RESOLU a l'aide SVp : System alert et Spyware alert - Sécurité - Virus
Ceci répond-il à votre question ? Oui | Non
 

Ajouter une réponse



 Mot :   Pseudo :  
 
Bas de page
Auteur
 Sujet : RESOLU a l'aide SVp : System alert et Spyware alert
 
Profil : IDNaute
Plus d'informations

Bonjour,  
 
 
J'ai un gros  souci :  des pops up intempestifs  System Alert et Spyware Alert qui m'ouvre des pages internet soit disant pour telecharger des outils de nettoyage.
 
Comme je l'ai lu dans une discussion precedente ( mais different etresolu) , j'ai appliqué ceci :
 
 
 
SmitFraudFix v2.262
 
Rapport fait à 22:02:31,81, 11/12/2007
Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
 
»»»»»»»»»»»»»»»»»»»»»»»» Process
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\BtUsrBdg.exe
C:\WINDOWS\system32\BTSetBootKey.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\WINSOS\WINSOS.EXE
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
 
»»»»»»»»»»»»»»»»»»»»»»»» hosts
 
 
»»»»»»»»»»»»»»»»»»»»»»»» C:\
 
 
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
 
C:\WINDOWS\jokvip.exe PRESENT !
C:\WINDOWS\leorop.dll PRESENT !
C:\WINDOWS\nopzet.dll PRESENT !
C:\WINDOWS\retnsrp.dll PRESENT !
 
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
 
 
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
 
 
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
 
 
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Propri‚taire
 
 
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Propri‚taire\Application Data
 
 
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
 
 
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_PRO~1\Favoris
 
C:\DOCUME~1\HP_PRO~1\Favoris\Error Cleaner.url PRESENT !
C:\DOCUME~1\HP_PRO~1\Favoris\Privacy Protector.url PRESENT !
C:\DOCUME~1\HP_PRO~1\Favoris\Spyware?Malware Protection.url PRESENT !
 
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
 
C:\DOCUME~1\HP_PRO~1\Bureau\Error Cleaner.url PRESENT !
C:\DOCUME~1\HP_PRO~1\Bureau\Privacy Protector.url PRESENT !
C:\DOCUME~1\HP_PRO~1\Bureau\Spyware?Malware Protection.url PRESENT !
 
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files  
 
C:\Program Files\RichVideoCodec\ PRESENT !
 
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
 
 
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 
 
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
 
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
 
 
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\KASPER~1\\KASPER~1.0\\adialhk.dll"
 
 
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
 
 
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
 
 
 
»»»»»»»»»»»»»»»»»»»»»»»» DNS
 
Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté !
 
Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 85.255.116.30
DNS Server Search Order: 85.255.112.19
 
Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté !
 
Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 85.255.116.30
DNS Server Search Order: 85.255.112.19
 
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E658C067-685E-4840-9EC2-ADC9EA7F2B73}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E658C067-685E-4840-9EC2-ADC9EA7F2B73}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E658C067-685E-4840-9EC2-ADC9EA7F2B73}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.30 85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.30 85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.116.30 85.255.112.19
 
 
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
 
 
»»»»»»»»»»»»»»»»»»»»»»»» Fin


Message édité par djamilazem le 14-12-2007 à 13:31:25
Liens

Profil : IDNaute
Plus d'informations

S'il vous plait aidez moi, je ne peux plus rien faire sur mon PC
 
 
Tout est tres long !
 
Merci d'avance !

Profil : Helper
Plus d'informations

Bonjour,
 
Redémarrem en mode sans échec
 
Lance SmitfraudFix.exe et choisis cette fois l'Option 2 et réponds oui à la ou les questions.
Sauvegarde le rapport sur ton Bureau.
 
Redémarre normalement.
 
Poste les rapports Hijackthis et SmitfraudFix.


---------------
Prévention & Protection|Les logiciels gratuits|L'homme  du FLCCF
Profil : IDNaute
Plus d'informations

Bonjour ;
 
Voila :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:10:31, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\HP_Propriétaire\Bureau\HiJackThis\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.p [...] Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: OFK System - {5F1F01A9-4013-4C28-90E9-8C50F03B5E37} - C:\WINDOWS\blopenvkgq.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
O3 - Toolbar: The retnsrp - {AAA535B5-251D-4B8F-A8D0-0D3A29C7309E} - C:\WINDOWS\retnsrp.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [C:\WINDOWS\system32\V0230Cvw.dll] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0230Cvw.dll
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.30 85.255.112.19
O17 - HKLM\System\CS1\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: NameServer = 85.255.116.30,85.255.112.19
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.30 85.255.112.19
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O21 - SSODL: leorop - {3304F570-09B8-4812-A1F6-333AC2FF9AE4} - C:\WINDOWS\leorop.dll
O21 - SSODL: nopzet - {C312BDBD-C16E-4B54-8320-61619522205C} - C:\WINDOWS\nopzet.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
 
--
End of file - 10664 bytes
++++++++++++++++++++++++++++++++++++++++++++
 
et le second :  
 
 
SmitFraudFix v2.262
 
Rapport fait à 14:12:16,34, 12/12/2007
Executé à partir de C:\Documents and Settings\HP_Propri‚taire\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
 
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
 
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
 
 
»»»»»»»»»»»»»»»»»»»»»»»» hosts
 
 
127.0.0.1       localhost
 
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
 
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
 
GenericRenosFix by S!Ri
 
 
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
 
C:\WINDOWS\jokvip.exe supprimé
C:\WINDOWS\leorop.dll supprimé
Deleting [HKEY_CLASSES_ROOT\CLSID\{3304F570-09B8-4812-A1F6-333AC2FF9AE4}]
Deleting [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3304F570-09B8-4812-A1F6-333AC2FF9AE4}]
C:\WINDOWS\nopzet.dll supprimé
Deleting [HKEY_CLASSES_ROOT\CLSID\{C312BDBD-C16E-4B54-8320-61619522205C}]
C:\WINDOWS\retnsrp.dll supprimé
C:\DOCUME~1\HP_PRO~1\Bureau\Error Cleaner.url supprimé
C:\DOCUME~1\HP_PRO~1\Bureau\Privacy Protector.url supprimé
C:\DOCUME~1\HP_PRO~1\Bureau\Spyware?Malware Protection.url supprimé
C:\DOCUME~1\HP_PRO~1\Favoris\Error Cleaner.url supprimé
C:\DOCUME~1\HP_PRO~1\Favoris\Privacy Protector.url supprimé
C:\DOCUME~1\HP_PRO~1\Favoris\Spyware?Malware Protection.url supprimé
C:\Program Files\RichVideoCodec\ supprimé
 
»»»»»»»»»»»»»»»»»»»»»»»» DNS
 
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E658C067-685E-4840-9EC2-ADC9EA7F2B73}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E658C067-685E-4840-9EC2-ADC9EA7F2B73}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5635D1AD-2298-4D5F-82D1-1A95D5D626B2}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{612BBDF6-8288-4C6C-BEAC-2F65D21B02AC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D79A5205-D146-4139-BBEE-E66B91533ECD}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DB663096-3DD7-46FE-BFBD-853005F6867C}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DD1BB506-5DE5-49AF-B3A8-FCEC67B52099}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E658C067-685E-4840-9EC2-ADC9EA7F2B73}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: DhcpNameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FE1542AA-7BE7-4F3A-A157-8F48FAA5A4F3}: NameServer=85.255.116.30,85.255.112.19
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.30 85.255.112.19
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.30 85.255.112.19
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.116.30 85.255.112.19
 
 
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
 
 
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
 
 
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
 
Nettoyage terminé.  
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
 
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
 
 
»»»»»»»»»»»»»»»»»»»»»»»» Fin
 
++++++++++++++++++++++++++++++++++++++

Profil : Helper
Plus d'informations

C'est déjà mieux ?
 

  • Télécharge combofix.exe (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.


NOTE : Le rapport se trouve également ici : C:\Combofix.txt


---------------
Prévention & Protection|Les logiciels gratuits|L'homme  du FLCCF
Profil : IDNaute
Plus d'informations

Bonjour,
 
Oui c'est vrai que ca va mieux .....
 
Voici le rapport :  
 
++++++++++++++++++++++++++++++++++++++++++++++++
ComboFix 07-12-12.3 - HP_Propriétaire 2007-12-12 18:07:54.1 - NTFSx86
Running from: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
 * Created a new restore point
.
 
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\WINDOWS\dat.txt
C:\WINDOWS\pack.epk
C:\WINDOWS\search_res.txt
C:\WINDOWS\winsys.ini
 
.
(((((((((((((((((((((((((((((   Fichiers créés 2007-11-12 to 2007-12-12  ))))))))))))))))))))))))))))))))))))
.
 
2007-12-11 20:31 . 2007-12-11 20:31 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-12-11 20:30 . 2007-12-12 14:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-11 14:25 . 2007-12-11 14:25 <REP> d-------- C:\Program Files\AxBx
2007-12-11 14:15 . 2007-12-11 16:10 <REP> d-------- C:\Program Files\Spyware Doctor
2007-12-11 14:15 . 2007-12-11 14:15 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\PC Tools
2007-12-11 14:01 . 2007-12-11 19:58 <REP> d-------- C:\Program Files\Winsos
2007-12-11 11:38 . 2006-06-01 06:30 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2007-12-11 11:38 . 2005-10-20 20:05 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage réseau
2007-12-11 11:38 . 2005-10-20 20:05 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-12-11 11:38 . 2005-10-26 23:35 <REP> d-------- C:\Documents and Settings\Administrateur\Modèles
2007-12-11 11:38 . 2005-10-26 23:35 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2007-12-11 11:38 . 2005-10-26 23:35 <REP> d-------- C:\Documents and Settings\Administrateur\Menu Démarrer
2007-12-11 11:38 . 2007-08-19 19:39 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2007-12-11 11:38 . 2005-10-20 20:05 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-12-11 11:38 . 2006-06-01 06:53 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2007-12-11 11:14 . 2007-12-11 11:14 <REP> d-------- C:\Program Files\CCleaner
2007-12-10 12:44 . 2007-12-10 12:45 <REP> d-------- C:\Program Files\Windows Live Safety Center
2007-11-25 22:30 . 2007-11-25 22:35 <REP> d-------- C:\Program Files\PhotoFiltre
2007-11-25 12:06 . 2007-11-25 12:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Creative
2007-11-14 16:48 . 2007-11-14 16:48 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\InstallShield
2007-11-14 13:03 . 2007-11-14 13:03 <REP> d-------- C:\Program Files\Yahoo!
 
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-12 17:29 1,439,008 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-12 17:27 18,208 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-12 13:12 4,600 ----a-w C:\WINDOWS\system32\tmp.reg
2007-12-12 13:02 2,060 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-12 13:02 18,680 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-11 19:47 82,061 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-12-11 19:47 81,549 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-12-11 15:09 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-12-11 10:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\GamesBar
2007-12-10 21:35 --------- d-----w C:\Program Files\Gamenext
2007-12-10 17:57 253,952 ----a-w C:\WINDOWS\blopenvkgq.dll
2007-12-10 13:15 --------- d-----w C:\Program Files\Total Video Converter
2007-11-25 11:06 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Creative
2007-11-23 22:14 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\U3
2007-11-18 22:39 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-14 16:47 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\muvee Technologies
2007-11-14 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2007-11-14 15:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-14 15:50 --------- d-----w C:\Program Files\muvee Technologies
2007-11-14 15:50 --------- d-----w C:\Program Files\Fichiers communs\muvee Technologies
2007-11-07 22:47 --------- d-----w C:\Program Files\Creative
2007-11-06 23:00 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-06 22:57 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-11-06 22:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-02 16:07 --------- d-----w C:\Program Files\STOIK
2007-10-30 14:40 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-30 14:40 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-29 10:28 --------- d-----w C:\Program Files\Zylom Games
2007-10-28 20:23 --------- d-----w C:\Program Files\GamesBar
2007-10-28 20:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-10-28 18:28 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Zylom
2007-10-28 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2007-10-28 12:52 --------- d-----w C:\Program Files\D-Tools
2007-10-28 12:26 --------- d-----w C:\Program Files\EA GAMES
2007-10-27 21:54 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\FileZilla
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-24 16:42 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\PlayFirst
2007-10-24 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-10-21 17:19 --------- d-----w C:\Program Files\VoiceOfMinarets
2007-10-17 23:16 79,688 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
2007-10-17 23:16 29,000 ----a-w C:\WINDOWS\system32\drivers\kcom.sys
2007-10-17 23:15 62,280 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
2007-10-17 23:14 41,288 ----a-w C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-10-17 12:54 --------- d-----w C:\Program Files\Photo To Sketch
2007-08-22 12:43 366 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\wklnhst.dat
2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-06-18 09:05 45,056 ----a-w C:\WINDOWS\inf\Slntinst.exe
2003-08-22 09:09 45,056 ----a-w C:\WINDOWS\inf\slntinst_staticW2k.exe
.
 
(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F1F01A9-4013-4C28-90E9-8C50F03B5E37}]
2007-12-10 18:57 253952 --a------ C:\WINDOWS\blopenvkgq.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{AAA535B5-251D-4B8F-A8D0-0D3A29C7309E}"= C:\WINDOWS\retnsrp.dll [ ]
 
[HKEY_CLASSES_ROOT\clsid\{aaa535b5-251d-4b8f-a8d0-0d3a29c7309e}]
[HKEY_CLASSES_ROOT\retnsrp.ToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{9E328EC6-4840-42A4-B849-4DCADF3E68AE}]
[HKEY_CLASSES_ROOT\retnsrp.ToolBar]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-24 12:13]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 11:29]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 16:00]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-11-22 17:10]
"WINSOS VERIFY"="C:\Program Files\WINSOS\WINSOS.exe" [2007-05-15 12:53]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 12:54 C:\WINDOWS\RTHDCPL.EXE]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 07:35]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 01:46]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 01:23]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-06-01 06:22]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 14:40]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 17:58]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 22:50]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 09:42]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 16:49]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 12:00 C:\WINDOWS\system32\bthprops.cpl]
"BTUSRBDG"="BtUsrBdg.exe" [2003-11-05 21:21 C:\WINDOWS\system32\BtUsrBdg.exe]
"BTSETBOOTKEY"="BTSetBootKey.exe" [2003-04-15 09:48 C:\WINDOWS\system32\BTSetBootKey.exe]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"C:\WINDOWS\system32\V0230Cvw.dll"="C:\WINDOWS\system32\RegSvr32.exe" [2004-08-05 12:00]
"V0230Mon.exe"="C:\WINDOWS\system32\V0230Mon.exe" [2006-07-19 18:00]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]
"VirusKeeper"="C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe" [2007-10-24 21:23]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]
 
C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-06-01 05:43:13]
 
C:\Documents and Settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe [2006-05-23 22:17:00]
 
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]
 
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"= 0 (0x0)
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
 
R3 BTCOMM;BTCOMM;C:\WINDOWS\system32\drivers\Btcomm.sys
R3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
R3 V0230Vfx;V0230Vfx;C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys
R3 V0230VID;Live! Cam Video IM Pro;C:\WINDOWS\system32\DRIVERS\V0230VID.sys
R3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\system32\drivers\vadmulti.sys
S3 CSRBC01;%CSRBC01.SvcDesc%;C:\WINDOWS\system32\Drivers\csrbc01.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00c9fea1-852e-11dc-9a6e-0016ecba35da}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13b01f9d-50a6-11dc-a9aa-00179ab04be0}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ea35efa-5c62-11dc-a9d0-00179ab04be0}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ea35efc-5c62-11dc-a9d0-00179ab04be0}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44aa3ac9-8b06-11dc-9541-0016ecba35da}]
\Shell\AutoRun\command - L:\LaunchU3.exe
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b385e2f-7b09-11dc-aa0f-00025b00cbbe}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{724983a0-4e83-11dc-a99f-0016ecba35da}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{724983a1-4e83-11dc-a99f-0016ecba35da}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c94155bc-56e0-11dc-a9bd-00179ab04be0}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
 
*Newly Created Service* - CATCHME  
*Newly Created Service* - PROCEXP90  
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-12 10:10:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
 
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-12 18:28:27
Windows 5.1.2600 Service Pack 2 NTFS
 
detected NTDLL code modification:
ZwClose
 
scanning hidden processes ...
 
scanning hidden autostart entries ...
 
scanning hidden files ...
 
scan completed successfully  
hidden files: 0  
 
**************************************************************************
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\WINDOWS\\system32\\V0230Cvw.dll"="C:\\WINDOWS\\system32\\RegSvr32.exe /s C:\\WINDOWS\\system32\\V0230Cvw.dll"
.
Completion time: 2007-12-12 18:33:12
.
2007-12-11 18:57:22 --- E O F ---  
+++++++++++++++++++++++++++++++++++++++++++++++++++
 

Profil : Helper
Plus d'informations

Re,
 
Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
 

File::
C:\WINDOWS\blopenvkgq.dll  
C:\WINDOWS\retnsrp.dll
 
Folder::
C:\Program Files\WINSOS
 
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F1F01A9-4013-4C28-90E9-8C50F03B5E37}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{AAA535B5-251D-4B8F-A8D0-0D3A29C7309E}"=-
[-HKEY_CLASSES_ROOT\clsid\{aaa535b5-251d-4b8f-a8d0-0d3a29c7309e}]
[-HKEY_CLASSES_ROOT\retnsrp.ToolBar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{9E328EC6-4840-42A4-B849-4DCADF3E68AE}]
[-HKEY_CLASSES_ROOT\retnsrp.ToolBar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINSOS VERIFY"=-


 
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
 
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
 
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.


---------------
Prévention & Protection|Les logiciels gratuits|L'homme  du FLCCF
Profil : IDNaute
Plus d'informations

Bonsoir ;
 
Pas de reboot ....
Voila ComboFix :
 
2007-10-24 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-10-21 17:19 --------- d-----w C:\Program Files\VoiceOfMinarets
2007-10-17 12:54 --------- d-----w C:\Program Files\Photo To Sketch
2007-08-22 12:43 366 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\wklnhst.dat
2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-06-18 09:05 45,056 ----a-w C:\WINDOWS\inf\Slntinst.exe
2003-08-22 09:09 45,056 ----a-w C:\WINDOWS\inf\slntinst_staticW2k.exe
.
 
(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-24 12:13]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 11:29]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-05-31 16:00]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-11-22 17:10]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 12:54 C:\WINDOWS\RTHDCPL.EXE]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 07:35]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 01:46]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 01:23]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-06-01 06:22]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 14:40]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 17:58]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 22:50]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 09:42]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 16:49]
"BluetoothAuthenticationAgent"="bthprops.cpl" [