********
13:09: | Start of Session, dimanche 5 février 2006 |
13:09: Spy Sweeper started
13:09: Sweep initiated using definitions version 611
13:09: Starting Memory Sweep
13:11: Memory Sweep Complete, Elapsed Time: 00:01:49
13:11: Starting Registry Sweep
13:11: Found Adware: 180search assistant/zango
13:11: HKCR\clsid\{d676f999-4608-4dc5-a135-4f51f4212739}\ (1 subtraces) (ID = 792270)
13:11: HKLM\software\classes\clsid\{d676f999-4608-4dc5-a135-4f51f4212739}\ (1 subtraces) (ID = 792320)
13:11: Found Adware: command
13:11: HKLM\system\currentcontrolset\services\cmdservice\ (5 subtraces) (ID = 958670)
13:11: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (6 subtraces) (ID = 1016064)
13:11: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (8 subtraces) (ID = 1016072)
13:11: Found Adware: winad
13:11: HKCR\mediagateway.installer.1\ (3 subtraces) (ID = 1026542)
13:11: HKCR\mediagateway.licenseinstaller\ (5 subtraces) (ID = 1026546)
13:11: HKCR\mediagateway.licenseinstaller.1\ (3 subtraces) (ID = 1026552)
13:11: HKCR\clsid\{144b9c7e-235a-4316-9eb3-5e393714c77a}\ (14 subtraces) (ID = 1026556)
13:11: HKCR\typelib\{91e523db-2a1c-4231-bb06-9be27c28739a}\ (9 subtraces) (ID = 1026571)
13:11: HKLM\software\classes\mediagateway.licenseinstaller\ (5 subtraces) (ID = 1026584)
13:11: HKLM\software\classes\mediagateway.licenseinstaller.1\ (3 subtraces) (ID = 1026590)
13:11: HKLM\software\classes\clsid\{144b9c7e-235a-4316-9eb3-5e393714c77a}\ (14 subtraces) (ID = 1026594)
13:11: HKLM\software\classes\typelib\{91e523db-2a1c-4231-bb06-9be27c28739a}\ (9 subtraces) (ID = 1026609)
13:11: HKLM\software\mediagateway\ (4 subtraces) (ID = 1026619)
13:11: HKLM\software\classes\mediagateway.installer.1\ (3 subtraces) (ID = 1026624)
13:11: HKLM\software\microsoft\windows\currentversion\run\ || mediagateway (ID = 1026625)
13:11: HKLM\software\microsoft\windows\currentversion\uninstall\mediagateway\ (2 subtraces) (ID = 1026626)
13:11: Found Adware: findthewebsiteyouneed hijacker
13:11: HKLM\software\microsoft\windows\currentversion\run\ || winsysupd (ID = 1121711)
13:11: Found Adware: dollarrevenue
13:11: HKLM\software\microsoft\drsmartload2\ (1 subtraces) (ID = 1134137)
13:11: Registry Sweep Complete, Elapsed Time:00:00:08
13:11: Starting Cookie Sweep
13:11: Found Spy Cookie: hbmediapro cookie
13:11: didir@adopt.hbmediapro[2].txt (ID = 2768)
13:11: Found Spy Cookie: atlas dmt cookie
13:11: didir@atdmt[2].txt (ID = 2253)
13:11: Found Spy Cookie: atwola cookie
13:11: didir@atwola[1].txt (ID = 2255)
13:11: Found Spy Cookie: a cookie
13:11: didir@a[1].txt (ID = 2027)
13:11: Found Spy Cookie: belnk cookie
13:11: didir@belnk[2].txt (ID = 2292)
13:11: Found Spy Cookie: bizrate cookie
13:11: didir@bizrate[2].txt (ID = 2308)
13:11: didir@dist.belnk[2].txt (ID = 2293)
13:11: Found Spy Cookie: fe.lea.lycos.com cookie
13:11: didir@fe.lea.lycos[1].txt (ID = 2660)
13:11: Found Spy Cookie: clickandtrack cookie
13:11: didir@hits.clickandtrack[2].txt (ID = 2397)
13:11: Found Spy Cookie: mediaplex cookie
13:11: didir@mediaplex[1].txt (ID = 6442)
13:11: Found Spy Cookie: metriweb.be cookie
13:11: didir@metriweb[1].txt (ID = 2992)
13:11: Found Spy Cookie: touchclarity cookie
13:11: didir@msn.touchclarity[1].txt (ID = 3566)
13:11: Found Spy Cookie: reliablestats cookie
13:11: didir@stats1.reliablestats[1].txt (ID = 3254)
13:11: Found Spy Cookie: tacoda cookie
13:11: didir@tacoda[1].txt (ID = 6444)
13:11: Found Spy Cookie: weborama cookie
13:11: didir@weborama[1].txt (ID = 3658)
13:11: Found Spy Cookie: xiti cookie
13:11: didir@xiti[1].txt (ID = 3717)
13:11: Cookie Sweep Complete, Elapsed Time: 00:00:00
13:11: Starting File Sweep
13:11: c:\program files\mediagateway (ID = -2147463340)
13:14: Found Adware: targetsaver
13:14: class-barrel (ID = 78229)
13:14: tsupdate2[1].ini (ID = 193498)
13:15: installer[1].exe (ID = 231664)
13:15: vocabulary (ID = 78283)
13:15: t354urk.vbs (ID = 185675)
13:16: File Sweep Complete, Elapsed Time: 00:04:27
13:16: Full Sweep has completed. Elapsed time 00:06:32
13:16: Traces Found: 138
13:16: Removal process initiated
13:16: Quarantining All Traces: 180search assistant/zango
13:16: Quarantining All Traces: dollarrevenue
13:16: Quarantining All Traces: winad
13:16: Quarantining All Traces: command
13:16: Quarantining All Traces: findthewebsiteyouneed hijacker
13:16: Quarantining All Traces: targetsaver
13:16: Quarantining All Traces: a cookie
13:16: Quarantining All Traces: atlas dmt cookie
13:16: Quarantining All Traces: atwola cookie
13:16: Quarantining All Traces: belnk cookie
13:16: Quarantining All Traces: bizrate cookie
13:16: Quarantining All Traces: clickandtrack cookie
13:16: Quarantining All Traces: fe.lea.lycos.com cookie
13:16: Quarantining All Traces: hbmediapro cookie
13:16: Quarantining All Traces: mediaplex cookie
13:16: Quarantining All Traces: metriweb.be cookie
13:16: Quarantining All Traces: reliablestats cookie
13:16: Quarantining All Traces: tacoda cookie
13:16: Quarantining All Traces: touchclarity cookie
13:16: Quarantining All Traces: weborama cookie
13:16: Quarantining All Traces: xiti cookie
13:16: Removal process completed. Elapsed time 00:00:14
********
13:06: | Start of Session, dimanche 5 février 2006 |
13:06: Spy Sweeper started
13:07: Your spyware definitions have been updated.
13:09: | End of Session, dimanche 5 février 2006 |
Logfile of HijackThis v1.99.1
Scan saved at 13:18:16, on 5/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\program\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE"
/STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common
Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP
Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"
/startintray
O4 - HKCU\..\Run: [Creative Detector] C:\Program
Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Voissa No Pubs] C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe -hide
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma
Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} -
C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} -
C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Ajouter un Pop-Up - {DE39E849-A37D-4126-8AE1-1551364ADA96} - C:\Program
Files\VoissaNoPubs\VoissaNoPubs.exe
O9 - Extra 'Tools' menuitem: Tools Menu Item - {DE39E849-A37D-4126-8AE1-1551364ADA96} -
C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...cab?11356730328
50
O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\i6lo0g33e6.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe
Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido
anti-malware\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. -
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program
Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. -
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton
Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program
Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program
Files\Webroot\Spy Sweeper\WRSSSDK.exe
********
13:09: | Start of Session, dimanche 5 février 2006 |
13:09: Spy Sweeper started
13:09: Sweep initiated using definitions version 611
13:09: Starting Memory Sweep
13:11: Memory Sweep Complete, Elapsed Time: 00:01:49
13:11: Starting Registry Sweep
13:11: Found Adware: 180search assistant/zango
13:11: HKCR\clsid\{d676f999-4608-4dc5-a135-4f51f4212739}\ (1 subtraces) (ID = 792270)
13:11: HKLM\software\classes\clsid\{d676f999-4608-4dc5-a135-4f51f4212739}\ (1 subtraces) (ID = 792320)
13:11: Found Adware: command
13:11: HKLM\system\currentcontrolset\services\cmdservice\ (5 subtraces) (ID = 958670)
13:11: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (6 subtraces) (ID = 1016064)
13:11: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (8 subtraces) (ID = 1016072)
13:11: Found Adware: winad
13:11: HKCR\mediagateway.installer.1\ (3 subtraces) (ID = 1026542)
13:11: HKCR\mediagateway.licenseinstaller\ (5 subtraces) (ID = 1026546)
13:11: HKCR\mediagateway.licenseinstaller.1\ (3 subtraces) (ID = 1026552)
13:11: HKCR\clsid\{144b9c7e-235a-4316-9eb3-5e393714c77a}\ (14 subtraces) (ID = 1026556)
13:11: HKCR\typelib\{91e523db-2a1c-4231-bb06-9be27c28739a}\ (9 subtraces) (ID = 1026571)
13:11: HKLM\software\classes\mediagateway.licenseinstaller\ (5 subtraces) (ID = 1026584)
13:11: HKLM\software\classes\mediagateway.licenseinstaller.1\ (3 subtraces) (ID = 1026590)
13:11: HKLM\software\classes\clsid\{144b9c7e-235a-4316-9eb3-5e393714c77a}\ (14 subtraces) (ID = 1026594)
13:11: HKLM\software\classes\typelib\{91e523db-2a1c-4231-bb06-9be27c28739a}\ (9 subtraces) (ID = 1026609)
13:11: HKLM\software\mediagateway\ (4 subtraces) (ID = 1026619)
13:11: HKLM\software\classes\mediagateway.installer.1\ (3 subtraces) (ID = 1026624)
13:11: HKLM\software\microsoft\windows\currentversion\run\ || mediagateway (ID = 1026625)
13:11: HKLM\software\microsoft\windows\currentversion\uninstall\mediagateway\ (2 subtraces) (ID = 1026626)
13:11: Found Adware: findthewebsiteyouneed hijacker
13:11: HKLM\software\microsoft\windows\currentversion\run\ || winsysupd (ID = 1121711)
13:11: Found Adware: dollarrevenue
13:11: HKLM\software\microsoft\drsmartload2\ (1 subtraces) (ID = 1134137)
13:11: Registry Sweep Complete, Elapsed Time:00:00:08
13:11: Starting Cookie Sweep
13:11: Found Spy Cookie: hbmediapro cookie
13:11: didir@adopt.hbmediapro[2].txt (ID = 2768)
13:11: Found Spy Cookie: atlas dmt cookie
13:11: didir@atdmt[2].txt (ID = 2253)
13:11: Found Spy Cookie: atwola cookie
13:11: didir@atwola[1].txt (ID = 2255)
13:11: Found Spy Cookie: a cookie
13:11: didir@a[1].txt (ID = 2027)
13:11: Found Spy Cookie: belnk cookie
13:11: didir@belnk[2].txt (ID = 2292)
13:11: Found Spy Cookie: bizrate cookie
13:11: didir@bizrate[2].txt (ID = 2308)
13:11: didir@dist.belnk[2].txt (ID = 2293)
13:11: Found Spy Cookie: fe.lea.lycos.com cookie
13:11: didir@fe.lea.lycos[1].txt (ID = 2660)
13:11: Found Spy Cookie: clickandtrack cookie
13:11: didir@hits.clickandtrack[2].txt (ID = 2397)
13:11: Found Spy Cookie: mediaplex cookie
13:11: didir@mediaplex[1].txt (ID = 6442)
13:11: Found Spy Cookie: metriweb.be cookie
13:11: didir@metriweb[1].txt (ID = 2992)
13:11: Found Spy Cookie: touchclarity cookie
13:11: didir@msn.touchclarity[1].txt (ID = 3566)
13:11: Found Spy Cookie: reliablestats cookie
13:11: didir@stats1.reliablestats[1].txt (ID = 3254)
13:11: Found Spy Cookie: tacoda cookie
13:11: didir@tacoda[1].txt (ID = 6444)
13:11: Found Spy Cookie: weborama cookie
13:11: didir@weborama[1].txt (ID = 3658)
13:11: Found Spy Cookie: xiti cookie
13:11: didir@xiti[1].txt (ID = 3717)
13:11: Cookie Sweep Complete, Elapsed Time: 00:00:00
13:11: Starting File Sweep
13:11: c:\program files\mediagateway (ID = -2147463340)
13:14: Found Adware: targetsaver
13:14: class-barrel (ID = 78229)
13:14: tsupdate2[1].ini (ID = 193498)
13:15: installer[1].exe (ID = 231664)
13:15: vocabulary (ID = 78283)
13:15: t354urk.vbs (ID = 185675)
13:16: File Sweep Complete, Elapsed Time: 00:04:27
13:16: Full Sweep has completed. Elapsed time 00:06:32
13:16: Traces Found: 138
13:16: Removal process initiated
13:16: Quarantining All Traces: 180search assistant/zango
13:16: Quarantining All Traces: dollarrevenue
13:16: Quarantining All Traces: winad
13:16: Quarantining All Traces: command
13:16: Quarantining All Traces: findthewebsiteyouneed hijacker
13:16: Quarantining All Traces: targetsaver
13:16: Quarantining All Traces: a cookie
13:16: Quarantining All Traces: atlas dmt cookie
13:16: Quarantining All Traces: atwola cookie
13:16: Quarantining All Traces: belnk cookie
13:16: Quarantining All Traces: bizrate cookie
13:16: Quarantining All Traces: clickandtrack cookie
13:16: Quarantining All Traces: fe.lea.lycos.com cookie
13:16: Quarantining All Traces: hbmediapro cookie
13:16: Quarantining All Traces: mediaplex cookie
13:16: Quarantining All Traces: metriweb.be cookie
13:16: Quarantining All Traces: reliablestats cookie
13:16: Quarantining All Traces: tacoda cookie
13:16: Quarantining All Traces: touchclarity cookie
13:16: Quarantining All Traces: weborama cookie
13:16: Quarantining All Traces: xiti cookie
13:16: Removal process completed. Elapsed time 00:00:14
********
13:06: | Start of Session, dimanche 5 février 2006 |
13:06: Spy Sweeper started
13:07: Your spyware definitions have been updated.
13:09: | End of Session, dimanche 5 février 2006 |
Logfile of HijackThis v1.99.1
Scan saved at 13:18:16, on 5/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\program\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Voissa No Pubs] C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe -hide
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Ajouter un Pop-Up - {DE39E849-A37D-4126-8AE1-1551364ADA96} - C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
O9 - Extra 'Tools' menuitem: Tools Menu Item - {DE39E849-A37D-4126-8AE1-1551364ADA96} - C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1135673032850
O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\i6lo0g33e6.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe