TR/Cryptredol.18944.2.2 Trojan
ratus888
-
ratus888 -
ratus888 -
Bonjour,
mon antivirus a détecté ce virus: TR/Cryptredol.18944.2.2 Trojan
mais je n'arrive pas à supprimer voici le rapport HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:22, on 02/08/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Anna\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://ent.u-bourgogne.fr/portail.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Service Google Update (gupdate1c9d2f7e82e47f8) (gupdate1c9d2f7e82e47f8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Wacom Touch Service (WacomTouchService) - Unknown owner - C:\Windows\system32\WacomTouchService.exe
mon antivirus a détecté ce virus: TR/Cryptredol.18944.2.2 Trojan
mais je n'arrive pas à supprimer voici le rapport HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:22, on 02/08/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Anna\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://ent.u-bourgogne.fr/portail.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Service Google Update (gupdate1c9d2f7e82e47f8) (gupdate1c9d2f7e82e47f8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Wacom Touch Service (WacomTouchService) - Unknown owner - C:\Windows\system32\WacomTouchService.exe
A voir également:
- TR/Cryptredol.18944.2.2 Trojan
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Sennheiser tr 4200 problème - Forum Casque et écouteurs
- Trojan agent ✓ - Forum Virus
- Virus trojan al11 ✓ - Forum Virus
- Trojan b901 system32 win config 34 ✓ - Forum Virus
7 réponses
Bonjour,
télécharge GenProc http://www.genproc.com/GenProc.exe
double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
télécharge GenProc http://www.genproc.com/GenProc.exe
double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
voici le rapport de combofix:
**********************************************************************************
ComboFix 09-08-01.09 - Anna 02/08/2009 18:24.1.2 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.1982.1516 [GMT 2:00]
Running from: c:\users\Anna\Desktop\ComboFix.exe
.
/wow section not completed
((((((((((((((((((((((((( Files Created from 2009-07-02 to 2009-08-02 )))))))))))))))))))))))))))))))
.
2009-08-02 15:51 . 2009-08-02 15:51 -------- d-----w- c:\program files\CCleaner
2009-08-02 15:38 . 2009-08-02 15:48 -------- d-----w- C:\Genproc
2009-07-22 14:00 . 2009-07-22 15:07 -------- d-----w- c:\windows\BDOSCAN8
2009-07-19 15:16 . 2009-07-20 19:40 570 ----a-w- c:\windows\system32\geyekrdribmloj.dat
2009-07-17 23:46 . 2009-07-17 23:46 -------- d-----w- c:\users\Anna\AppData\Local\Graboid_Inc
2009-07-17 23:46 . 2009-07-17 23:46 -------- d-----w- c:\users\Anna\AppData\Local\Graboid
2009-07-17 23:46 . 2009-07-17 23:47 -------- d-----w- c:\users\Anna\AppData\Roaming\MozillaControl
2009-07-17 23:44 . 2009-07-17 23:49 -------- d-----w- c:\program files\Graboid
2009-07-15 13:35 . 2009-06-15 15:29 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 13:35 . 2009-06-15 15:22 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 13:35 . 2009-06-15 13:03 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 13:35 . 2009-06-15 15:23 24064 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 13:35 . 2009-06-15 15:21 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 13:35 . 2009-06-15 15:20 34304 ----a-w- c:\windows\system32\atmlib.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 16:13 . 2007-12-09 17:47 702978 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-02 16:13 . 2007-12-09 17:47 122898 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-02 15:49 . 2009-05-12 11:50 -------- d-----w- c:\users\Anna\AppData\Roaming\Skype
2009-08-02 14:07 . 2008-11-25 19:26 -------- d-----w- c:\users\Anna\AppData\Roaming\skypePM
2009-08-02 13:46 . 2008-07-02 16:03 -------- d-----w- c:\users\Anna\AppData\Roaming\WTablet
2009-08-02 02:32 . 2008-02-28 02:54 12 ----a-w- c:\windows\bthservsdp.dat
2009-08-01 12:11 . 2008-09-29 15:08 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-23 15:32 . 2008-07-02 16:55 27744 ----a-w- c:\users\Anna\AppData\Roaming\nvModes.dat
2009-07-21 21:52 . 2009-07-29 14:06 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 14:06 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 14:06 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 14:06 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-20 19:43 . 2008-11-18 06:25 7944 ----a-w- c:\users\Anna\AppData\Local\d3d9caps.dat
2009-07-16 15:23 . 2008-07-02 16:20 108248 ----a-w- c:\users\Anna\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-16 14:31 . 2007-12-09 11:48 -------- d-----w- c:\programdata\Microsoft Help
2009-07-16 03:41 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-22 20:50 . 2009-06-22 20:45 -------- d-----w- c:\program files\ImageJ
2009-06-12 01:12 . 2007-12-09 11:25 -------- d-----w- c:\program files\Microsoft Works
2009-05-28 00:13 . 2008-07-05 11:40 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-23 20:51 . 2009-02-08 12:15 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-10-25 14:30 . 2008-10-25 14:30 22 --sha-w- c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 12:54 1555480 ----a-w- c:\program files\free-downloads.net\tbfree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-11-25 171448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-08 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-08 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-08 81920]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-11-01 671744]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-29 185640]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 202032]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 671744]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-12-09 1006264]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-20 266497]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2007-03-19 259624]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-10 4702208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-5 727592]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
SetupExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{334B0DFC-371C-4510-B5CC-3384CF1CE68E}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{5A696AE9-874B-4BF8-B1F5-F64F2DADE9B7}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{F7855F58-EBD7-42D3-91E5-B0A1B3DE5C56}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{A067D651-8DE6-403D-86B6-A921B96BDDEA}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{92C35FAD-F088-40B7-8D3C-7ECFA28ABA23}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{D4813DEA-4C13-4A6B-8326-C7D1A4127E8E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{85FD5ADA-8E13-4E2D-A639-AF1C87CFD6B4}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{A6B10350-853E-4FCE-BA17-C963FD957A4D}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{DA6CA91C-3BCC-40E0-A33A-8920D88A724A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{609A85FA-B7FF-4F8D-90CB-23CDA9D05173}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{24388043-1BF7-4535-9114-7B71E3C1BE7F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{007F3217-331C-47EB-86B5-26A15A9C6939}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F9BAE322-4012-4D90-B254-011BC799C709}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2565FD79-317E-4210-A75A-1357687F170D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BC93BD81-5F5D-45E3-BEF9-576541834D7B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E6EB2C5B-42C1-4A91-AD52-7703DD94570A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{36CD2DB9-C2B3-477E-A1AB-5E25FB49C3B8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9CCE7A04-285D-45A5-87EE-827AD1315B2B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C5C77C1C-29E3-4FCE-9EAD-7AE2054363BB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{39FE5363-9D21-492B-B8A9-0D5D4B60A995}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1884B7A4-BD42-4EEF-A030-660EA767A98F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{28E08140-B00E-4A43-82E1-9BCCE257EAD6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7B567126-B654-4774-AC55-2063A128732A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{756AA2A2-084A-4BAB-8D08-B897DF260E3E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DC3FB23F-557A-4A8C-8665-7AF13FF15198}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A43D53D3-38BF-436C-9621-B4AEE3344617}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8BF1E9DD-A341-4BBA-BE4F-1CA6F7CF15F7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{EB2BFE68-4643-4A13-8D87-7C227A90BFC1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{857818F6-232D-4EEA-A29C-247F0EC225A8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{138D2CF8-DEFC-455C-AA3B-E87EA9C4EC9A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{474CA222-68EE-43B1-B051-81B392C08A60}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7BF40A84-5408-4A16-A3CA-E7841AFA15C3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B14DC644-F14B-44C8-819D-775C0D1D1A45}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{297D2FEF-BF48-447D-9242-0A37F609A351}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C69E74FB-15A9-49B8-A1DA-1064F9A2C3B5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BCF19381-4CC7-4071-8296-771CAD962BFA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{62D599B6-1B6B-4442-9269-86167E6946DA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C0D8C453-1C0C-402A-BE36-B38A936AADEE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CA8DE8C6-98D8-4410-91AE-CB58356DB903}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B2E819B0-7B60-49CE-AC71-7F1071B2B2C1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{70901A20-55C1-45D6-B1A6-B8F013AF917B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B86D8E47-AF28-42D1-AA5F-0EB5D6519ABB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2526FB10-BDA7-48B9-AC4C-2397CADBCB8C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1D83230D-45FE-4598-A6C2-4B51D969DF53}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{00FF3DD1-FCCB-4658-A254-2375FB67333C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E904BF98-5B8D-4094-BA63-0C1946080D0A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7CB3D277-2005-4A9C-B240-A41044A3DAC3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8C19F1B9-F18C-49E6-9E0A-A89B5ECF73F5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5638F4E2-0EA7-48BC-850D-B4911CBD56BD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CBFE8C37-972F-4103-A093-E700621F1BF6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{95410D59-4D21-4F49-8FB1-7F9738D37116}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1BB9B8A8-3DB3-4E9D-A918-CED21906F5A5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8959E6A8-0DCB-4AAA-92B8-9FC8881C57C8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3B596817-8244-455F-9E20-75B5BC3FF61D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{230E1D0C-5E3F-4FFB-9620-B0DF2522794F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{872D7526-2850-4F06-8D2A-C61159214A0D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A1E5DFA8-1CA1-46F0-8F19-661E4A49D63D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D78AFBB6-55FB-4273-8614-7594FFB81B59}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9D464BDB-08F2-4727-BB66-4CC876A3BE3E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E19927FA-BB6A-42A1-A99E-10ED6C19F492}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6822EC5E-04BD-48D1-AECA-DAD175F00EB3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{958F2B5E-4FE6-4997-948B-2FA29B61D75C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DF05DF17-BF1D-4189-9269-11D144C0525F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{22752B33-E463-42EC-868E-82D5437A0285}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{08D1E1DD-C1A6-4111-997F-F829AEF129DA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7D4EFAC8-E678-4CF1-825E-0661AC56B522}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0B9A910B-DBF7-4553-9D92-04AF162AB687}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DBD9870F-59C9-4F8D-B323-41FA8BF0A773}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B110BE09-36E6-4C41-B652-42C061A04464}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D4C64CC5-53CE-4D0F-9C1F-23D882E66660}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{91AA3285-F86E-43C8-B2DE-761CC9D74A26}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7524FC89-2C92-43DB-A4A8-9DF13D7DE424}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{302ECD40-7486-4952-A383-B6F4E6DA71B3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4CF14C5A-A894-4DC9-9DB4-292309F7DE32}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{450E7972-7840-437C-8F66-6B68DFBDEEBF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DBDA9E38-6D70-4AF3-95EE-D451358EF413}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{53C18C28-8B57-4034-945E-B00568C75242}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A3EDF822-C05B-4F61-8388-FC0AF913746B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{092BDF12-515E-40B8-94C9-AD6AEECC03FC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9E2784E6-8FD3-4080-B127-DD0B61CCFF59}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7561B3DB-3971-48E8-9442-90230192B58D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{90E8AB30-3D74-4742-B39F-7905C8DC05BD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D4E1278F-27AE-4FC9-8A5D-AFABEBBEC8E5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{EA4EE4BB-26AB-4C99-9F8F-48C256109363}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9DECD7C9-AB00-4C22-B72E-8D318F16EEF6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CF73EF7D-3475-4EAA-954D-2EE6564F5A84}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6B056E8E-E756-4418-A4DD-32FB64255CF0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CB8A7B4F-B5A6-4EEB-9D6E-CD4DAC577E31}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{421C9056-02F1-4DCC-9330-D3ECF84BDC59}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{66FCD4FE-47D6-4319-9AF5-F10A8658A7A8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{22E39F56-B914-47D4-9FBD-08028ED1965A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B536A463-7900-4AB7-BE05-D56A5FA2CB44}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4215AD0C-3AD7-4922-B28F-F0FC8E775D0B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{050ACBDC-729F-4865-8CA5-615973B50B81}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5280D445-BD79-40A8-B99F-EB8277677BF2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D25C3D5E-452A-412C-A63B-FD491DFD1BD8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{99F8C1A1-E30B-4E47-8B4F-E2DF07E414C3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A76259EF-2543-4B37-B1B1-099671933E1D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BC0BA36C-5EB1-4492-8E83-C1960609538B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{AB012D46-F5B2-4287-A722-23A7A324DA4F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E3A7D838-3EED-4393-B9DA-3E453B7B36AE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{28352245-79D1-4D18-8600-C281857116E2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{181319E0-C57A-405A-B6C1-6B33EA18C86A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B99EC42C-9B9E-446F-A0B1-42A5FBC79577}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{36AAA45B-F0B2-4C2F-8173-2CB9A5B91D42}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0A02A3E7-73B5-4540-843C-DE257F813F0D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2DF0A662-D4BB-4D7D-BFEE-24D46E389B44}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9879954F-AA3C-427B-B9CF-BB0937B12390}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0C39FFAC-0F18-4CBC-B3C5-6D7F0883EDBE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0F82E0D5-FDE6-4805-84A9-60F2269BE137}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FBECCAFC-7291-4719-BA4F-D4A50C07308C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2824ABA7-89D0-4536-9F1D-56328347858A}"= c:\program files\Skype\Phone\Skype.exe:Skype
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 gupdate1c9d2f7e82e47f8;Service Google Update (gupdate1c9d2f7e82e47f8);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 133104]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2007-11-08 1369384]
R2 WacomTouchService;Wacom Touch Service;c:\windows\system32\WacomTouchService.exe [2007-10-16 95528]
S3 Wacomhidfilter;Wacom HID Filter;c:\windows\system32\DRIVERS\wacomhidfilter.sys [2007-11-05 10536]
S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2007-02-22 11312]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ECACHE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 11:50]
2009-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 11:50]
2009-08-02 c:\windows\Tasks\User_Feed_Synchronization-{00178BE8-2EC3-4720-805B-2EAA3920F7B0}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-RunOnce-<NO NAME> - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\2o3e7dai.default\
FF - prefs.js: browser.search.selectedEngine - Google (Language: FR)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
------- File Associations -------
.
regedit=regedit.exe "%1"
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-02 18:32
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\users\Anna\AppData\Local\Temp\catchme.dll 53248 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(496)
c:\windows\system32\DPPWDFLT.dll
- - - - - - - > 'Explorer.exe'(1516)
c:\windows\system32\btncopy.dll
.
Completion time: 2009-08-02 18:34
ComboFix-quarantined-files.txt 2009-08-02 16:34
Pre-Run: 183 831 977 984 octets libres
Post-Run: 184 564 187 136 octets libres
308 --- E O F --- 2009-08-01 01:01
**********************************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
rapport gen proc
*********************************************************************************
Rapport GenProc 2.611 [4] - 02/08/2009 à 18:53:59
@ Windows Vista "CSDVersion" does not exist - Mode normal
@ Internet Explorer (8.0.6001.18813) [Navigateur par défaut]
# Etape 1/ Télécharge :
- ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe (sUBs) sur ton Bureau.
Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** Anna *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[4]" sur ton bureau).
# Etape 2/
Double clique sur combofix.exe et suis les instructions. Attention de ne pas utiliser ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne au risque de figer l'ordinateur.
# Etape 3/
Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.
# Etape 4/
Redémarre normalement et poste, dans la même réponse :
- Le contenu du rapport Combofix.txt situé dans C:\ ;
- Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;
- Un nouveau rapport GenProc ;
Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
~~ Arguments de la procédure ~~
# Détections [2] GenProc 2.611 02/08/2009 à 17:48:33
TDSS:le 02/08/2009 à 17:48:53 "C:\Windows\System32\geyekr*.???"
# Détections [3] GenProc 2.611 02/08/2009 à 18:51:30
TDSS:le 02/08/2009 à 18:52:05 "C:\Windows\System32\geyekr*.???"
# Détections [4] GenProc 2.611 02/08/2009 à 18:54:00
TDSS:le 02/08/2009 à 18:54:19 "C:\Windows\System32\geyekr*.???"
----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------
~~ Fin à 18:54:26 ~~
**************************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
rapport
*****************************************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01:48, on 02/08/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6BXX0IVK\HiJackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Service Google Update (gupdate1c9d2f7e82e47f8) (gupdate1c9d2f7e82e47f8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Wacom Touch Service (WacomTouchService) - Unknown owner - C:\Windows\system32\WacomTouchService.exe
**********************************************************************************
ComboFix 09-08-01.09 - Anna 02/08/2009 18:24.1.2 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.1982.1516 [GMT 2:00]
Running from: c:\users\Anna\Desktop\ComboFix.exe
.
/wow section not completed
((((((((((((((((((((((((( Files Created from 2009-07-02 to 2009-08-02 )))))))))))))))))))))))))))))))
.
2009-08-02 15:51 . 2009-08-02 15:51 -------- d-----w- c:\program files\CCleaner
2009-08-02 15:38 . 2009-08-02 15:48 -------- d-----w- C:\Genproc
2009-07-22 14:00 . 2009-07-22 15:07 -------- d-----w- c:\windows\BDOSCAN8
2009-07-19 15:16 . 2009-07-20 19:40 570 ----a-w- c:\windows\system32\geyekrdribmloj.dat
2009-07-17 23:46 . 2009-07-17 23:46 -------- d-----w- c:\users\Anna\AppData\Local\Graboid_Inc
2009-07-17 23:46 . 2009-07-17 23:46 -------- d-----w- c:\users\Anna\AppData\Local\Graboid
2009-07-17 23:46 . 2009-07-17 23:47 -------- d-----w- c:\users\Anna\AppData\Roaming\MozillaControl
2009-07-17 23:44 . 2009-07-17 23:49 -------- d-----w- c:\program files\Graboid
2009-07-15 13:35 . 2009-06-15 15:29 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 13:35 . 2009-06-15 15:22 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 13:35 . 2009-06-15 13:03 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 13:35 . 2009-06-15 15:23 24064 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 13:35 . 2009-06-15 15:21 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 13:35 . 2009-06-15 15:20 34304 ----a-w- c:\windows\system32\atmlib.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 16:13 . 2007-12-09 17:47 702978 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-02 16:13 . 2007-12-09 17:47 122898 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-02 15:49 . 2009-05-12 11:50 -------- d-----w- c:\users\Anna\AppData\Roaming\Skype
2009-08-02 14:07 . 2008-11-25 19:26 -------- d-----w- c:\users\Anna\AppData\Roaming\skypePM
2009-08-02 13:46 . 2008-07-02 16:03 -------- d-----w- c:\users\Anna\AppData\Roaming\WTablet
2009-08-02 02:32 . 2008-02-28 02:54 12 ----a-w- c:\windows\bthservsdp.dat
2009-08-01 12:11 . 2008-09-29 15:08 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-23 15:32 . 2008-07-02 16:55 27744 ----a-w- c:\users\Anna\AppData\Roaming\nvModes.dat
2009-07-21 21:52 . 2009-07-29 14:06 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 14:06 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 14:06 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 14:06 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-20 19:43 . 2008-11-18 06:25 7944 ----a-w- c:\users\Anna\AppData\Local\d3d9caps.dat
2009-07-16 15:23 . 2008-07-02 16:20 108248 ----a-w- c:\users\Anna\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-16 14:31 . 2007-12-09 11:48 -------- d-----w- c:\programdata\Microsoft Help
2009-07-16 03:41 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-22 20:50 . 2009-06-22 20:45 -------- d-----w- c:\program files\ImageJ
2009-06-12 01:12 . 2007-12-09 11:25 -------- d-----w- c:\program files\Microsoft Works
2009-05-28 00:13 . 2008-07-05 11:40 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-23 20:51 . 2009-02-08 12:15 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-10-25 14:30 . 2008-10-25 14:30 22 --sha-w- c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 12:54 1555480 ----a-w- c:\program files\free-downloads.net\tbfree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-11-25 171448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-08 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-08 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-08 81920]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-11-01 671744]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-29 185640]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 202032]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 671744]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-12-09 1006264]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-20 266497]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2007-03-19 259624]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-10 4702208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-5 727592]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
SetupExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{334B0DFC-371C-4510-B5CC-3384CF1CE68E}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{5A696AE9-874B-4BF8-B1F5-F64F2DADE9B7}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{F7855F58-EBD7-42D3-91E5-B0A1B3DE5C56}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{A067D651-8DE6-403D-86B6-A921B96BDDEA}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{92C35FAD-F088-40B7-8D3C-7ECFA28ABA23}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{D4813DEA-4C13-4A6B-8326-C7D1A4127E8E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{85FD5ADA-8E13-4E2D-A639-AF1C87CFD6B4}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{A6B10350-853E-4FCE-BA17-C963FD957A4D}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{DA6CA91C-3BCC-40E0-A33A-8920D88A724A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{609A85FA-B7FF-4F8D-90CB-23CDA9D05173}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{24388043-1BF7-4535-9114-7B71E3C1BE7F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{007F3217-331C-47EB-86B5-26A15A9C6939}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F9BAE322-4012-4D90-B254-011BC799C709}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2565FD79-317E-4210-A75A-1357687F170D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BC93BD81-5F5D-45E3-BEF9-576541834D7B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E6EB2C5B-42C1-4A91-AD52-7703DD94570A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{36CD2DB9-C2B3-477E-A1AB-5E25FB49C3B8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9CCE7A04-285D-45A5-87EE-827AD1315B2B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C5C77C1C-29E3-4FCE-9EAD-7AE2054363BB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{39FE5363-9D21-492B-B8A9-0D5D4B60A995}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1884B7A4-BD42-4EEF-A030-660EA767A98F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{28E08140-B00E-4A43-82E1-9BCCE257EAD6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7B567126-B654-4774-AC55-2063A128732A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{756AA2A2-084A-4BAB-8D08-B897DF260E3E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DC3FB23F-557A-4A8C-8665-7AF13FF15198}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A43D53D3-38BF-436C-9621-B4AEE3344617}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8BF1E9DD-A341-4BBA-BE4F-1CA6F7CF15F7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{EB2BFE68-4643-4A13-8D87-7C227A90BFC1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{857818F6-232D-4EEA-A29C-247F0EC225A8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{138D2CF8-DEFC-455C-AA3B-E87EA9C4EC9A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{474CA222-68EE-43B1-B051-81B392C08A60}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7BF40A84-5408-4A16-A3CA-E7841AFA15C3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B14DC644-F14B-44C8-819D-775C0D1D1A45}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{297D2FEF-BF48-447D-9242-0A37F609A351}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C69E74FB-15A9-49B8-A1DA-1064F9A2C3B5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BCF19381-4CC7-4071-8296-771CAD962BFA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{62D599B6-1B6B-4442-9269-86167E6946DA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C0D8C453-1C0C-402A-BE36-B38A936AADEE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CA8DE8C6-98D8-4410-91AE-CB58356DB903}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B2E819B0-7B60-49CE-AC71-7F1071B2B2C1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{70901A20-55C1-45D6-B1A6-B8F013AF917B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B86D8E47-AF28-42D1-AA5F-0EB5D6519ABB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2526FB10-BDA7-48B9-AC4C-2397CADBCB8C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1D83230D-45FE-4598-A6C2-4B51D969DF53}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{00FF3DD1-FCCB-4658-A254-2375FB67333C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E904BF98-5B8D-4094-BA63-0C1946080D0A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7CB3D277-2005-4A9C-B240-A41044A3DAC3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8C19F1B9-F18C-49E6-9E0A-A89B5ECF73F5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5638F4E2-0EA7-48BC-850D-B4911CBD56BD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CBFE8C37-972F-4103-A093-E700621F1BF6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{95410D59-4D21-4F49-8FB1-7F9738D37116}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1BB9B8A8-3DB3-4E9D-A918-CED21906F5A5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8959E6A8-0DCB-4AAA-92B8-9FC8881C57C8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3B596817-8244-455F-9E20-75B5BC3FF61D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{230E1D0C-5E3F-4FFB-9620-B0DF2522794F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{872D7526-2850-4F06-8D2A-C61159214A0D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A1E5DFA8-1CA1-46F0-8F19-661E4A49D63D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D78AFBB6-55FB-4273-8614-7594FFB81B59}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9D464BDB-08F2-4727-BB66-4CC876A3BE3E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E19927FA-BB6A-42A1-A99E-10ED6C19F492}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6822EC5E-04BD-48D1-AECA-DAD175F00EB3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{958F2B5E-4FE6-4997-948B-2FA29B61D75C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DF05DF17-BF1D-4189-9269-11D144C0525F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{22752B33-E463-42EC-868E-82D5437A0285}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{08D1E1DD-C1A6-4111-997F-F829AEF129DA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7D4EFAC8-E678-4CF1-825E-0661AC56B522}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0B9A910B-DBF7-4553-9D92-04AF162AB687}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DBD9870F-59C9-4F8D-B323-41FA8BF0A773}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B110BE09-36E6-4C41-B652-42C061A04464}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D4C64CC5-53CE-4D0F-9C1F-23D882E66660}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{91AA3285-F86E-43C8-B2DE-761CC9D74A26}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7524FC89-2C92-43DB-A4A8-9DF13D7DE424}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{302ECD40-7486-4952-A383-B6F4E6DA71B3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4CF14C5A-A894-4DC9-9DB4-292309F7DE32}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{450E7972-7840-437C-8F66-6B68DFBDEEBF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DBDA9E38-6D70-4AF3-95EE-D451358EF413}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{53C18C28-8B57-4034-945E-B00568C75242}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A3EDF822-C05B-4F61-8388-FC0AF913746B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{092BDF12-515E-40B8-94C9-AD6AEECC03FC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9E2784E6-8FD3-4080-B127-DD0B61CCFF59}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7561B3DB-3971-48E8-9442-90230192B58D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{90E8AB30-3D74-4742-B39F-7905C8DC05BD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D4E1278F-27AE-4FC9-8A5D-AFABEBBEC8E5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{EA4EE4BB-26AB-4C99-9F8F-48C256109363}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9DECD7C9-AB00-4C22-B72E-8D318F16EEF6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CF73EF7D-3475-4EAA-954D-2EE6564F5A84}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6B056E8E-E756-4418-A4DD-32FB64255CF0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CB8A7B4F-B5A6-4EEB-9D6E-CD4DAC577E31}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{421C9056-02F1-4DCC-9330-D3ECF84BDC59}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{66FCD4FE-47D6-4319-9AF5-F10A8658A7A8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{22E39F56-B914-47D4-9FBD-08028ED1965A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B536A463-7900-4AB7-BE05-D56A5FA2CB44}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4215AD0C-3AD7-4922-B28F-F0FC8E775D0B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{050ACBDC-729F-4865-8CA5-615973B50B81}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5280D445-BD79-40A8-B99F-EB8277677BF2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D25C3D5E-452A-412C-A63B-FD491DFD1BD8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{99F8C1A1-E30B-4E47-8B4F-E2DF07E414C3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A76259EF-2543-4B37-B1B1-099671933E1D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BC0BA36C-5EB1-4492-8E83-C1960609538B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{AB012D46-F5B2-4287-A722-23A7A324DA4F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E3A7D838-3EED-4393-B9DA-3E453B7B36AE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{28352245-79D1-4D18-8600-C281857116E2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{181319E0-C57A-405A-B6C1-6B33EA18C86A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B99EC42C-9B9E-446F-A0B1-42A5FBC79577}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{36AAA45B-F0B2-4C2F-8173-2CB9A5B91D42}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0A02A3E7-73B5-4540-843C-DE257F813F0D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2DF0A662-D4BB-4D7D-BFEE-24D46E389B44}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9879954F-AA3C-427B-B9CF-BB0937B12390}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0C39FFAC-0F18-4CBC-B3C5-6D7F0883EDBE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0F82E0D5-FDE6-4805-84A9-60F2269BE137}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FBECCAFC-7291-4719-BA4F-D4A50C07308C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2824ABA7-89D0-4536-9F1D-56328347858A}"= c:\program files\Skype\Phone\Skype.exe:Skype
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 gupdate1c9d2f7e82e47f8;Service Google Update (gupdate1c9d2f7e82e47f8);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 133104]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2007-11-08 1369384]
R2 WacomTouchService;Wacom Touch Service;c:\windows\system32\WacomTouchService.exe [2007-10-16 95528]
S3 Wacomhidfilter;Wacom HID Filter;c:\windows\system32\DRIVERS\wacomhidfilter.sys [2007-11-05 10536]
S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2007-02-22 11312]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ECACHE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 11:50]
2009-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 11:50]
2009-08-02 c:\windows\Tasks\User_Feed_Synchronization-{00178BE8-2EC3-4720-805B-2EAA3920F7B0}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-RunOnce-<NO NAME> - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\2o3e7dai.default\
FF - prefs.js: browser.search.selectedEngine - Google (Language: FR)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
------- File Associations -------
.
regedit=regedit.exe "%1"
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-02 18:32
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\users\Anna\AppData\Local\Temp\catchme.dll 53248 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(496)
c:\windows\system32\DPPWDFLT.dll
- - - - - - - > 'Explorer.exe'(1516)
c:\windows\system32\btncopy.dll
.
Completion time: 2009-08-02 18:34
ComboFix-quarantined-files.txt 2009-08-02 16:34
Pre-Run: 183 831 977 984 octets libres
Post-Run: 184 564 187 136 octets libres
308 --- E O F --- 2009-08-01 01:01
**********************************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
rapport gen proc
*********************************************************************************
Rapport GenProc 2.611 [4] - 02/08/2009 à 18:53:59
@ Windows Vista "CSDVersion" does not exist - Mode normal
@ Internet Explorer (8.0.6001.18813) [Navigateur par défaut]
# Etape 1/ Télécharge :
- ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe (sUBs) sur ton Bureau.
Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** Anna *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[4]" sur ton bureau).
# Etape 2/
Double clique sur combofix.exe et suis les instructions. Attention de ne pas utiliser ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne au risque de figer l'ordinateur.
# Etape 3/
Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.
# Etape 4/
Redémarre normalement et poste, dans la même réponse :
- Le contenu du rapport Combofix.txt situé dans C:\ ;
- Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;
- Un nouveau rapport GenProc ;
Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
~~ Arguments de la procédure ~~
# Détections [2] GenProc 2.611 02/08/2009 à 17:48:33
TDSS:le 02/08/2009 à 17:48:53 "C:\Windows\System32\geyekr*.???"
# Détections [3] GenProc 2.611 02/08/2009 à 18:51:30
TDSS:le 02/08/2009 à 18:52:05 "C:\Windows\System32\geyekr*.???"
# Détections [4] GenProc 2.611 02/08/2009 à 18:54:00
TDSS:le 02/08/2009 à 18:54:19 "C:\Windows\System32\geyekr*.???"
----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------
~~ Fin à 18:54:26 ~~
**************************************************************************
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
rapport
*****************************************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01:48, on 02/08/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6BXX0IVK\HiJackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Service Google Update (gupdate1c9d2f7e82e47f8) (gupdate1c9d2f7e82e47f8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Wacom Touch Service (WacomTouchService) - Unknown owner - C:\Windows\system32\WacomTouchService.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ComboFix 09-08-01.09 - Anna 02/08/2009 21:18.2.2 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.1982.1537 [GMT 2:00]
Running from: c:\users\Anna\Desktop\nanette.exe
.
/wow section not completed
((((((((((((((((((((((((( Files Created from 2009-07-02 to 2009-08-02 )))))))))))))))))))))))))))))))
.
2009-08-02 15:51 . 2009-08-02 15:51 -------- d-----w- c:\program files\CCleaner
2009-08-02 15:38 . 2009-08-02 15:48 -------- d-----w- C:\Genproc
2009-07-22 14:00 . 2009-07-22 15:07 -------- d-----w- c:\windows\BDOSCAN8
2009-07-19 15:16 . 2009-07-20 19:40 570 ----a-w- c:\windows\system32\geyekrdribmloj.dat
2009-07-17 23:46 . 2009-07-17 23:46 -------- d-----w- c:\users\Anna\AppData\Local\Graboid_Inc
2009-07-17 23:46 . 2009-07-17 23:46 -------- d-----w- c:\users\Anna\AppData\Local\Graboid
2009-07-17 23:46 . 2009-07-17 23:47 -------- d-----w- c:\users\Anna\AppData\Roaming\MozillaControl
2009-07-17 23:44 . 2009-07-17 23:49 -------- d-----w- c:\program files\Graboid
2009-07-15 13:35 . 2009-06-15 15:29 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 13:35 . 2009-06-15 15:22 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 13:35 . 2009-06-15 13:03 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 13:35 . 2009-06-15 15:23 24064 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 13:35 . 2009-06-15 15:21 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 13:35 . 2009-06-15 15:20 34304 ----a-w- c:\windows\system32\atmlib.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 19:12 . 2008-02-28 02:54 12 ----a-w- c:\windows\bthservsdp.dat
2009-08-02 19:11 . 2009-05-12 11:50 -------- d-----w- c:\users\Anna\AppData\Roaming\Skype
2009-08-02 19:10 . 2008-07-02 16:03 -------- d-----w- c:\users\Anna\AppData\Roaming\WTablet
2009-08-02 16:45 . 2008-11-25 19:26 -------- d-----w- c:\users\Anna\AppData\Roaming\skypePM
2009-08-02 16:13 . 2007-12-09 17:47 702978 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-02 16:13 . 2007-12-09 17:47 122898 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-01 12:11 . 2008-09-29 15:08 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-23 15:32 . 2008-07-02 16:55 27744 ----a-w- c:\users\Anna\AppData\Roaming\nvModes.dat
2009-07-21 21:52 . 2009-07-29 14:06 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 14:06 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 14:06 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 14:06 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-20 19:43 . 2008-11-18 06:25 7944 ----a-w- c:\users\Anna\AppData\Local\d3d9caps.dat
2009-07-16 15:23 . 2008-07-02 16:20 108248 ----a-w- c:\users\Anna\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-16 14:31 . 2007-12-09 11:48 -------- d-----w- c:\programdata\Microsoft Help
2009-07-16 03:41 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-22 20:50 . 2009-06-22 20:45 -------- d-----w- c:\program files\ImageJ
2009-06-12 01:12 . 2007-12-09 11:25 -------- d-----w- c:\program files\Microsoft Works
2009-05-28 00:13 . 2008-07-05 11:40 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-23 20:51 . 2009-02-08 12:15 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-10-25 14:30 . 2008-10-25 14:30 22 --sha-w- c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-08-02_16.32.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-09 09:07 . 2009-08-02 19:11 49248 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2007-12-09 09:07 . 2009-08-02 13:47 49248 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-08-02 19:11 96522 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-07-02 16:05 . 2009-08-02 13:47 11906 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2911090414-1564606067-2369229040-1000_UserData.bin
+ 2008-07-02 16:05 . 2009-08-02 19:11 11906 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2911090414-1564606067-2369229040-1000_UserData.bin
- 2008-07-02 15:57 . 2009-08-02 15:51 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-02 15:57 . 2009-08-02 16:54 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-02 15:57 . 2009-08-02 15:51 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-02 15:57 . 2009-08-02 16:54 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-02 15:57 . 2009-08-02 15:51 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-02 15:57 . 2009-08-02 16:54 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-16 14:55 . 2009-08-02 16:50 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-16 14:55 . 2009-08-01 23:19 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 12:54 1555480 ----a-w- c:\program files\free-downloads.net\tbfree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-11-25 171448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-08 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-08 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-08 81920]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-11-01 671744]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-29 185640]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 202032]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 671744]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-12-09 1006264]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-20 266497]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2007-03-19 259624]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-10 4702208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-5 727592]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{334B0DFC-371C-4510-B5CC-3384CF1CE68E}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{5A696AE9-874B-4BF8-B1F5-F64F2DADE9B7}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{F7855F58-EBD7-42D3-91E5-B0A1B3DE5C56}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{A067D651-8DE6-403D-86B6-A921B96BDDEA}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{92C35FAD-F088-40B7-8D3C-7ECFA28ABA23}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{D4813DEA-4C13-4A6B-8326-C7D1A4127E8E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{85FD5ADA-8E13-4E2D-A639-AF1C87CFD6B4}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{A6B10350-853E-4FCE-BA17-C963FD957A4D}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{DA6CA91C-3BCC-40E0-A33A-8920D88A724A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{609A85FA-B7FF-4F8D-90CB-23CDA9D05173}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{24388043-1BF7-4535-9114-7B71E3C1BE7F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{007F3217-331C-47EB-86B5-26A15A9C6939}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F9BAE322-4012-4D90-B254-011BC799C709}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2565FD79-317E-4210-A75A-1357687F170D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BC93BD81-5F5D-45E3-BEF9-576541834D7B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E6EB2C5B-42C1-4A91-AD52-7703DD94570A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{36CD2DB9-C2B3-477E-A1AB-5E25FB49C3B8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9CCE7A04-285D-45A5-87EE-827AD1315B2B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C5C77C1C-29E3-4FCE-9EAD-7AE2054363BB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{39FE5363-9D21-492B-B8A9-0D5D4B60A995}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1884B7A4-BD42-4EEF-A030-660EA767A98F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{28E08140-B00E-4A43-82E1-9BCCE257EAD6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7B567126-B654-4774-AC55-2063A128732A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{756AA2A2-084A-4BAB-8D08-B897DF260E3E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DC3FB23F-557A-4A8C-8665-7AF13FF15198}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A43D53D3-38BF-436C-9621-B4AEE3344617}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8BF1E9DD-A341-4BBA-BE4F-1CA6F7CF15F7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{EB2BFE68-4643-4A13-8D87-7C227A90BFC1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{857818F6-232D-4EEA-A29C-247F0EC225A8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{138D2CF8-DEFC-455C-AA3B-E87EA9C4EC9A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{474CA222-68EE-43B1-B051-81B392C08A60}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7BF40A84-5408-4A16-A3CA-E7841AFA15C3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B14DC644-F14B-44C8-819D-775C0D1D1A45}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{297D2FEF-BF48-447D-9242-0A37F609A351}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C69E74FB-15A9-49B8-A1DA-1064F9A2C3B5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BCF19381-4CC7-4071-8296-771CAD962BFA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{62D599B6-1B6B-4442-9269-86167E6946DA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C0D8C453-1C0C-402A-BE36-B38A936AADEE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CA8DE8C6-98D8-4410-91AE-CB58356DB903}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B2E819B0-7B60-49CE-AC71-7F1071B2B2C1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{70901A20-55C1-45D6-B1A6-B8F013AF917B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B86D8E47-AF28-42D1-AA5F-0EB5D6519ABB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2526FB10-BDA7-48B9-AC4C-2397CADBCB8C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1D83230D-45FE-4598-A6C2-4B51D969DF53}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{00FF3DD1-FCCB-4658-A254-2375FB67333C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E904BF98-5B8D-4094-BA63-0C1946080D0A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7CB3D277-2005-4A9C-B240-A41044A3DAC3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8C19F1B9-F18C-49E6-9E0A-A89B5ECF73F5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5638F4E2-0EA7-48BC-850D-B4911CBD56BD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CBFE8C37-972F-4103-A093-E700621F1BF6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{95410D59-4D21-4F49-8FB1-7F9738D37116}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1BB9B8A8-3DB3-4E9D-A918-CED21906F5A5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8959E6A8-0DCB-4AAA-92B8-9FC8881C57C8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3B596817-8244-455F-9E20-75B5BC3FF61D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{230E1D0C-5E3F-4FFB-9620-B0DF2522794F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{872D7526-2850-4F06-8D2A-C61159214A0D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A1E5DFA8-1CA1-46F0-8F19-661E4A49D63D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D78AFBB6-55FB-4273-8614-7594FFB81B59}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9D464BDB-08F2-4727-BB66-4CC876A3BE3E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E19927FA-BB6A-42A1-A99E-10ED6C19F492}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6822EC5E-04BD-48D1-AECA-DAD175F00EB3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{958F2B5E-4FE6-4997-948B-2FA29B61D75C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DF05DF17-BF1D-4189-9269-11D144C0525F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{22752B33-E463-42EC-868E-82D5437A0285}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{08D1E1DD-C1A6-4111-997F-F829AEF129DA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7D4EFAC8-E678-4CF1-825E-0661AC56B522}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0B9A910B-DBF7-4553-9D92-04AF162AB687}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DBD9870F-59C9-4F8D-B323-41FA8BF0A773}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B110BE09-36E6-4C41-B652-42C061A04464}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D4C64CC5-53CE-4D0F-9C1F-23D882E66660}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{91AA3285-F86E-43C8-B2DE-761CC9D74A26}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7524FC89-2C92-43DB-A4A8-9DF13D7DE424}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{302ECD40-7486-4952-A383-B6F4E6DA71B3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4CF14C5A-A894-4DC9-9DB4-292309F7DE32}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{450E7972-7840-437C-8F66-6B68DFBDEEBF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DBDA9E38-6D70-4AF3-95EE-D451358EF413}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{53C18C28-8B57-4034-945E-B00568C75242}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A3EDF822-C05B-4F61-8388-FC0AF913746B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{092BDF12-515E-40B8-94C9-AD6AEECC03FC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9E2784E6-8FD3-4080-B127-DD0B61CCFF59}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7561B3DB-3971-48E8-9442-90230192B58D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{90E8AB30-3D74-4742-B39F-7905C8DC05BD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D4E1278F-27AE-4FC9-8A5D-AFABEBBEC8E5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{EA4EE4BB-26AB-4C99-9F8F-48C256109363}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9DECD7C9-AB00-4C22-B72E-8D318F16EEF6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CF73EF7D-3475-4EAA-954D-2EE6564F5A84}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6B056E8E-E756-4418-A4DD-32FB64255CF0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CB8A7B4F-B5A6-4EEB-9D6E-CD4DAC577E31}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{421C9056-02F1-4DCC-9330-D3ECF84BDC59}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{66FCD4FE-47D6-4319-9AF5-F10A8658A7A8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{22E39F56-B914-47D4-9FBD-08028ED1965A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B536A463-7900-4AB7-BE05-D56A5FA2CB44}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4215AD0C-3AD7-4922-B28F-F0FC8E775D0B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{050ACBDC-729F-4865-8CA5-615973B50B81}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5280D445-BD79-40A8-B99F-EB8277677BF2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D25C3D5E-452A-412C-A63B-FD491DFD1BD8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{99F8C1A1-E30B-4E47-8B4F-E2DF07E414C3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A76259EF-2543-4B37-B1B1-099671933E1D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BC0BA36C-5EB1-4492-8E83-C1960609538B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{AB012D46-F5B2-4287-A722-23A7A324DA4F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E3A7D838-3EED-4393-B9DA-3E453B7B36AE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{28352245-79D1-4D18-8600-C281857116E2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{181319E0-C57A-405A-B6C1-6B33EA18C86A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B99EC42C-9B9E-446F-A0B1-42A5FBC79577}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{36AAA45B-F0B2-4C2F-8173-2CB9A5B91D42}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0A02A3E7-73B5-4540-843C-DE257F813F0D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2DF0A662-D4BB-4D7D-BFEE-24D46E389B44}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9879954F-AA3C-427B-B9CF-BB0937B12390}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0C39FFAC-0F18-4CBC-B3C5-6D7F0883EDBE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0F82E0D5-FDE6-4805-84A9-60F2269BE137}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FBECCAFC-7291-4719-BA4F-D4A50C07308C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2824ABA7-89D0-4536-9F1D-56328347858A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6597BFE5-D196-4035-9C2E-E2155087042A}"= c:\program files\Skype\Phone\Skype.exe:Skype
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 gupdate1c9d2f7e82e47f8;Service Google Update (gupdate1c9d2f7e82e47f8);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 133104]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2007-11-08 1369384]
R2 WacomTouchService;Wacom Touch Service;c:\windows\system32\WacomTouchService.exe [2007-10-16 95528]
S3 Wacomhidfilter;Wacom HID Filter;c:\windows\system32\DRIVERS\wacomhidfilter.sys [2007-11-05 10536]
S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2007-02-22 11312]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ECACHE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 11:50]
2009-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 11:50]
2009-08-02 c:\windows\Tasks\User_Feed_Synchronization-{00178BE8-2EC3-4720-805B-2EAA3920F7B0}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
- - - - ORPHANS REMOVED - - - -
HKLM-RunOnce-<NO NAME> - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\2o3e7dai.default\
FF - prefs.js: browser.search.selectedEngine - Google (Language: FR)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-02 21:24
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(496)
c:\windows\system32\DPPWDFLT.dll
- - - - - - - > 'Explorer.exe'(1092)
c:\windows\system32\btncopy.dll
.
Completion time: 2009-08-02 21:26
ComboFix-quarantined-files.txt 2009-08-02 19:26
ComboFix2.txt 2009-08-02 16:34
Pre-Run: 185 206 489 088 octets libres
Post-Run: 185 049 227 264 octets libres
315 --- E O F --- 2009-08-01 01:01
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.1982.1537 [GMT 2:00]
Running from: c:\users\Anna\Desktop\nanette.exe
.
/wow section not completed
((((((((((((((((((((((((( Files Created from 2009-07-02 to 2009-08-02 )))))))))))))))))))))))))))))))
.
2009-08-02 15:51 . 2009-08-02 15:51 -------- d-----w- c:\program files\CCleaner
2009-08-02 15:38 . 2009-08-02 15:48 -------- d-----w- C:\Genproc
2009-07-22 14:00 . 2009-07-22 15:07 -------- d-----w- c:\windows\BDOSCAN8
2009-07-19 15:16 . 2009-07-20 19:40 570 ----a-w- c:\windows\system32\geyekrdribmloj.dat
2009-07-17 23:46 . 2009-07-17 23:46 -------- d-----w- c:\users\Anna\AppData\Local\Graboid_Inc
2009-07-17 23:46 . 2009-07-17 23:46 -------- d-----w- c:\users\Anna\AppData\Local\Graboid
2009-07-17 23:46 . 2009-07-17 23:47 -------- d-----w- c:\users\Anna\AppData\Roaming\MozillaControl
2009-07-17 23:44 . 2009-07-17 23:49 -------- d-----w- c:\program files\Graboid
2009-07-15 13:35 . 2009-06-15 15:29 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 13:35 . 2009-06-15 15:22 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 13:35 . 2009-06-15 13:03 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 13:35 . 2009-06-15 15:23 24064 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 13:35 . 2009-06-15 15:21 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 13:35 . 2009-06-15 15:20 34304 ----a-w- c:\windows\system32\atmlib.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 19:12 . 2008-02-28 02:54 12 ----a-w- c:\windows\bthservsdp.dat
2009-08-02 19:11 . 2009-05-12 11:50 -------- d-----w- c:\users\Anna\AppData\Roaming\Skype
2009-08-02 19:10 . 2008-07-02 16:03 -------- d-----w- c:\users\Anna\AppData\Roaming\WTablet
2009-08-02 16:45 . 2008-11-25 19:26 -------- d-----w- c:\users\Anna\AppData\Roaming\skypePM
2009-08-02 16:13 . 2007-12-09 17:47 702978 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-02 16:13 . 2007-12-09 17:47 122898 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-01 12:11 . 2008-09-29 15:08 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-23 15:32 . 2008-07-02 16:55 27744 ----a-w- c:\users\Anna\AppData\Roaming\nvModes.dat
2009-07-21 21:52 . 2009-07-29 14:06 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 14:06 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 14:06 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 14:06 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-20 19:43 . 2008-11-18 06:25 7944 ----a-w- c:\users\Anna\AppData\Local\d3d9caps.dat
2009-07-16 15:23 . 2008-07-02 16:20 108248 ----a-w- c:\users\Anna\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-16 14:31 . 2007-12-09 11:48 -------- d-----w- c:\programdata\Microsoft Help
2009-07-16 03:41 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-22 20:50 . 2009-06-22 20:45 -------- d-----w- c:\program files\ImageJ
2009-06-12 01:12 . 2007-12-09 11:25 -------- d-----w- c:\program files\Microsoft Works
2009-05-28 00:13 . 2008-07-05 11:40 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-23 20:51 . 2009-02-08 12:15 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-10-25 14:30 . 2008-10-25 14:30 22 --sha-w- c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-08-02_16.32.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-09 09:07 . 2009-08-02 19:11 49248 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2007-12-09 09:07 . 2009-08-02 13:47 49248 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-08-02 19:11 96522 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-07-02 16:05 . 2009-08-02 13:47 11906 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2911090414-1564606067-2369229040-1000_UserData.bin
+ 2008-07-02 16:05 . 2009-08-02 19:11 11906 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2911090414-1564606067-2369229040-1000_UserData.bin
- 2008-07-02 15:57 . 2009-08-02 15:51 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-02 15:57 . 2009-08-02 16:54 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-02 15:57 . 2009-08-02 15:51 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-02 15:57 . 2009-08-02 16:54 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-02 15:57 . 2009-08-02 15:51 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-02 15:57 . 2009-08-02 16:54 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-16 14:55 . 2009-08-02 16:50 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-16 14:55 . 2009-08-01 23:19 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 12:54 1555480 ----a-w- c:\program files\free-downloads.net\tbfree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-11-25 171448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-08 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-08 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-08 81920]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-11-01 671744]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-29 185640]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 202032]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 671744]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-12-09 1006264]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-20 266497]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2007-03-19 259624]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-10 4702208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-5 727592]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{334B0DFC-371C-4510-B5CC-3384CF1CE68E}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{5A696AE9-874B-4BF8-B1F5-F64F2DADE9B7}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{F7855F58-EBD7-42D3-91E5-B0A1B3DE5C56}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{A067D651-8DE6-403D-86B6-A921B96BDDEA}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{92C35FAD-F088-40B7-8D3C-7ECFA28ABA23}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{D4813DEA-4C13-4A6B-8326-C7D1A4127E8E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{85FD5ADA-8E13-4E2D-A639-AF1C87CFD6B4}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{A6B10350-853E-4FCE-BA17-C963FD957A4D}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{DA6CA91C-3BCC-40E0-A33A-8920D88A724A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{609A85FA-B7FF-4F8D-90CB-23CDA9D05173}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{24388043-1BF7-4535-9114-7B71E3C1BE7F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{007F3217-331C-47EB-86B5-26A15A9C6939}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F9BAE322-4012-4D90-B254-011BC799C709}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2565FD79-317E-4210-A75A-1357687F170D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BC93BD81-5F5D-45E3-BEF9-576541834D7B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E6EB2C5B-42C1-4A91-AD52-7703DD94570A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{36CD2DB9-C2B3-477E-A1AB-5E25FB49C3B8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9CCE7A04-285D-45A5-87EE-827AD1315B2B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C5C77C1C-29E3-4FCE-9EAD-7AE2054363BB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{39FE5363-9D21-492B-B8A9-0D5D4B60A995}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1884B7A4-BD42-4EEF-A030-660EA767A98F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{28E08140-B00E-4A43-82E1-9BCCE257EAD6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7B567126-B654-4774-AC55-2063A128732A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{756AA2A2-084A-4BAB-8D08-B897DF260E3E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DC3FB23F-557A-4A8C-8665-7AF13FF15198}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A43D53D3-38BF-436C-9621-B4AEE3344617}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8BF1E9DD-A341-4BBA-BE4F-1CA6F7CF15F7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{EB2BFE68-4643-4A13-8D87-7C227A90BFC1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{857818F6-232D-4EEA-A29C-247F0EC225A8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{138D2CF8-DEFC-455C-AA3B-E87EA9C4EC9A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{474CA222-68EE-43B1-B051-81B392C08A60}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7BF40A84-5408-4A16-A3CA-E7841AFA15C3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B14DC644-F14B-44C8-819D-775C0D1D1A45}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{297D2FEF-BF48-447D-9242-0A37F609A351}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C69E74FB-15A9-49B8-A1DA-1064F9A2C3B5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BCF19381-4CC7-4071-8296-771CAD962BFA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{62D599B6-1B6B-4442-9269-86167E6946DA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C0D8C453-1C0C-402A-BE36-B38A936AADEE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CA8DE8C6-98D8-4410-91AE-CB58356DB903}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B2E819B0-7B60-49CE-AC71-7F1071B2B2C1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{70901A20-55C1-45D6-B1A6-B8F013AF917B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B86D8E47-AF28-42D1-AA5F-0EB5D6519ABB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2526FB10-BDA7-48B9-AC4C-2397CADBCB8C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1D83230D-45FE-4598-A6C2-4B51D969DF53}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{00FF3DD1-FCCB-4658-A254-2375FB67333C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E904BF98-5B8D-4094-BA63-0C1946080D0A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7CB3D277-2005-4A9C-B240-A41044A3DAC3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8C19F1B9-F18C-49E6-9E0A-A89B5ECF73F5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5638F4E2-0EA7-48BC-850D-B4911CBD56BD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CBFE8C37-972F-4103-A093-E700621F1BF6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{95410D59-4D21-4F49-8FB1-7F9738D37116}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1BB9B8A8-3DB3-4E9D-A918-CED21906F5A5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8959E6A8-0DCB-4AAA-92B8-9FC8881C57C8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3B596817-8244-455F-9E20-75B5BC3FF61D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{230E1D0C-5E3F-4FFB-9620-B0DF2522794F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{872D7526-2850-4F06-8D2A-C61159214A0D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A1E5DFA8-1CA1-46F0-8F19-661E4A49D63D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D78AFBB6-55FB-4273-8614-7594FFB81B59}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9D464BDB-08F2-4727-BB66-4CC876A3BE3E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E19927FA-BB6A-42A1-A99E-10ED6C19F492}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6822EC5E-04BD-48D1-AECA-DAD175F00EB3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{958F2B5E-4FE6-4997-948B-2FA29B61D75C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DF05DF17-BF1D-4189-9269-11D144C0525F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{22752B33-E463-42EC-868E-82D5437A0285}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{08D1E1DD-C1A6-4111-997F-F829AEF129DA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7D4EFAC8-E678-4CF1-825E-0661AC56B522}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0B9A910B-DBF7-4553-9D92-04AF162AB687}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DBD9870F-59C9-4F8D-B323-41FA8BF0A773}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B110BE09-36E6-4C41-B652-42C061A04464}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D4C64CC5-53CE-4D0F-9C1F-23D882E66660}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{91AA3285-F86E-43C8-B2DE-761CC9D74A26}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7524FC89-2C92-43DB-A4A8-9DF13D7DE424}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{302ECD40-7486-4952-A383-B6F4E6DA71B3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4CF14C5A-A894-4DC9-9DB4-292309F7DE32}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{450E7972-7840-437C-8F66-6B68DFBDEEBF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DBDA9E38-6D70-4AF3-95EE-D451358EF413}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{53C18C28-8B57-4034-945E-B00568C75242}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A3EDF822-C05B-4F61-8388-FC0AF913746B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{092BDF12-515E-40B8-94C9-AD6AEECC03FC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9E2784E6-8FD3-4080-B127-DD0B61CCFF59}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7561B3DB-3971-48E8-9442-90230192B58D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{90E8AB30-3D74-4742-B39F-7905C8DC05BD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D4E1278F-27AE-4FC9-8A5D-AFABEBBEC8E5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{EA4EE4BB-26AB-4C99-9F8F-48C256109363}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9DECD7C9-AB00-4C22-B72E-8D318F16EEF6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CF73EF7D-3475-4EAA-954D-2EE6564F5A84}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6B056E8E-E756-4418-A4DD-32FB64255CF0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CB8A7B4F-B5A6-4EEB-9D6E-CD4DAC577E31}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{421C9056-02F1-4DCC-9330-D3ECF84BDC59}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{66FCD4FE-47D6-4319-9AF5-F10A8658A7A8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{22E39F56-B914-47D4-9FBD-08028ED1965A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B536A463-7900-4AB7-BE05-D56A5FA2CB44}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4215AD0C-3AD7-4922-B28F-F0FC8E775D0B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{050ACBDC-729F-4865-8CA5-615973B50B81}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5280D445-BD79-40A8-B99F-EB8277677BF2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D25C3D5E-452A-412C-A63B-FD491DFD1BD8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{99F8C1A1-E30B-4E47-8B4F-E2DF07E414C3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A76259EF-2543-4B37-B1B1-099671933E1D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BC0BA36C-5EB1-4492-8E83-C1960609538B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{AB012D46-F5B2-4287-A722-23A7A324DA4F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E3A7D838-3EED-4393-B9DA-3E453B7B36AE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{28352245-79D1-4D18-8600-C281857116E2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{181319E0-C57A-405A-B6C1-6B33EA18C86A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B99EC42C-9B9E-446F-A0B1-42A5FBC79577}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{36AAA45B-F0B2-4C2F-8173-2CB9A5B91D42}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0A02A3E7-73B5-4540-843C-DE257F813F0D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2DF0A662-D4BB-4D7D-BFEE-24D46E389B44}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9879954F-AA3C-427B-B9CF-BB0937B12390}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0C39FFAC-0F18-4CBC-B3C5-6D7F0883EDBE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0F82E0D5-FDE6-4805-84A9-60F2269BE137}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FBECCAFC-7291-4719-BA4F-D4A50C07308C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2824ABA7-89D0-4536-9F1D-56328347858A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6597BFE5-D196-4035-9C2E-E2155087042A}"= c:\program files\Skype\Phone\Skype.exe:Skype
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 gupdate1c9d2f7e82e47f8;Service Google Update (gupdate1c9d2f7e82e47f8);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 133104]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2007-11-08 1369384]
R2 WacomTouchService;Wacom Touch Service;c:\windows\system32\WacomTouchService.exe [2007-10-16 95528]
S3 Wacomhidfilter;Wacom HID Filter;c:\windows\system32\DRIVERS\wacomhidfilter.sys [2007-11-05 10536]
S3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2007-02-22 11312]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ECACHE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 11:50]
2009-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 11:50]
2009-08-02 c:\windows\Tasks\User_Feed_Synchronization-{00178BE8-2EC3-4720-805B-2EAA3920F7B0}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
- - - - ORPHANS REMOVED - - - -
HKLM-RunOnce-<NO NAME> - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\2o3e7dai.default\
FF - prefs.js: browser.search.selectedEngine - Google (Language: FR)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-02 21:24
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(496)
c:\windows\system32\DPPWDFLT.dll
- - - - - - - > 'Explorer.exe'(1092)
c:\windows\system32\btncopy.dll
.
Completion time: 2009-08-02 21:26
ComboFix-quarantined-files.txt 2009-08-02 19:26
ComboFix2.txt 2009-08-02 16:34
Pre-Run: 185 206 489 088 octets libres
Post-Run: 185 049 227 264 octets libres
315 --- E O F --- 2009-08-01 01:01
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:39:36, on 02/08/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LO9C9TD9\HiJackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Service Google Update (gupdate1c9d2f7e82e47f8) (gupdate1c9d2f7e82e47f8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Wacom Touch Service (WacomTouchService) - Unknown owner - C:\Windows\system32\WacomTouchService.exe
Scan saved at 21:39:36, on 02/08/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LO9C9TD9\HiJackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Service Google Update (gupdate1c9d2f7e82e47f8) (gupdate1c9d2f7e82e47f8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Wacom Touch Service (WacomTouchService) - Unknown owner - C:\Windows\system32\WacomTouchService.exe
