283F7 - {A6B283F7-EAC4-4110-ACAA-A2D0B85466B7} - C:\WINDOWS\system32\ambiojfn.dll
O21 - SSODL: 4D4DFE57 - {4D4DFE57-FF9C-4ADB-86BA-4C8733E53A71} - C:\WINDOWS\system32\kdkdfeln.dll
O21 - SSODL: 88ADD287 - {88ADD287-BA8E-49E4-A36E-A46F3AABA9F1} - C:\WINDOWS\system32\ooaddion.dll
O21 - SSODL: 7DAE50F5 - {7DAE50F5-6A99-4454-BED4-5A99C5013A05} - C:\WINDOWS\system32\ndaelgfl.dll
O21 - SSODL: CCBF2CF2 - {CCBF2CF2-E157-495C-BBA3-658B5B04ADA7} - C:\WINDOWS\system32\ccbficfi.dll
O21 - SSODL: 0A3D97EC - {0A3D97EC-5C2D-4C5A-B6C9-DF0DC337072E} - C:\WINDOWS\system32\gajdpnec.dll
O21 - SSODL: 24DA96C6 - {24DA96C6-3E20-4D04-8262-4F04219702BF} - C:\WINDOWS\system32\ikdapmcm.dll
O21 - SSODL: DBF429BD - {DBF429BD-3780-44EA-8F03-E9837B1CCF85} - C:\WINDOWS\system32\dbfkipbd.dll
O21 - SSODL: 80C6FDAF - {80C6FDAF-FB37-4002-96A4-AD30EFBCC2A8} - C:\WINDOWS\system32\ogcmfdaf.dll
O21 - SSODL: 54474074 - {54474074-C37C-44F2-BE8E-55B2AAE427C6} - C:\WINDOWS\system32\lkknkgnk.dll
O21 - SSODL: 4FF880AC - {4FF880AC-3036-42AF-88C2-365BA6CA00C5} - C:\WINDOWS\system32\kffoogac.dll
O21 - SSODL: A48541C4 - {A48541C4-558A-4B47-B672-43E1955CEF96} - C:\WINDOWS\system32\akolkhck.dll
O21 - SSODL: 88359C2B - {88359C2B-7363-46A8-9F92-E2C3D458DF66} - C:\WINDOWS\system32\oojlpcib.dll
O21 - SSODL: E839C197 - {E839C197-380B-4F2A-8C2B-98A9284BE790} - C:\WINDOWS\system32\eojpchpn.dll
O23 - Service: Securitoo AntiVirus (BackWeb Client - 174112) - Unknown owner - C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\System32\PSSDNSVC.EXE

Réponse 49 / 123

ROSALLY Messages postés 80 Statut Membre

c'est fait
mais je n'ai pas de rapport à te transmettre

Réponse 50 / 123

Utilisateur anonyme

Refait la même manipulation avec combofix

Poste le rapport

Relance la machine (si combofix ne l'a pas fait) et remet un rapport HiJackthis.

Réponse 51 / 123

ROSALLY Messages postés 80 Statut Membre

ComboFix 09-02-21.01 - CKS Andre SNEYAERT 2009-02-24 1:53:46.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.894.493 [GMT 1:00]
Lancé depuis: c:\documents and settings\CKS Andre SNEYAERT\Bureau\Combo-Fix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\bccd.pif
c:\program files\Fichiers communs\PushWare
c:\program files\Fichiers communs\PushWare\cpush0.dll
c:\program files\Fichiers communs\PushWare\Uninst.exe
c:\windows\Intel\baiduc.dll
c:\windows\system32\B4eocaps.SRG
c:\windows\system32\drivers\acpidisk.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\gprmsgse.axz
c:\windows\system32\gscpx32r.det
c:\windows\system32\mprmsgse.axz
c:\windows\system32\mscpx32r.det
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ACPIDISK
-------\Legacy_NPF
-------\Service_acpidisk

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-24 au 2009-02-24 ))))))))))))))))))))))))))))))))))))
.

2009-02-24 01:58 . 2009-02-24 01:58 35,564 --a------ c:\program files\bccd.pif
2009-02-24 01:56 . 2009-02-24 01:56 247,296 --ahs---- c:\windows\smss.exe
2009-02-23 16:50 . 2009-02-23 16:50 64,000 --a------ C:\WINDOWSupdate.dll
2009-02-23 16:50 . 2004-08-05 13:00 4,224 --a------ c:\windows\system32\drivers\beep.sys
2009-02-23 16:50 . 2004-08-05 13:00 4,224 --a--c--- c:\windows\system32\dllcache\beep.sys
2009-02-23 08:33 . 2009-02-23 08:33 13,352 --a------ c:\windows\system32\kdexe.exe
2009-02-22 14:24 . 2009-02-24 01:18 13,531 --a------ c:\windows\system32\waubfe.exe
2009-02-21 18:19 . 2009-02-21 18:19 132,096 --a------ c:\windows\winsscoo.exe
2009-02-21 18:19 . 2009-02-21 18:19 21,248 --a------ c:\windows\system32\drivers\winyyy.sys
2009-02-21 10:35 . 2009-02-21 10:35 13,976 --ahs---- c:\windows\system32\1957817A.dll
2009-02-21 10:35 . 2009-02-21 10:35 300 --ahs---- c:\windows\system32\1957817A.cfg
2009-02-21 00:31 . 2009-02-21 00:31 13,352 --a------ c:\windows\system32\zxexe.exe
2009-02-21 00:30 . 2009-02-21 00:30 13,926 --ahs---- c:\windows\system32\198FF3D8.dll
2009-02-21 00:30 . 2009-02-21 00:30 200 --ahs---- c:\windows\system32\198FF3D8.cfg
2009-02-21 00:27 . 2009-02-21 00:27 16,632 --a------ c:\windows\system32\msexe.exe
2009-02-21 00:27 . 2009-02-24 01:57 1,249 --a------ c:\windows\system32\asdfasdf
2009-02-21 00:01 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-21 00:00 . 2009-02-21 00:01 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-21 00:00 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-20 23:13 . 2009-02-20 23:13 396,288 --a------ c:\windows\HijackThis.exe
2009-02-20 22:23 . 2009-02-20 23:00 <REP> d-------- C:\ToolBar SD
2009-02-20 21:43 . 2009-02-20 21:43 16,656 --a------ C:\mbam-log-2009-02-20 (21-42-58)VIRUS
2009-02-20 19:50 . 2009-02-20 19:50 15,069 --a------ c:\windows\system32\telechargement-159-hijackthis.htm
2009-02-20 19:04 . 2009-02-20 19:04 <REP> d-------- c:\program files\MediaChannel
2009-02-20 16:08 . 2009-02-20 16:08 <REP> d-------- c:\documents and settings\CKS Andre SNEYAERT\Application Data\Malwarebytes
2009-02-20 16:08 . 2009-02-20 16:08 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-20 13:11 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\system32\mfc71.dll
2009-02-20 13:01 . 2009-02-20 13:01 520,052 --a------ c:\windows\system32\mfc71.7z
2009-02-20 12:55 . 2009-02-20 13:00 <REP> d-------- c:\windows\system32\mfc71
2009-02-20 12:01 . 2009-02-20 12:02 514,940 -rah----- c:\windows\system32\mfc71.zip
2009-02-20 11:45 . 2009-02-20 11:45 1,678,248 --a------ c:\windows\system32\registryboosterppcg15.exe
2009-02-20 11:31 . 2009-02-20 11:31 <REP> d-------- c:\documents and settings\CKS Andre SNEYAERT\Application Data\Uniblue
2009-02-20 09:11 . 2009-02-21 22:41 13,531 --a------ c:\windows\system32\wauafe.exe
2009-02-20 09:10 . 2009-02-20 14:56 19,456 --a------ c:\windows\system32\dfln.dll
2009-02-19 18:50 . <REP> c:\windows\$WIND$
2009-02-19 18:50 . 2009-02-19 18:50 2 --a------ c:\windows\sysinfo.tmp
2009-02-19 18:45 . 2009-02-20 22:16 <REP> d-------- c:\program files\Goto Software
2009-02-19 18:45 . 2009-02-20 22:16 <REP> d-------- c:\program files\Fichiers communs\Goto Software
2009-02-19 18:45 . 2009-02-19 18:45 <REP> d-------- c:\documents and settings\CKS Andre SNEYAERT\Application Data\VadeRetro
2009-02-19 18:45 . 2009-02-20 22:16 <REP> d-------- c:\documents and settings\All Users\Application Data\VadeRetro
2009-02-19 16:43 . <REP> c:\windows\WinShell
2009-02-19 16:43 . 2009-02-19 16:43 36,864 --a------ c:\windows\system\rund1132.exe
2009-02-19 07:28 . 2009-02-19 23:56 13,531 --a------ c:\windows\system32\waunafe.exe
2009-02-19 07:27 . 2009-02-19 23:13 19,456 --a------ c:\windows\system32\dafln.dll
2009-02-18 19:42 . 2009-02-18 19:42 31,232 --a------ C:\Relevé de compte LAW YAT au 31.12.2008.doc
2009-02-18 18:15 . 2009-02-18 18:15 386,560 ----s---- c:\windows\system32\MSPolicyAgent.dll
2009-02-18 18:15 . 2009-02-18 18:15 6 --a------ c:\windows\system32\types.tmp
2009-02-18 16:12 . 2009-02-18 21:31 13,531 --a------ c:\windows\system32\waumafe.exe
2009-02-18 07:55 . 2009-02-18 11:05 13,531 --a------ c:\windows\system32\waulafe.exe
2009-02-18 07:54 . 2009-02-18 07:54 18,944 --a------ c:\windows\system32\fasadf.dll
2009-02-17 15:03 . 2009-02-24 00:59 24,278 --a------ c:\windows\system32\somspring.dat
2009-02-17 15:03 . 2009-02-24 01:14 401 --a------ c:\windows\system32\romarshal.dat
2009-02-17 14:56 . 2009-02-04 07:58 121,476 --a------ c:\windows\system32\drivers\pnpmem.sys
2009-02-17 14:56 . 2009-02-17 14:56 32 --a------ c:\windows\system32\ormsgse.axz
2009-02-17 14:47 . 2009-02-24 01:58 <REP> d-------- c:\windows\Intel
2009-02-17 14:47 . 2009-02-17 14:47 13,531 --a------ c:\windows\system32\waukafe.exe
2009-02-17 14:46 . 2009-02-17 14:46 19,456 --a------ c:\windows\system32\flzaitian.dll
2009-02-17 14:46 . 2009-02-24 01:58 141 --a------ c:\windows\system32\exlds.ini
2009-02-17 14:45 . 2008-04-14 03:33 19,968 --a--c--- c:\windows\system32\dllcache\linkinfo.dll
2009-02-07 23:10 . 2009-02-07 23:10 170,496 --a------ C:\FINE CRUSH LTD.doc
2009-02-02 21:59 . 2009-02-02 21:59 66,048 --a------ C:\Proposition APOLLO pour Ile MAURICE.doc
2009-02-02 17:57 . 2009-02-02 17:57 48,640 --a------ C:\Clients Ile MAURICE.doc
2009-02-02 12:23 . 2009-02-05 11:49 25,088 --a------ C:\A T T E S T A T I O N Impotsssssssssss.doc
2009-02-02 10:47 . 2009-02-02 10:47 30,720 --a------ C:\A T T E S T A T I O N - I m p o t s.doc
2009-01-31 13:51 . 2009-01-31 20:37 26,624 --a------ C:\Demande prolongation stage.doc
2009-01-27 10:10 . 2009-01-27 11:00 32,256 --a------ C:\Courrier André SNEYAERT.doc

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 00:58 --------- d-----w c:\program files\Wanadoo
2009-02-24 00:58 --------- d-----w c:\documents and settings\CKS Andre SNEYAERT\Application Data\Skype
2009-02-24 00:57 10,334 ----a-w c:\windows\Fonts\TIMPIatform.exe
2009-02-23 22:43 431,922 ----a-w c:\program files\HJTInstall.7z
2009-02-23 19:19 19,968 ----a-w c:\windows\Fonts\wuauclt.exe
2009-02-23 15:50 3 ----a-w c:\windows\system32\drivers\52438666.txt
2009-02-23 15:33 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-20 16:26 --------- d-----w c:\program files\cacmchc
2009-02-18 18:10 --------- d-----w c:\program files\Google
2009-02-15 16:18 13,317 ----a-w c:\program files\Fichiers communs\qybabiqylo.dl
2009-01-28 19:06 15,445 ----a-w c:\program files\Fichiers communs\vexomigaga._sy
2009-01-23 20:27 15,310 ----a-w c:\program files\Fichiers communs\vodeqet.ban
2009-01-23 20:21 --------- d-----w c:\documents and settings\All Users\Application Data\288537758
2009-01-21 19:07 --------- d-----w c:\program files\EnveloppesEditor1.09
2009-01-21 16:56 --------- d-----w c:\documents and settings\CKS Andre SNEYAERT\Application Data\PC-FAX TX
2009-01-17 14:20 32,768 ----a-w c:\windows\system32\drivers\ati4twxx.sys
2009-01-17 14:02 137,664 ----a-w c:\windows\system32\drivers\ethcjxre.sys
2009-01-16 17:15 137,664 ----a-w c:\windows\system32\drivers\adiusbaw.sys
2008-09-22 09:52 85,504 ----a-w c:\documents and settings\CKS Andre SNEYAERT\Application Data\GDIPFONTCACHEV1.DAT
2008-09-04 14:43 1,940 ----a-w c:\documents and settings\CKS Andre SNEYAERT\Application Data\ViewerApp.dat
2009-02-19 15:43 159,744 ----a-w c:\program files\internet explorer\plugins\icwres.dll
2008-09-27 10:02 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-04-14 02:33 23,368 --sh--w c:\windows\system32\alimoto32.exe
2004-08-17 19:00 74,752 --sh--w c:\windows\system32\RamrtwC.dll
.

------- Sigcheck -------

2004-08-05 13:00 15360 5584247b568c2e53934873f4b655fe6a c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 03:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-14 03:33 15360 9bc8230dda8e37e375a5a9aa551a8f76 c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-02-24_ 1.22.06.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-24 00:16:01 3,740 ----a-w c:\windows\Downloaded Program Files\alg.exe
+ 2009-02-24 00:57:00 3,740 ----a-w c:\windows\Downloaded Program Files\alg.exe
- 2009-02-24 00:18:25 49,152 ----a-w c:\windows\system32\npptools.dll
+ 2008-04-14 02:33:36 55,296 ----a-w c:\windows\system32\npptools.dll
- 2009-02-24 00:16:15 16,384 --sha-w c:\windows\Temp\Cookies\index.dat
+ 2009-02-24 00:57:17 16,384 --sha-w c:\windows\Temp\Cookies\index.dat
- 2009-02-24 00:16:15 32,768 --sha-w c:\windows\Temp\Fichiers Internet temporaires\Content.IE5\index.dat
+ 2009-02-24 00:57:17 32,768 --sha-w c:\windows\Temp\Fichiers Internet temporaires\Content.IE5\index.dat
- 2009-02-24 00:16:15 16,384 --sha-w c:\windows\Temp\History\History.IE5\index.dat
+ 2009-02-24 00:57:17 16,384 --sha-w c:\windows\Temp\History\History.IE5\index.dat
+ 2009-02-24 00:56:53 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2e4.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}]
2009-02-10 04:30 196608 --a------ c:\program files\Fichiers communs\PushWare\cpush.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{296AB8C6-FB22-4D17-8834-064E2BA0A6F0}]
2009-03-09 04:43 155648 -ra------ c:\windows\Intel\baiduc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{489873CE-F3E1-44A3-8E89-04BE26BE4446}]
2009-02-10 05:14 193912 --a------ c:\program files\Internet Explorer\IETimber\IETimber.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5419706F-9AD1-49BB-A91F-EE6B62E2881E}]
2009-02-22 15:11 70789 --ahs---- c:\program files\Internet Explorer\PowerJo.ase

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{912F6837-CCB6-424B-BC9C-8BB5541AFB54}]
2009-02-24 01:06 70789 --ahs---- c:\program files\Internet Explorer\PowerJv.ask

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"Livecom"="c:\progra~1\Livecom\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" [2006-02-23 237568]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-02-09 25388584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 68856]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 204863]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fenaffiche"="c:\program files\FenAffiche\FenUnika.exe" [2004-07-23 36864]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Microsoft Works Update Detection"="c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 28672]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2003-10-13 184320]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-27 29744]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"NavvyUp"="c:\program files\MediaChannel\Navvy 5.2\NavvyUp.exe" [2009-02-12 49152]
"msexe.exe"="c:\windows\system32\msexe.exe" [2009-02-21 16632]
"zxexe.exe"="c:\windows\system32\zxexe.exe" [2009-02-21 13352]
"kdexe.exe"="c:\windows\system32\kdexe.exe" [2009-02-23 13352]
"SiSPower"="SiSPower.dll" [2005-04-12 c:\windows\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2005-03-24 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9d.exe" [2007-06-11 190696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"svchstt"="c:\docume~1\CKSAND~1\LOCALS~1\Temp\502514" [X]
"360safe"="c:\windows\Fonts\wuauclt.exe" [2009-02-23 19968]
"user"="c:\windows\WinShell..\daemon.exe" [BU]

c:\documents and settings\CKS Andre SNEYAERT\Menu D‚marrer\Programmes\D‚marrage\
Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-07-19 385024]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-04-28 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-04-28 106496]
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2007-04-20 835584]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{198FF3D8-56F1-466B-A36F-F9C28B43E440}"= "198FF3D8.dll" [BU]
"{1957817A-94B2-4CAC-B113-A331809B5730}"= "1957817A.dll" [BU]
"{8D025D9E-A5AC-49DB-968D-1F2A3C030840}"= "c:\windows\system32\odgildpe.dll" [2008-08-14 249856]
"{5419706F-9AD1-49BB-A91F-EE6B62E2881E}"= "c:\program files\Internet Explorer\PowerJo.ase" [2009-02-22 70789]
"{EB1952AD-75E8-4E4E-B626-2C415DA35709}"= "c:\windows\system32\ebhpliad.dll" [2008-08-14 30208]
"{186E0D94-F863-43EF-9B43-38DAC43C064B}"= "c:\windows\system32\homegdpk.dll" [2008-08-14 30720]
"{C8C40DDC-9B46-4266-BA0B-5AF248442C3B}"= "c:\windows\system32\cockgddc.dll" [2008-08-14 245760]
"{912F6837-CCB6-424B-BC9C-8BB5541AFB54}"= "c:\program files\Internet Explorer\PowerJv.ask" [2009-02-24 70789]
"{83D7757F-4582-4300-9F03-C3D1A544A9D0}"= "c:\windows\system32\ojdnnlnf.dll" [2008-08-14 245760]
"{A5D82254-2505-417B-BAFF-37A20BC2FFD3}"= "c:\windows\system32\aldoiilk.dll" [2008-08-14 45056]
"{1E2FEAD8-3897-4A01-BD3B-098693626973}"= "c:\windows\system32\heifeado.dll" [2008-08-14 45056]
"{A6B283F7-EAC4-4110-ACAA-A2D0B85466B7}"= "c:\windows\system32\ambiojfn.dll" [2008-08-14 45056]
"{4D4DFE57-FF9C-4ADB-86BA-4C8733E53A71}"= "c:\windows\system32\kdkdfeln.dll" [2008-08-14 65536]
"{88ADD287-BA8E-49E4-A36E-A46F3AABA9F1}"= "c:\windows\system32\ooaddion.dll" [2008-08-14 34304]
"{7DAE50F5-6A99-4454-BED4-5A99C5013A05}"= "c:\windows\system32\ndaelgfl.dll" [2008-08-14 40960]
"{CCBF2CF2-E157-495C-BBA3-658B5B04ADA7}"= "c:\windows\system32\ccbficfi.dll" [2008-08-14 37376]
"{0A3D97EC-5C2D-4C5A-B6C9-DF0DC337072E}"= "c:\windows\system32\gajdpnec.dll" [2008-08-14 34816]
"{24DA96C6-3E20-4D04-8262-4F04219702BF}"= "c:\windows\system32\ikdapmcm.dll" [2008-08-14 40960]
"{DBF429BD-3780-44EA-8F03-E9837B1CCF85}"= "c:\windows\system32\dbfkipbd.dll" [2008-08-14 28672]
"{80C6FDAF-FB37-4002-96A4-AD30EFBCC2A8}"= "c:\windows\system32\ogcmfdaf.dll" [2008-08-14 229376]
"{54474074-C37C-44F2-BE8E-55B2AAE427C6}"= "c:\windows\system32\lkknkgnk.dll" [2008-08-14 40960]
"{4FF880AC-3036-42AF-88C2-365BA6CA00C5}"= "c:\windows\system32\kffoogac.dll" [2008-08-14 32256]
"{A48541C4-558A-4B47-B672-43E1955CEF96}"= "c:\windows\system32\akolkhck.dll" [2008-08-14 249856]
"{88359C2B-7363-46A8-9F92-E2C3D458DF66}"= "c:\windows\system32\oojlpcib.dll" [2008-08-14 40960]
"{E839C197-380B-4F2A-8C2B-98A9284BE790}"= "c:\windows\system32\eojpchpn.dll" [2008-08-14 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"8D025D9E"= {8D025D9E-A5AC-49DB-968D-1F2A3C030840} - c:\windows\system32\odgildpe.dll [2008-08-14 249856]
"EB1952AD"= {EB1952AD-75E8-4E4E-B626-2C415DA35709} - c:\windows\system32\ebhpliad.dll [2008-08-14 30208]
"186E0D94"= {186E0D94-F863-43EF-9B43-38DAC43C064B} - c:\windows\system32\homegdpk.dll [2008-08-14 30720]
"C8C40DDC"= {C8C40DDC-9B46-4266-BA0B-5AF248442C3B} - c:\windows\system32\cockgddc.dll [2008-08-14 245760]
"83D7757F"= {83D7757F-4582-4300-9F03-C3D1A544A9D0} - c:\windows\system32\ojdnnlnf.dll [2008-08-14 245760]
"A5D82254"= {A5D82254-2505-417B-BAFF-37A20BC2FFD3} - c:\windows\system32\aldoiilk.dll [2008-08-14 45056]
"1E2FEAD8"= {1E2FEAD8-3897-4A01-BD3B-098693626973} - c:\windows\system32\heifeado.dll [2008-08-14 45056]
"A6B283F7"= {A6B283F7-EAC4-4110-ACAA-A2D0B85466B7} - c:\windows\system32\ambiojfn.dll [2008-08-14 45056]
"4D4DFE57"= {4D4DFE57-FF9C-4ADB-86BA-4C8733E53A71} - c:\windows\system32\kdkdfeln.dll [2008-08-14 65536]
"88ADD287"= {88ADD287-BA8E-49E4-A36E-A46F3AABA9F1} - c:\windows\system32\ooaddion.dll [2008-08-14 34304]
"7DAE50F5"= {7DAE50F5-6A99-4454-BED4-5A99C5013A05} - c:\windows\system32\ndaelgfl.dll [2008-08-14 40960]
"CCBF2CF2"= {CCBF2CF2-E157-495C-BBA3-658B5B04ADA7} - c:\windows\system32\ccbficfi.dll [2008-08-14 37376]
"0A3D97EC"= {0A3D97EC-5C2D-4C5A-B6C9-DF0DC337072E} - c:\windows\system32\gajdpnec.dll [2008-08-14 34816]
"24DA96C6"= {24DA96C6-3E20-4D04-8262-4F04219702BF} - c:\windows\system32\ikdapmcm.dll [2008-08-14 40960]
"DBF429BD"= {DBF429BD-3780-44EA-8F03-E9837B1CCF85} - c:\windows\system32\dbfkipbd.dll [2008-08-14 28672]
"80C6FDAF"= {80C6FDAF-FB37-4002-96A4-AD30EFBCC2A8} - c:\windows\system32\ogcmfdaf.dll [2008-08-14 229376]
"54474074"= {54474074-C37C-44F2-BE8E-55B2AAE427C6} - c:\windows\system32\lkknkgnk.dll [2008-08-14 40960]
"4FF880AC"= {4FF880AC-3036-42AF-88C2-365BA6CA00C5} - c:\windows\system32\kffoogac.dll [2008-08-14 32256]
"A48541C4"= {A48541C4-558A-4B47-B672-43E1955CEF96} - c:\windows\system32\akolkhck.dll [2008-08-14 249856]
"88359C2B"= {88359C2B-7363-46A8-9F92-E2C3D458DF66} - c:\windows\system32\oojlpcib.dll [2008-08-14 40960]
"E839C197"= {E839C197-380B-4F2A-8C2B-98A9284BE790} - c:\windows\system32\eojpchpn.dll [2008-08-14 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,c:\windows\system\rund1132.exe,"

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=c:\windows\system\rund1132.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360rpt.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safe.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safebox.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360tray.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ANTIARP.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArSwp.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ast.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoRun.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoRunKiller.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvMonitor.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP.COM]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCenter.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Frameworkservice.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GFUpd.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GuardField.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\HijackThis.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IceSword.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Iparmor.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KASARP.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kav32.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVPFW.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavstart.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kissvc.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kmailmon.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPfwSvc.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRegEx.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonxp.KXP]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVSrvXP.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVWSC.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kwatch.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Mmsk.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Navapsvc.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32krn.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nod32kui.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFW.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQDoctor.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAV.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMon.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMonD.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ravservice.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavStub.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavTask.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAVTRAY.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Regedit.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwmain.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwProxy.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwsrv.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rfwstub.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsAgent.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rsaupd.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsMain.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rsnetsvr.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RSTray.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Runiep.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safeboxTray.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ScanFrm.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SREngLdr.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojanDetector.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Trojanwall.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojDie.KXP]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPC32.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPTRAY.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WOPTILITIES.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4twxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8quxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Livecom\\Application\\eConfv4\\livecomp.exe"=
"c:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=

R2 MSPolicyAgent;Microsoft IPsec Policy Agent;c:\windows\System32\svchost.exe -k MSPolicyAgent [2008-04-14 14336]
R2 pnpmem;pnpmem;c:\windows\system32\drivers\pnpmem.sys [2009-02-17 121476]
R2 WinSSCOM;COM+ Windows System;c:\windows\winsscoo.exe [2009-02-21 132096]
R3 MyProt;Network Monitor Protocol Driver;c:\windows\system32\drivers\winyyy.sys [2009-02-21 21248]
R3 npf;npf;c:\windows\system32\drivers\npf.sys [2009-02-24 42000]
S0 ati4twxx;ati4twxx;c:\windows\system32\drivers\ati4twxx.sys [2008-12-16 32768]
S0 ati8quxx;ati8quxx;c:\windows\system32\drivers\ati8quxx.sys [2008-11-25 32768]
S1 ethcjxre;ethcjxre;c:\windows\system32\drivers\ethcjxre.sys [2009-01-17 137664]
S2 BackWeb Client - 174112;Securitoo AntiVirus;c:\progra~1\SECURI~1\174112\Program\SERVIC~1.EXE --> c:\progra~1\SECURI~1\174112\Program\SERVIC~1.EXE [?]
S3 alsk;alsk;\??\c:\windows\fonts\alsk.sys --> c:\windows\fonts\alsk.sys [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-11-21 29744]
S3 naks;naks;\??\c:\windows\fonts\naks.sys --> c:\windows\fonts\naks.sys [?]
S3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\drivers\P1120Vid.sys [2006-02-01 1252474]
S3 PsShutdownSvc;PsShutdown;c:\windows\system32\PSSDNSVC.EXE [2005-08-22 65536]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\drivers\WlanUZXP.sys [2007-04-20 260608]
S3 UPDATEDATA;UPDATEDATA;c:\windows\system32\drivers\acpiec.sys [2001-08-23 12032]
S3 ZDCndis5;ZDCndis5 Protocol Driver;c:\windows\system32\zdcndis5.sys [2009-01-16 137664]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - NPF
*NewlyCreated* - ZDPNDIS5

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
MSPolicyAgent REG_MULTI_SZ MSPolicyAgent

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c3c2482-be0b-11dd-8d64-00142a50775a}]
\shell\explore\command - E:\CC.PIF
\shell\open\Command - E:\CC.PIF
.
Contenu du dossier 'Tâches planifiées'

2009-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 14:21]

2009-02-23 c:\windows\Tasks\At1.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At10.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At11.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At12.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At13.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At14.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At15.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At16.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At17.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At18.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At19.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-24 c:\windows\Tasks\At2.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At20.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At21.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At22.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At23.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At24.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At25.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-24 c:\windows\Tasks\At26.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-24 c:\windows\Tasks\At27.job
- c:\windows\system32\7f7lMNDh.exe []

2009-01-23 c:\windows\Tasks\At28.job
- c:\windows\system32\7f7lMNDh.exe []

2009-01-23 c:\windows\Tasks\At29.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-24 c:\windows\Tasks\At3.job
- c:\windows\system32\7f7lMNDh.exe []

2009-01-23 c:\windows\Tasks\At30.job
- c:\windows\system32\7f7lMNDh.exe []

2009-01-23 c:\windows\Tasks\At31.job
- c:\windows\system32\7f7lMNDh.exe []

2009-01-23 c:\windows\Tasks\At32.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-19 c:\windows\Tasks\At33.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At34.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At35.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At36.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At37.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At38.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At39.job
- c:\windows\system32\7f7lMNDh.exe []

2009-01-23 c:\windows\Tasks\At4.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At40.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At41.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At42.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At43.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At44.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At45.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At46.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At47.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At48.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At49.job
- c:\windows\system32\7f7lMNDh.exe []

2009-01-23 c:\windows\Tasks\At5.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-24 c:\windows\Tasks\At50.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-24 c:\windows\Tasks\At51.job
- c:\windows\system32\7f7lMNDh.exe []

2009-01-23 c:\windows\Tasks\At52.job
- c:\windows\system32\7f7lMNDh.exe []

2009-01-23 c:\windows\Tasks\At53.job
- c:\windows\system32\7f7lMNDh.exe []

2009-01-23 c:\windows\Tasks\At54.job
- c:\windows\system32\7f7lMNDh.exe []

2009-01-23 c:\windows\Tasks\At55.job
- c:\windows\system32\7f7lMNDh.exe []

2009-01-23 c:\windows\Tasks\At56.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-19 c:\windows\Tasks\At57.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At58.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At59.job
- c:\windows\system32\7f7lMNDh.exe []

2009-01-23 c:\windows\Tasks\At6.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At60.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At61.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At62.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At63.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At64.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At65.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At66.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At67.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At68.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At69.job
- c:\windows\system32\7f7lMNDh.exe []

2009-01-23 c:\windows\Tasks\At7.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At70.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At71.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-23 c:\windows\Tasks\At72.job
- c:\windows\system32\7f7lMNDh.exe []

2009-01-23 c:\windows\Tasks\At8.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-19 c:\windows\Tasks\At9.job
- c:\windows\system32\7f7lMNDh.exe []

2009-02-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-23 15:32]

2009-02-24 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-Á³# Lh'þ9Óœð3rÅWc:\program files\ISTsvc\istsvc.exe - c:\windows\hxyjlul.exe
ShellExecuteHooks-{F65BDEC7-4BF3-4512-840F-68B166B6D7AC} - F65BDEC7.dll
ShellExecuteHooks-{16AF66EB-93C8-49F9-BB09-B4F87CEDCE46} - 16AF66EB.dll
ShellExecuteHooks-{A1A6BC2E-C6A1-43C1-8884-A31D772F42B8} - A1A6BC2E.dll

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://luck114.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
FF - ProfilePath - c:\documents and settings\CKS Andre SNEYAERT\Application Data\Mozilla\Firefox\Profiles\h6n3nsr0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
.
.
------- Associations de fichier -------
.
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-24 01:57:08
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
user = c:\windows\WinShell..\daemon.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Recherche de fichiers cachés ...

c:\windows\system32\wpcap.dll 240496 bytes executable
c:\windows\system32\Packet.dll 88952 bytes executable
c:\windows\system32\F65BDEC7.cfg 296 bytes
c:\windows\system32\F65BDEC7.dll 13462 bytes executable
c:\windows\system32\WanPacket.dll 68480 bytes executable

Scan terminé avec succès
Fichiers cachés: 5

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Á³# L\"h'þ9Óœð3rÅWc:\\Program Files\\ISTsvc\\istsvc.exe"="c:\\WINDOWS\\hxyjlul.exe"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\syslib .dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\smss.exe
c:\windows\WinShell.\daemon.exe
c:\progra~1\Wanadoo\TaskBarIcon.exe
c:\windows\Fonts\TIMPIatform.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\progra~1\Wanadoo\EspaceWanadoo.exe
c:\progra~1\Wanadoo\ComComp.exe
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
c:\progra~1\Wanadoo\Toaster.exe
c:\progra~1\Wanadoo\Inactivity.exe
c:\progra~1\Wanadoo\PollingModule.exe
c:\program files\MediaChannel\Navvy 5.2\NavvyMan.exe
c:\windows\system32\ALERTM~1\ALERTM~1.EXE
c:\windows\system32\dwwin.exe
c:\docume~1\CKSAND~1\LOCALS~1\Temp\148707
c:\windows\system32\waubfe.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Heure de fin: 2009-02-24 2:05:30 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-02-24 01:05:26
ComboFix2.txt 2009-02-24 00:24:40

Avant-CF: 154 502 651 904 octets libres
Après-CF: 154,490,519,552 octets libres

660 --- E O F --- 2009-02-11 20:24:11

Réponse 52 / 123

ROSALLY Messages postés 80 Statut Membre

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:10:37, on 24/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system\rund1132.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\winsscoo.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system\rund1132.exe
C:\WINDOWS\Fonts\wuauclt.exe
C:\WINDOWS\smss.exe
C:\WINDOWS\WinShell.\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\Fonts\TIMPIatform.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\MediaChannel\Navvy 5.2\NavvyMan.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\148707
C:\WINDOWS\system32\waubfe.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\waubfe.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\Fichiers Internet temporaires\Content.IE5\VISNTT6Q\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://luck114.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F3 - REG:win.ini: load=C:\WINDOWS\system\rund1132.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system\rund1132.exe,
O1 - Hosts: 127.0.0.2 ymsdasdw1.cn
O1 - Hosts: 127.0.0.3 h96b.info
O1 - Hosts: 127.0.0.0 fuck.zttwp.cn
O1 - Hosts: 127.0.0.0 www.hackerbf.cn
O1 - Hosts: 127.0.0.0 zzz.2008wyt.net
O1 - Hosts: 127.1.1.1 999.2005wyt.com
O1 - Hosts: 127.1.1.1 219.152.120.240
O1 - Hosts: 127.0.0.0 ww.popdm.cn
O1 - Hosts: 127.1.1.1 bbt.etimes888.com
O1 - Hosts: 127.1.1.1 219.147.13.53
O1 - Hosts: 127.1.1.1 dl.360safe.com
O1 - Hosts: 127.1.1.1 www.sunlight.org.cn
O1 - Hosts: 127.1.1.1 w.wonthe.cn
O1 - Hosts: 127.1.1.1 20068080.cn
O1 - Hosts: 127.1.1.1 l.neter888.cn
O1 - Hosts: 127.1.1.1 stat.untang.com
O1 - Hosts: 127.1.1.1 www.ikdy.cn
O1 - Hosts: 127.0.0.0 geekbyfeng.cn
O1 - Hosts: 127.0.0.0 121.14.101.68
O1 - Hosts: 127.0.0.0 ppp.etimes888.com
O1 - Hosts: 127.0.0.0 www.bypk.com
O1 - Hosts: 127.0.0.0 CSC3-2004-crl.verisign.com
O1 - Hosts: 127.0.0.0 udp.hjob123.com
O1 - Hosts: 127.1.1.1 999.hfdy2828.com
O1 - Hosts: 127.1.1.1 www.hfdy2929.com
O1 - Hosts: 127.1.1.1 www.xiazaide1.cn
O1 - Hosts: 127.1.1.1 www.vuf51579.cn
O1 - Hosts: 127.1.1.1 wm.eo2q.cn
O1 - Hosts: 127.1.1.1 d.www-263.com
O1 - Hosts: 127.1.1.1 www.ssy1688.cn
O1 - Hosts: 127.1.1.1 121.12.173.218
O1 - Hosts: 127.1.1.1 qq.18i16.net
O1 - Hosts: 127.1.1.1 a.baidu-6661.com
O1 - Hosts: 127.1.1.1 www.vuf51579.cn
O1 - Hosts: 127.1.1.1 www.1079223105.cn
O1 - Hosts: 127.1.1.1 home.xzx6.cn
O1 - Hosts: 127.1.1.1 top.fgc3.cn
O1 - Hosts: 127.1.1.1 165.246.44.228
O1 - Hosts: 127.1.1.1 wwww.ttfafa.com
O1 - Hosts: 127.1.1.1 pa.tt-09.com
O1 - Hosts: 127.0.0.2 bnasnd83nd.cn
O1 - Hosts: 127.0.0.0 www.gamehacker.com.cn
O1 - Hosts: 127.0.0.0 gamehacker.com.cn
O1 - Hosts: 127.1.1.1 www.cctv-100008.cn
O1 - Hosts: 127.1.1.1 222.73.208.141
O1 - Hosts: 127.0.0.3 adlaji.cn
O1 - Hosts: 127.1.1.1 aiyyw.com
O1 - Hosts: 127.1.1.1 bnasnd83nd.cn
O1 - Hosts: 127.0.0.0 user1.12-27.net
O1 - Hosts: 127.0.0.0 fengent.cn
O1 - Hosts: 127.0.0.0 www.sony888.cn
O1 - Hosts: 127.0.0.0 user1.asp-33.cn
O1 - Hosts: 127.0.0.0 www.netkwek.cn
O1 - Hosts: 127.0.0.0 ymsdkad6.cn
O1 - Hosts: 127.0.0.0 www.lkwueir.cn
O1 - Hosts: 127.0.1.1 user1.23-17.net
O1 - Hosts: 127.0.0.0 upa.luzhiai.net
O1 - Hosts: 127.0.0.0 www.guccia.net
O1 - Hosts: 127.0.0.0 4m9mnlmi.cn
O1 - Hosts: 127.0.0.0 mm119mkssd.cn
O1 - Hosts: 127.0.0.0 61.128.171.115:8080
O1 - Hosts: 127.0.0.0 www.1119111.com
O1 - Hosts: 127.0.0.0 win.nihao69.cn
O1 - Hosts: 127.0.0.0 puc.lianxiac.net
O1 - Hosts: 127.0.0.0 pud.lianxiac.net
O1 - Hosts: 127.0.0.0 210.76.0.133
O1 - Hosts: 127.0.0.0 61.166.32.2
O1 - Hosts: 127.0.0.0 218.92.186.27
O1 - Hosts: 127.0.0.0 www.fsfsfag.cn
O1 - Hosts: 127.0.0.0 ovo.ovovov.cn
O1 - Hosts: 127.0.0.0 dw.com.com
O1 - Hosts: 127.0.0.0 t.myblank.cn
O1 - Hosts: 127.0.0.0 x.myblank.cn
O1 - Hosts: 127.0.0.0 qq-xing.com.cn
O1 - Hosts: 127.0.0.0 59.125.231.177:17777
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\PushWare\cpush0.dll
O2 - BHO: Info cache - {296AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\WINDOWS\Intel\baiduc.dll
O2 - BHO: IETimber - {489873CE-F3E1-44A3-8E89-04BE26BE4446} - C:\Program Files\Internet Explorer\IETimber\IETimber.dll
O2 - BHO: (no name) - {5419706F-9AD1-49BB-A91F-EE6B62E2881E} - C:\Program Files\Internet Explorer\PowerJo.ase
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {912F6837-CCB6-424B-BC9C-8BB5541AFB54} - C:\Program Files\Internet Explorer\PowerJv.ask
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Rankey Toolbar(&N) - {C4672F26-5862-40FE-94B8-7B35285DAF82} - C:\Program Files\MediaChannel\Navvy 5.2\NavvyTB.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Rankey Toolbar(&N) - {C4672F26-5862-40FE-94B8-7B35285DAF82} - C:\Program Files\MediaChannel\Navvy 5.2\NavvyTB.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\FenUnika.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Á³# L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hxyjlul.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NavvyUp] C:\Program Files\MediaChannel\Navvy 5.2\NavvyUp.exe
O4 - HKLM\..\Run: [msexe.exe] C:\WINDOWS\system32\msexe.exe
O4 - HKLM\..\Run: [zxexe.exe] C:\WINDOWS\system32\zxexe.exe
O4 - HKLM\..\Run: [kdexe.exe] C:\WINDOWS\system32\kdexe.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [Livecom] "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [svchstt] C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\502514
O4 - HKLM\..\Policies\Explorer\Run: [360safe] C:\WINDOWS\Fonts\wuauclt.exe
O4 - HKLM\..\Policies\Explorer\Run: [user] C:\WINDOWS\WinShell..\daemon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: akolkhck.dll,kffoogac.dll,lkknkgnk.dll,ogcmfdaf.dll,dbfkipbd.dll,ikdapmcm.dll,gajdpnec.dll,ccbficfi.dll,ndaelgfl.dll,ooaddion.dll,kdkdfeln.dll,heifeado.dll,aldoiilk.dll,ojdnnlnf.dll,cockgddc.dll,homegdpk.dll,ebhpliad.dll,odgildpe.dll,oojlpcib.dll,eojpchpn.dll
O21 - SSODL: 8D025D9E - {8D025D9E-A5AC-49DB-968D-1F2A3C030840} - C:\WINDOWS\system32\odgildpe.dll
O21 - SSODL: EB1952AD - {EB1952AD-75E8-4E4E-B626-2C415DA35709} - C:\WINDOWS\system32\ebhpliad.dll
O21 - SSODL: 186E0D94 - {186E0D94-F863-43EF-9B43-38DAC43C064B} - C:\WINDOWS\system32\homegdpk.dll
O21 - SSODL: C8C40DDC - {C8C40DDC-9B46-4266-BA0B-5AF248442C3B} - C:\WINDOWS\system32\cockgddc.dll
O21 - SSODL: 83D7757F - {83D7757F-4582-4300-9F03-C3D1A544A9D0} - C:\WINDOWS\system32\ojdnnlnf.dll
O21 - SSODL: A5D82254 - {A5D82254-2505-417B-BAFF-37A20BC2FFD3} - C:\WINDOWS\system32\aldoiilk.dll
O21 - SSODL: 1E2FEAD8 - {1E2FEAD8-3897-4A01-BD3B-098693626973} - C:\WINDOWS\system32\heifeado.dll
O21 - SSODL: A6B283F7 - {A6B283F7-EAC4-4110-ACAA-A2D0B85466B7} - C:\WINDOWS\system32\ambiojfn.dll
O21 - SSODL: 4D4DFE57 - {4D4DFE57-FF9C-4ADB-86BA-4C8733E53A71} - C:\WINDOWS\system32\kdkdfeln.dll
O21 - SSODL: 88ADD287 - {88ADD287-BA8E-49E4-A36E-A46F3AABA9F1} - C:\WINDOWS\system32\ooaddion.dll
O21 - SSODL: 7DAE50F5 - {7DAE50F5-6A99-4454-BED4-5A99C5013A05} - C:\WINDOWS\system32\ndaelgfl.dll
O21 - SSODL: CCBF2CF2 - {CCBF2CF2-E157-495C-BBA3-658B5B04ADA7} - C:\WINDOWS\system32\ccbficfi.dll
O21 - SSODL: 0A3D97EC - {0A3D97EC-5C2D-4C5A-B6C9-DF0DC337072E} - C:\WINDOWS\system32\gajdpnec.dll
O21 - SSODL: 24DA96C6 - {24DA96C6-3E20-4D04-8262-4F04219702BF} - C:\WINDOWS\system32\ikdapmcm.dll
O21 - SSODL: DBF429BD - {DBF429BD-3780-44EA-8F03-E9837B1CCF85} - C:\WINDOWS\system32\dbfkipbd.dll
O21 - SSODL: 80C6FDAF - {80C6FDAF-FB37-4002-96A4-AD30EFBCC2A8} - C:\WINDOWS\system32\ogcmfdaf.dll
O21 - SSODL: 54474074 - {54474074-C37C-44F2-BE8E-55B2AAE427C6} - C:\WINDOWS\system32\lkknkgnk.dll
O21 - SSODL: 4FF880AC - {4FF880AC-3036-42AF-88C2-365BA6CA00C5} - C:\WINDOWS\system32\kffoogac.dll
O21 - SSODL: A48541C4 - {A48541C4-558A-4B47-B672-43E1955CEF96} - C:\WINDOWS\system32\akolkhck.dll
O21 - SSODL: 88359C2B - {88359C2B-7363-46A8-9F92-E2C3D458DF66} - C:\WINDOWS\system32\oojlpcib.dll
O21 - SSODL: E839C197 - {E839C197-380B-4F2A-8C2B-98A9284BE790} - C:\WINDOWS\system32\eojpchpn.dll
O23 - Service: Securitoo AntiVirus (BackWeb Client - 174112) - Unknown owner - C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\System32\PSSDNSVC.EXE

Réponse 53 / 123

Utilisateur anonyme

Ok

HiJackThis maintenant

Réponse 54 / 123

ROSALLY Messages postés 80 Statut Membre

booddha
je n'en peux plus je m'en vais me coucher
si tu es encore la STP
et tiens moi au courant pour demain
je te dis très bonne nuit et merci meme si c'est pas encore fini mais j'ai confiance en toi
a+++

Réponse 55 / 123

Utilisateur anonyme

J'allais te le dire, (se coucher)
Ta machine est bizarre et il faut que je me documente. Tu es très infestée. Au besoin j'appellerais des potes au secours.

Bonne nuit, on les auras.

Réponse 56 / 123

ROSALLY Messages postés 80 Statut Membre

bonjour Booddha

tu me fais peur avec tse remarques
j'espère que tu ne me lacheras pas au milieu du chemin
si tu pense que la machine s'infecte de plus e"n polus c'est que je n'ai plus d'Anti Virus, j'ai tout désactivé pour faciliter les recherches et le nettoyage.........

je n y connais rien à l'informatique
a toute j'espère

Réponse 57 / 123

Utilisateur anonyme

Bonjour,

Te lacher ? Tu ne nous connait pas sur CCM. ;-)

Ce que je ne comprend pas c'est que les outils semble efficace mais la machine se reconstitue avec quelques variantes d'un rapport à l'autre. J'identifie bien les saletés mais je ne comprend pas que la machine revienne à son état infesté.

J'ai appelé la cavalerie en renfort, soit patiente on va trouver une solution à tes problèmes.

Essaye en attendant de faire le moins de choses possible avec ta machine et garde un œil sur le forum.

Si tu vois Lyonnais intervenir, c'est normal, je lui ai demandé de se pencher sur tes rapports pour avoir un avis. Espérant qu'il m'entendra.
Idem pour Marie qui est une autre pointure de ce site et qui m'a déjà apporté des éléments.

Ne t'affole pas et ne tente rien pour l'instant pour résoudre tes problèmes.

Réponse 58 / 123

Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537

Bonjour,

juste une proposition (je regarde plus avant le rapport combofix)

relancer Smitfraudfix en mode normal et répondre oui à tout.

poster le rapport.

(il vaut mieux le mode sans échec, mais comme il ne fonctionne pas, autant lancer en mode normal).

Réponse 59 / 123

Utilisateur anonyme

Salut Lyonnais et merci a toi et à Marie et aux autres de votre aide.

Rosaly, fais ce que Lyonnais te demande au-dessus STP.

Réponse 60 / 123

ROSALLY Messages postés 80 Statut Membre

rapport SmitfraudFix

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system\rund1132.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\winsscoo.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system\rund1132.exe
C:\WINDOWS\Fonts\wuauclt.exe
C:\WINDOWS\WinShell.\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\smss.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\Fonts\TIMPIatform.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\MediaChannel\Navvy 5.2\NavvyMan.exe
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\112035
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\gdi.exe
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\575304
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\2697753
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\2809488
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\3135155
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\WScript.exe

Discussions similaires

Erreur de lecture sur iptv smarters

Message "Un bloqueur de publicité empêche la lecture..."

Erreur de lecture des tv film et series sur mon appli iptv smarters pro

Lecture résumé HIJACKTHIS

123 réponses

Votre réponse

Discussions similaires

Newsletters