[résolu]un spyware a détruit l'option affichage (résolu)

cjulie91 · le 14 mai 2005

ca y est la c sur il est complet !!!!!!!!!!!!!

"Silent Runners.vbs", revision 36, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit" [MS]

"CursorXP" = "C:\Program Files\CursorXP\CursorXP.exe" [" "]

"SMSSU" = "C:\WINDOWS\System32\SMSSU.EXE" [null data]

"Tmntsrv32" = "C:\WINDOWS\System32\Tmntsrv32.EXE" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Smapp" = "C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" ["Analog Devices, Inc."]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"Desksite CMA" = "C:\Program Files\desksite\bin\cma.exe" ["DeskSite, Inc."]

"WooCnxMon" = "C:\PROGRA~1\Wanadoo\CnxMon.exe" [empty string]

"SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]

"WOOWATCH" = "C:\PROGRA~1\Wanadoo\Watch.exe" ["France Télécom R&D"]

"WOOTASKBARICON" = "C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [null data]

"msnappau" = ""C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"" [MS]

"gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]

"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{60371670-81B9-4d06-9C42-4DEC1AABE62B}\(Default) = "XMLDP Class" [from CLSID]

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\xmllib.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"

-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]

"{6D0E6651-1CD8-11d6-92C4-0003479E4848}" = "NVIDIA NT4 Multimon Control Panel Extension"

-> {CLSID}\InProcServer32\(Default) = "nvnt4cpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Explorateur de bureau"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

"{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a² Context Menu Shell Extension"

-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\A2FREE~1\A2CONT~1.DLL" [null data]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

INFECTION WARNING! explorer.exe\Debugger = "C:\WINDOWS\explorer32dbg.exe" [file not found]

INFECTION WARNING! iexplore.exe\Debugger = "C:\WINDOWS\iexplore_dbg.exe" [file not found]

Enabled Wallpaper and Active Desktop:

-------------------------------------

Active Desktop is disabled.

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Julie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Startup items in "Julie" & "All Users" startup folders:

-------------------------------------------------------

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe" [empty string]

"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"

-> {CLSID}\(Default) = "MSN"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\

(Default) = "Volet Wanadoo"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty string]

HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\

(Default) = "ToolBand Class"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty string]

HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\

(Default) = "Volet Wanadoo"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty string]

Extensions (Tools menu items, main toolbar menu buttons)

HKCU\Software\Microsoft\Internet Explorer\Extensions\

{0615511E-6F9B-4776-9DFE-B16C6EBCC475}\

"ButtonText" = "Microsoft AntiSpyware helper"

"MenuText" = "Microsoft AntiSpyware helper"

{1462651F-F4BA-4C76-A001-C4284D0FE16E}\

"ButtonText" = "Wanadoo"

"Exec" = "http://www.wanadoo.fr" [file not found]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]

avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]

avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]

avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"" [MS]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]

SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]

----------

This report excludes default entries except where indicated.

To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

----------

queruak · le 14 mai 2005

Re,

Maintenant,tu vas te déconnecter,te détendre,aller faire un tour dehors,et ne reviens que dans une heure environ,le temps de "décortiquer" tout ça.LOL

@+

cjulie91 · le 14 mai 2005

oki et merci beaucoup vraiment j'apprécie !!!!

BipBip07 · le 14 mai 2005

Re,
aller faire un tour dehors,et ne reviens que dans une heure environ

LoL y pleut dehors (enfin du moins en Ardeche) :-(

queruak · le 14 mai 2005

Rebonsoir à tous,

BipBip,chez moi,dans mon pays,il y'a toujours le soleil !!!

Julie,

Imprime cette page ,toutes les corrections devront etre faites hors connexion.

Je te previens,c'est un truc de fou,mais tu as une infection des plus coriaces.

Applique toi,lis calmement les instructions,ça passera !

-1-Télécharge les outils suivants:

*PocketKillBox

http://www.bleepingcomputer.com/files/spyware/KillBox.zip

Tu le dézippes sur ton bureau.

*DelDomain.inf

http://www.mvps.org/winhelp2002/restricted.htm

*CleanUp

http://cleanup.stevengould.org/

Tu installes CleanUp !

*Hoster

http://www.funkytoad.com/download/hoster.zip

-2-Assure toi d'avoir accés à tous les fichiers.

Poste de travail
Menu "Outils", "Option des dossiers", onglet "Affichage" :

Activer la case : "Afficher les fichiers et dossiers cachés"

Désactiver la case : "Masquer les extensions des fichiers dont le type est connu"

Désactiver la case : "Masquer les fichiers protégés du système d'exploitation"

Puis "Appliquer".

-3-Ouvre le Bloc-note et copie-colle les lignes entre --- ci-dessous (y compris la ligne vide à la fin) :

------------------

REGEDIT4

[-HKEY_CLASSES_ROOT\CLSID\{60371670-81B9-4d06-9C42-4DEC1AABE62B}]

[-HKEY_CLASSES_ROOT\TypeLib\{4947DDCC-D549-4D0B-9685-AA58B20E9642}]

[-HKEY_CLASSES_ROOT\Interface\{0B6EF17E-18E5-4449-86EA-64C82D596EAE}]

[-HKEY_CLASSES_ROOT\CLSID\{60371670-81B9-4d06-9C42-4DEC1AABE62B}]

[-HKEY_CLASSES_ROOT\TypeLib\{4947DDCC-D549-4D0B-9685-AA58B20E9642}]

[-HKEY_CLASSES_ROOT\Interface\{0B6EF17E-18E5-4449-86EA-64C82D596EAE}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ATLASSstp]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\HTASSstp]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\MSMsgSvc]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SEHLPstp]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\WTLBAstp]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe]

[-HKEY_CLASSES_ROOT\BHOASS.BHDP]

[-HKEY_CLASSES_ROOT\BHOASS.BHDP.1]

---------------------

Enregistre ce fichier sur ton bureau (Nom du fichier : "unhko.reg

" -sans inclure les guillemets- ; Type : Tous les fichiers).

Ferme Internet explorer.

Double-clique sur unhko.reg et clique sur Oui lorsqu'on te demande confirmation pour Fusionner.

Lorsque tu reçois un message du bon déroulement, supprime le fichier unhko.reg

-4-Lance PocketKillBox,coche la case "Delete on reboot".

Colle tout le contenu du fichier suivant dans un fichier.texte que tu nommeras CODE.

Ensuite tu fais Ctrl-A pour sélectionner tout le texte, Ctrl-C pour le copier dans le presse papier.

C:\WINDOWS\System32\SMSSU.EXE
C:\WINDOWS\System32\Tmntsrv32.EXE

C:\Windows\explorer32dbg.exe

C:\Windows\iexplore_dbg.exe

C:\Windows\xmllib.dll

Sur PocketKillBox-->File-->Paste from Clipboard,tu cliques ensuite sur la croix rouge

Au deux méssages qui vont s'afficher,tu réponds par "YES"

-5-Redémarre en mode sans echec.

Comment démarrer Windows XP en mode sans échec

-6-Lance Hijackthis,scan,et coche les lignes en gras ci-dessous.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: XMLDP Class - {60371670-81B9-4d06-9C42-4DEC1AABE62B} - C:\WINDOWS\xmllib.dll

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe

O4 - HKCU\..\Run: [sMSSU] C:\WINDOWS\System32\SMSSU.EXE

O4 - HKCU\..\Run: [Tmntsrv32] C:\WINDOWS\System32\Tmntsrv32.EXE

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Bloquer ce serveur... - C:\Program Files\Avant Browser\AddAllToADBlackList.htm

O8 - Extra context menu item: Bloquer cette publicité... - C:\Program Files\Avant Browser\AddToADBlackList.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\Program Files\Avant Browser\OpenAllLinks.htm

O8 - Extra context menu item: Rechercher sur le Web... - C:\Program Files\Avant Browser\Search.htm

O8 - Extra context menu item: Surligner - C:\Program Files\Avant Browser\Highlight.htm

O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C292D0A6-A954-4C24-A3F6-53C2AB3D486D}: NameServer = 80.10.246.1 80.10.246.132

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

-7-Ferme toutes les fenetres Internet Explorer,Outlook Express sauf Hijackthis,puis clique sur "Fix checked"

-8-Redémarre normalement

-9-Ouvre Hoster,et clique sur "Restore Original Hosts" ---> "OK"

Quitte le programme.

-10-Fais un clic droit le fichier Del_Domains.inf -->Installer

-11-Lance et éxecute CleanUp!

-12-Redémarre et poste un nouveau rapport hijackthis.

cjulie91 · le 14 mai 2005

jpense avoir tout bien fais mais en relançant spy bot par curiosité (voir si tout avait disparu) j'ai remarqué que j'avais encore coolWWWsearch !!!

je t'envoir le nouveau scan log de hijackthis :

Logfile of HijackThis v1.99.1

Scan saved at 23:31:16, on 05/14/2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\Program Files\desksite\bin\cma.exe

C:\PROGRA~1\Wanadoo\CnxMon.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\CursorXP\CursorXP.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\msiexec.exe

C:\Program Files\Wanadoo\EspaceWanadoo.exe

C:\Program Files\Wanadoo\ComComp.exe

C:\Program Files\Wanadoo\Watch.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Julie\Mes documents\anti spyware 60j d'essai\hijackthis\HijackThis.exe