Multiples spywares attaques
memenflo
Messages postés
2
Date d'inscription
Statut
Membre
Dernière intervention
-
memenflo -
memenflo -
Bonjour,
Je suis sur xp pro et internet explorer 6.
Depuis plusieurs jours j'ai des fenetres qui s'affichent pour me signaler un problème de sécurité sur mon ordi.
L'ordi tourne au ralenti également.
Spybot a détecté trojandownloader.xs, 2020search,180solutions et d'autres choses encore.
Je n'arrive bien sur pas à les supprimer c'est pour cela que je demande de l'aide sur ce forum.
Pourriez vous s'il vous plait m'aider à résoudre ces problèmes?
Florent.
Je suis sur xp pro et internet explorer 6.
Depuis plusieurs jours j'ai des fenetres qui s'affichent pour me signaler un problème de sécurité sur mon ordi.
L'ordi tourne au ralenti également.
Spybot a détecté trojandownloader.xs, 2020search,180solutions et d'autres choses encore.
Je n'arrive bien sur pas à les supprimer c'est pour cela que je demande de l'aide sur ce forum.
Pourriez vous s'il vous plait m'aider à résoudre ces problèmes?
Florent.
Configuration: Windows XP Internet Explorer 6.0
4 réponses
-
Salut!
Telecharge HijackThis
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
Ensuite lance le et va sur do a scan and save logfile
un fichier texte s'ouvre copie le tout et colle le sur un post. -
Bonjour Younglord,
merci de t'intéresser à mon problème c'est super.
voici le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:30:12, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wmsdkns.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\FlashGet\flashget.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Configuration de la neuf Box] C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
-
Relance Hijack cette fois-ci tu fais Do a Scan only
Coche les 2 lignes suivantes et fait Fix It
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
Ensuite Telecharge et utilise Ccleaner
https://www.clubic.com/telecharger-fiche14492-ccleaner.html
N'installe pas l'option Yahoo Toolbar!
Une fois installé fait Analyse puis lancer le nettoyage
ensuite va dans l'onglet Registre puis clique sur chercher les erreurs une fois l'analyse établi clique sur Reparer les erreurs selectionnés.
Enregistre le rapport et envoi le sur un post envoi aussi un nouveau rapport Hijackthis (voir mon premier post) -
ok younglord, voici le rapport de ccleaner et de hijackthis
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\.vqf]
@=""
[HKEY_CLASSES_ROOT\.wave]
@=""
[HKEY_CLASSES_ROOT\OISbmpfile]
@=""
[HKEY_CLASSES_ROOT\OISemffile]
@=""
[HKEY_CLASSES_ROOT\OISgiffile]
@=""
[HKEY_CLASSES_ROOT\OISjpegfile]
@=""
[HKEY_CLASSES_ROOT\OISpngfile]
@=""
[HKEY_CLASSES_ROOT\OIStiffile]
@=""
[HKEY_CLASSES_ROOT\OISwmffile]
@=""
[HKEY_CLASSES_ROOT\SysmonLogManager.Snapin]
[HKEY_CLASSES_ROOT\WMPCD]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BUP]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BUP\OpenWithList]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\OpenWithList]
"a"="iexplore.exe"
"MRUList"="a"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.THM]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.THM\OpenWithList]
[HKEY_CLASSES_ROOT\acrobat\DefaultIcon]
@="C:\\Program Files\\Adobe\\Reader 8.0\\Acrobat\\AcroRd32.exe"
[HKEY_CLASSES_ROOT\ADCS]
@="Conteneur de classe Annuaire"
[HKEY_CLASSES_ROOT\ADCS\CLSID]
@="{89E30300-764D-11d0-B282-00A0C90F56FC}"
[HKEY_CLASSES_ROOT\Connection Manager Profile\DefaultIcon]
@="C:\\WINDOWS\\system32\\CMMGR32.EXE,1"
[HKEY_CLASSES_ROOT\Connection Manager Profile\shell\open]
[HKEY_CLASSES_ROOT\Connection Manager Profile\shell\open\command]
@="C:\\WINDOWS\\system32\\CMMGR32.EXE \"%1\""
[HKEY_CLASSES_ROOT\Connection Manager Profile\shell\Settings...]
[HKEY_CLASSES_ROOT\Connection Manager Profile\shell\Settings...\command]
@="C:\\WINDOWS\\system32\\CMMGR32.EXE /settings \"%1\""
[HKEY_CLASSES_ROOT\dcsfile\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,11"
[HKEY_CLASSES_ROOT\ecsfile\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,10"
[HKEY_CLASSES_ROOT\fcsfile\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,12"
[HKEY_CLASSES_ROOT\MailFileAtt]
@=""
[HKEY_CLASSES_ROOT\MailFileAtt\CLSID]
@="{00020D05-0000-0000-C000-000000000046}"
[HKEY_CLASSES_ROOT\mapifvbx.object]
@="MAPIForm object"
[HKEY_CLASSES_ROOT\mapifvbx.object\Clsid]
@="{41116C00-8B90-101B-96CD-00AA003B14FC}"
[HKEY_CLASSES_ROOT\mapifvbx.object.1]
@="MAPIForm object (V 1.0)"
[HKEY_CLASSES_ROOT\mapifvbx.object.1\Clsid]
@="{41116C00-8B90-101B-96CD-00AA003B14FC}"
[HKEY_CLASSES_ROOT\ncsfile\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,14"
[HKEY_CLASSES_ROOT\tcsfile\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,13"
[HKEY_CLASSES_ROOT\urn:content-classes:catalog\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,15"
[HKEY_CLASSES_ROOT\urn:content-classes:catalog-settings\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,-12471"
[HKEY_CLASSES_ROOT\urn:content-classes:contentclassdef\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,-13101"
[HKEY_CLASSES_ROOT\urn:content-classes:exchange55startaddress\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,-12451"
[HKEY_CLASSES_ROOT\urn:content-classes:exchangestartaddress\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,-12451"
[HKEY_CLASSES_ROOT\urn:content-classes:filestartaddress\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,-12453"
[HKEY_CLASSES_ROOT\urn:content-classes:management\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,20"
[HKEY_CLASSES_ROOT\urn:content-classes:notesstartaddress\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,-12456"
[HKEY_CLASSES_ROOT\urn:content-classes:remoteworkspacestartaddress\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,-12454"
[HKEY_CLASSES_ROOT\urn:content-classes:webstartaddress\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,-12450"
[HKEY_CLASSES_ROOT\urn:content-classes:wizard/addcontentclass\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,-13100"
[HKEY_CLASSES_ROOT\urn:content-classes:wizard/addsearchcontentlocation\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,-12461"
[HKEY_CLASSES_ROOT\urn:content-classes:workspace-settings\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,-12472"
[HKEY_CLASSES_ROOT\urn:content-classes:workspaceconfiguration\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,-12476"
[HKEY_CLASSES_ROOT\urn:content-classes:workspacestartaddress\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,-12454"
[HKEY_CLASSES_ROOT\wcsfile\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,9"
[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}]
@="ActiveXPlugin Object"
[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\Control]
[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\Implemented Categories]
[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]
[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]
[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\InprocServer32]
@="C:\\WINDOWS\\system32\\plugin.ocx"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\MiscStatus]
@="0"
[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\MiscStatus\1]
@="131473"
[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\ProgID]
@="Microsoft.ActiveXPlugin.1"
[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\ToolboxBitmap32]
@="C:\\WINDOWS\\system32\\plugin.ocx, 1"
[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\TypeLib]
@="{06DD38D0-D187-11CF-A80D-00C04FD74AD8}"
[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\Version]
@="1.0"
[HKEY_CLASSES_ROOT\CLSID\{06DD38D3-D187-11CF-A80D-00C04FD74AD8}\VersionIndependentProgID]
@="Microsoft.ActiveXPlugin"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe]
@="C:\\WINDOWS\\system32\\cmmgr32.exe"
"Path"="C:\\WINDOWS\\system32"
"CmstpExtensionDll"="C:\\WINDOWS\\system32\\cmcfg32.dll"
"CMInternalVersion"="1.2"
"CmNative"=dword:00000001
"ProfilesUpgraded"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\HydraVision]
"Path"="C:\\Program Files\\ATI Technologies\\ATI HydraVision"
@="C:\\Program Files\\ATI Technologies\\ATI HydraVision\\HydraVision"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\setup.exe]
"RunAsOnNonAdminInstall"=dword:00000001
"BlockOnTSNonInstallMode"=dword:00000001
"Path"="C:\\Program Files\\ATI Technologies\\ATI Control Panel"
@="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\setup.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\YourApp.exe]
"Path"="C:\\Program Files\\neuf telecom\\neuf Box"
@="C:\\Program Files\\neuf telecom\\neuf Box\\YourApp.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help]
"scanpst.hlp"="C:\\Program Files\\Fichiers communs\\SYSTEM\\MSMAPI\\1036\\"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\KB942615-IE7]
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,\
00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\KB944533-IE7]
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,\
00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WgaNotify]
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,\
00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\lameme]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\Step 2 (create serial).exe"="Win32 Cabinet Self-Extractor "
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\gun8.14.exe"="gun8.14"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\Step 3 (change serial).exe"="Step 3 (change serial)"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\RarSFX0\\officekey.exe"="officekey"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\RECYCLER\\rundll32.exe"="rundll32"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\WINDOWS\\system32\\svehost.exe"="svehost"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\Step 4 (verify).exe"="Step 4 (verify)"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\IXP000.TMP\\STEP2(~1.EXE"="MSKey Microsoft 基础类应用程序"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\RarSFX1\\findkey.exe"="findkey"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\RarSFX1\\xpkey.exe"="xpkey"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\RarSFX1\\officekey.exe"="officekey"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\is-5A417.tmp\\is-I6ELQ.tmp"="Setup/Uninstall"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\ARC12\\Step 4 (verify).exe"="Win32 Cabinet Self-Extractor "
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\SETUP_39336\\Engine.exe"="Setup/UnInstall Engine"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\syswcc32.exe"="syswcc32"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\ARC13\\Step 2 (create serial).exe"="Win32 Cabinet Self-Extractor "
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\IXP002.TMP\\STEP2(~1.EXE"="MSKey Microsoft 基础类应用程序"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Program Files\\Bat\\Bat.exe"="Bat"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\is-MP4O7.tmp\\sdsetup.tmp"="Setup/Uninstall"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Program Files\\Spyware Doctor\\Update.exe"="PC Tools Smart Update"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Program Files\\Spyware Doctor\\pctsGui.exe"="PC Tools GUI Application"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Program Files\\Spyware Doctor\\Patch.exe"="Patch"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Program Files\\Spyware Doctor\\pctsTray.exe"="PC Tools Tray Application"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Program Files\\Spyware Doctor\\unins000.exe"="Setup/Uninstall"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\_iu14D2N.tmp"="Setup/Uninstall"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\IXP000.TMP\\main.exe"="main"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\is-EODO7.tmp\\sdsetup.tmp"="Setup/Uninstall"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Program Files\\Spyware Doctor\\sdloader.exe"="sdloader"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\WINDOWS\\ie7\\spuninst\\spuninst.exe"="Désinstallation du Service Pack Windows"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\is-OHNLC.tmp\\spybotsd152.tmp"="Setup/Uninstall"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Pass2.cmd"="Pass2"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Documents and Settings\\Administrateur\\Local Settings\\Temporary Internet Files\\Content.IE5\\0VQDSVC7\\SDFix[1].exe"="SDFix[1]"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Documents and Settings\\Administrateur\\Bureau\\sdfix\\RunThis.bat"="RunThis"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\ADMINI~1\\Bureau\\sdfix\\RunThis.bat"="RunThis"
puis celui de hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:47, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wmsdkns.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Configuration de la neuf Box] C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
