voici le rapport combo :
ComboFix 08-07-02.5 - jean michel 2008-07-03 12:58:17.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1605 [GMT 2:00]
Endroit: D:\chargés\anti_virus etc\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Downloaded Program Files\setup.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IPRIP
-------\Service_Iprip
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-03 to 2008-07-03 ))))))))))))))))))))))))))))))))))))
.
2008-07-03 00:58 . 2008-07-03 00:58 113,270 --a------ C:\CleanX-II.exe
2008-07-02 18:44 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-02 18:44 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-02 18:44 . 2008-04-13 23:31 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-02 18:44 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-02 18:44 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-02 18:44 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-02 18:44 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-02 10:12 . 2008-07-02 10:12 <REP> d-------- C:\Documents and Settings\LocalService\Mes documents
2008-07-01 22:51 . 2008-07-03 00:48 60,307,268 --a------ C:\St Exupery B ecl.psd
2008-07-01 20:18 . 2008-07-01 21:43 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-01 20:18 . 2008-07-01 20:18 <REP> d-------- C:\Documents and Settings\jean michel\Application Data\Malwarebytes
2008-07-01 20:18 . 2008-07-01 20:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-01 20:18 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-01 20:18 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-01 19:02 . 2008-07-01 19:02 <REP> d-------- C:\Program Files\Avira
2008-07-01 19:02 . 2008-07-01 19:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-01 18:39 . 2004-08-05 14:00 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2008-07-01 18:29 . 2008-07-01 22:16 39,168,541 --a------ C:\St Exupery B nuit.psd
2008-06-30 23:21 . 2008-07-01 09:50 48,952,794 --a------ C:\St Exupery A ecl1 .psd
2008-06-30 22:46 . 2008-07-01 12:36 35,467,826 --a------ C:\Balmoral ecl.5.psd
2008-06-30 00:44 . 2008-06-30 23:21 48,886,297 --a------ C:\St Exupery A ecl.psd
2008-06-28 18:59 . 2008-06-28 18:59 <REP> d-------- C:\Program Files\Sophos
2008-06-27 22:07 . 2008-06-27 22:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-27 14:32 . 2008-06-28 07:50 250 --a------ C:\WINDOWS\gmer.ini
2008-06-27 11:55 . 2008-06-27 11:57 <REP> d-------- C:\haydjaquediss
2008-06-27 11:35 . 2008-06-27 11:35 <REP> d-------- C:\Program Files\VirusTotalUploader
2008-06-26 22:58 . 2008-06-26 22:58 <REP> d-------- C:\Program Files\Fichiers communs\France Telecom
2008-06-26 22:58 . 2007-09-25 19:31 65,536 --a------ C:\WINDOWS\system32\Autodial2000.dll
2008-06-26 22:53 . 2008-06-26 22:53 <REP> d-------- C:\Program Files\SAGEM
2008-06-26 22:52 . 2008-06-26 22:52 <REP> d-------- C:\Documents and Settings\jean michel\Application Data\InstallShield
2008-06-26 22:50 . 2008-06-26 22:50 <REP> d-------- C:\Program Files\Securitoo
2008-06-24 12:27 . 2008-06-24 12:27 <REP> d-------- C:\Program Files\Fichiers communs\ArcSoft
2008-06-24 12:27 . 2008-06-24 12:27 <REP> d--h----- C:\C_DILLA
2008-06-24 12:24 . 2008-06-24 12:24 <REP> d-------- C:\Program Files\Icone
2008-06-24 12:22 . 2008-06-24 12:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\kds_kodak
2008-06-24 12:20 . 2008-06-24 12:20 <REP> d-------- C:\WINDOWS\Easy CD-DA Extractor 11.5.2
2008-06-23 09:51 . 2008-06-24 12:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-06-16 21:18 . 2003-09-19 15:45 21,248 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2008-06-16 15:32 . 2008-06-16 15:32 33,979,249 --a------ C:\Balmoral ecl.4.psd
2008-06-15 23:33 . 2008-06-16 12:16 34,783,050 --a------ C:\Balmoral ecl.3.psd
2008-06-12 19:26 . 2008-06-12 19:26 36,970,524 --a------ C:\Balmoral ecl. 2.psd
2008-06-12 05:19 . 2008-06-12 05:19 35,128,981 --a------ C:\Balmoral ecl.2.psd
2008-06-11 04:03 . 2008-06-11 04:08 37,243,114 --a------ C:\Balmoral nuit.psd
2008-06-11 01:17 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 01:17 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-03 15:51 . 2008-06-03 15:51 <REP> d-------- C:\Documents and Settings\jean michel\Application Data\StoneLoopsOberon
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-03 11:02 --------- d-----w C:\Documents and Settings\jean michel\Application Data\WTablet
2008-07-02 16:45 2,356 ----a-w C:\WINDOWS\system32\tmp.reg
2008-07-01 16:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-30 07:00 --------- d-----w C:\Program Files\DVD X Player 4.1 Professionnel
2008-06-28 18:35 --------- d-----w C:\Documents and Settings\jean michel\Application Data\Todae
2008-06-26 21:00 --------- d-----w C:\Program Files\orange
2008-06-26 20:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-24 10:24 --------- d-----w C:\Program Files\Winamp
2008-06-24 10:23 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-06-24 09:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-24 09:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-24 09:56 --------- d-----w C:\Program Files\Kodak
2008-06-24 09:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-06-24 09:51 --------- d-----w C:\Program Files\RegCure
2008-06-24 09:48 --------- d-----w C:\Documents and Settings\jean michel\Application Data\ArcSoft
2008-06-18 00:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-18 00:10 --------- d-----w C:\Program Files\eMule
2008-06-16 19:18 --------- d-----w C:\Program Files\ArcSoft
2008-06-13 19:25 --------- d-----w C:\Program Files\TubeMaster
2008-05-28 01:36 --------- d-----w C:\Program Files\Alwil Software
2008-05-22 04:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\JollyBear
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-21 01:39 9,722,720 ----a-w C:\spybotsd152.exe
2008-04-09 05:41 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-04-09 05:41 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-01-14 13:19 8,596 ----a-w C:\Documents and Settings\All Users\Application Data\DVDXPL~1.dll
2007-01-14 23:45 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2005-01-27 19:27 17,245 ----a-w C:\WINDOWS\inf\hxdll.dll
2004-10-28 17:14 27,036 ----a-w C:\WINDOWS\inf\mdusb.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-15 21:17 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FIREBOX"="C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe" [2005-01-29 00:04 1003520]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-18 03:01 185632]
"SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 20:08 94208]
"ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 19:10 102400]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"= hxdll.dll
"midi2"= hxdll.dll
"midi4"= hxdll.dll
"midi5"= SimuDll.dll
"midi8"= hxdll.dll
"midi7"= hxdll.dll
"midi9"= hxdll.dll
"vidc.ptev"= ptevideo.dll
"vidc.div2"= divxc32.dll
"vidc.div3"= divxc32.dll
"vidc.div4"= divxc32f.dll
"vidc.xvid"= xvid.dll
"vidc.mjpg"= pvmjpg21.dll
"vidc.hfyu"= huffyuv.dll
"vidc.rt21"= IR21_R.DLL
"vidc.ir21"= IR21_R.DLL
"msacm.divxa32"= divxa32.acm
"msacm.wrpr"= aviwrap.dll
"vidc.wrpr"= aviwrap.dll
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^jean michel^Menu Démarrer^Programmes^Démarrage^Talk Now!.lnk]
path=C:\Documents and Settings\jean michel\Menu Démarrer\Programmes\Démarrage\Talk Now!.lnk
backup=C:\WINDOWS\pss\Talk Now!.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^jean michel^Menu Démarrer^Programmes^Démarrage^TalkNow ReadMe.lnk]
path=C:\Documents and Settings\jean michel\Menu Démarrer\Programmes\Démarrage\TalkNow ReadMe.lnk
backup=C:\WINDOWS\pss\TalkNow ReadMe.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-05 14:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-11-17 13:53 171464 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
--a------ 2005-05-11 02:46 200069 C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 21:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-10-18 03:01 185632 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\french\\setup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Groupement homologue Windows
"3540:UDP"= 3540:UDP:Protocole PNRP (Peer Name Resolution Protocol)
"28500:TCP"= 28500:TCP:emule
"28515:UDP"= 28515:UDP:emule1
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 KodakSvc;Kodak AiO Device Service;"C:\Program Files\Kodak\printer\center\KodakSvc.exe" [2007-12-13 11:07]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
R3 Dot4Usb HPH09;Dot4Usb HPH09;C:\WINDOWS\system32\drivers\hphius09.sys [2003-01-30 19:55]
R3 ps_1394;ps_1394;C:\WINDOWS\system32\Drivers\ps_1394.sys [2004-10-15 00:33]
R3 ps_avs;ps_avs;C:\WINDOWS\system32\Drivers\ps_avs.sys [2004-10-15 00:33]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2006-02-14 23:18]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-11-15 21:55]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\1E.tmp []
S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe [2004-08-05 14:00]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 19:23]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 19:23]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-11-10 19:23]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 19:23]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-11-10 19:23]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-11-10 19:23]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-11-10 19:24]
S3 USBMIDI;UF USB MIDI Driver;C:\WINDOWS\system32\Drivers\Mdusb.sys [2004-10-28 19:14]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-25 05:50:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-03 11:01:51 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-06-12 01:00:00 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-07-02 19:07:48 C:\WINDOWS\Tasks\User_Feed_Synchronization-{A0C5FC47-0D74-4EC4-8849-CF6FE7A78553}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-07-03 13:02:26
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\1E.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\
0\FTRTSVC.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\
0\AlertModule.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-03 13:06:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-03 11:06:36
Pre-Run: 25,671,086,080 octets libres
Post-Run: 25,998,508,032 octets libres
248 --- E O F --- 2008-07-01 22:37:22
...et voilà le dernier hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:17:23, on 03/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\haydjaquediss\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [FIREBOX] C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Ouvrir client sur le moniteur &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Ouvrir client sur le moniteur &2 - C:\WINDOWS\web\AOpenClient.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactiv(...)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) -
http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) -
http://www.new2.foto.com/ImageUploader5.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_s(...)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) -
http://express.foto.com/NewUploader/ImageUploader4.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) -
http://jeuxentelechargement.orange.fr/gameshell/online/fr/luxor_amun_rising/m(...)
O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) -
https://www.fnacmusic.com/telechargementFnacmusic/FnacmusicDnl.CAB
O16 - DPF: {C8751A11-7A61-4FD3-893B-8CD7757C2C71} (Webaddon3d Control) -
http://3d.cannes.fr/maquette3D/plugin/Webaddon3D.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) -
http://jeuxentelechargement.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.c(...)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 8836 bytes