A voir également:
- Livebox
- Just livebox - Accueil - Box & Connexion Internet
- Livebox admin - Guide
- Redémarrer livebox a distance ✓ - Forum Livebox
- Wifi livebox 5 mauvais - Forum Livebox
- Livebox clignote rouge - Forum Livebox
44 réponses
j'ai fait l'analyse il a trouvé des virus qu'il a mis en quarantaine mais quand j'ai voulu enregistré le rapport le système s'est mis en analyse car trop de fichiers on été déplacés je crois je vais essayer de recomencer.
Et là j'ai essayé de faire de nouveau l'analyse compléte mais il a commencé puis a redemmarré l'ordi rien de plus
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Pas grave Fait ce qui suis.
/!\ A l'attention de ceux qui passent sur ce sujet /!\
Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts s'il est mal utilisé ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.
/!\ Désactive tous tes logiciels de protection /!\
• Télécharge combofix(de sUBs) sur ton Bureau.
• Double-clique sur ComboFix.exe afin de le lancer.
• Il va te demander d'installer la console de récupération : accepte.
• Ne touche à rien pendant le scan.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
#Si combofix ne veut pas se lancer renommes le en ccm.exe et éxécutes le en mode sans échec .
Tutoriel officiel de Combofix : http://www.bleepingcomputer.com/combofix/fr/comment-utiliser¬-combofix
/!\ A l'attention de ceux qui passent sur ce sujet /!\
Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts s'il est mal utilisé ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.
/!\ Désactive tous tes logiciels de protection /!\
• Télécharge combofix(de sUBs) sur ton Bureau.
• Double-clique sur ComboFix.exe afin de le lancer.
• Il va te demander d'installer la console de récupération : accepte.
• Ne touche à rien pendant le scan.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
#Si combofix ne veut pas se lancer renommes le en ccm.exe et éxécutes le en mode sans échec .
Tutoriel officiel de Combofix : http://www.bleepingcomputer.com/combofix/fr/comment-utiliser¬-combofix
ComboFix 09-10-13.04 - Romi 14/10/2009 17:52.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3069.2002 [GMT 2:00]
Lancé depuis: c:\users\Romi\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\21c47.msi
c:\windows\Installer\21c4b.msi
c:\windows\Installer\21c4f.msi
c:\windows\Installer\21c53.msi
c:\windows\Installer\21c57.msi
c:\windows\Installer\294847.msi
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-14 au 2009-10-14 ))))))))))))))))))))))))))))))))))))
.
2009-10-14 16:01 . 2009-10-14 16:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-11 11:06 . 2009-10-11 12:06 -------- d-----w- c:\users\Romi\DoctorWeb
2009-10-11 10:27 . 2009-10-11 10:48 -------- d-----w- C:\UsbFix
2009-10-10 04:54 . 2009-10-10 04:54 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-10-09 22:04 . 2009-10-09 22:04 -------- d-----w- c:\users\Romi\AppData\Roaming\VistaCodecs
2009-10-03 09:28 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-03 09:23 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-03 09:23 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-03 09:23 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-03 09:23 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-03 09:23 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-03 09:23 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-03 09:23 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-03 09:23 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-03 09:23 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-09-27 16:28 . 2009-09-27 16:28 -------- d-----w- c:\users\Romi\AppData\Local\Deployment
2009-09-27 16:28 . 2009-09-27 16:28 -------- d-----w- c:\users\Romi\AppData\Local\Apps
2009-09-27 16:09 . 2009-09-27 16:09 -------- d-----w- c:\users\Romi\AppData\Roaming\Malwarebytes
2009-09-27 16:09 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-27 16:09 . 2009-09-27 16:09 -------- d-----w- c:\programdata\Malwarebytes
2009-09-27 16:09 . 2009-09-27 16:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-27 16:09 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-27 16:07 . 2009-09-27 16:09 4045528 ----a-w- c:\program files\mbam-setup.exe
2009-09-27 15:51 . 2009-09-27 15:51 -------- d-----w- C:\_OTM
2009-09-27 15:50 . 2009-09-27 15:50 408064 ----a-w- c:\program files\OTM.exe
2009-09-27 15:23 . 2008-06-05 16:18 5737 ----a-w- c:\users\Romi\AppData\Local\gnc.exe
2009-09-27 14:56 . 2009-09-27 15:23 -------- d-----w- c:\program files\Navilog1
2009-09-27 08:18 . 2009-09-27 09:14 -------- d-----w- C:\ToolBar SD
2009-09-27 07:43 . 2009-10-11 10:03 -------- d-----w- c:\program files\trend micro
2009-09-27 07:43 . 2009-09-27 07:43 -------- d-----w- C:\rsit
2009-09-25 19:41 . 2009-09-25 19:41 41280 ----a-w- c:\windows\system32\shell.reg
2009-09-25 19:19 . 2009-09-25 19:35 40960 ----a-w- c:\users\Romi\Look2Me-Destroyer.exe
2009-09-18 23:48 . 2009-10-01 22:38 -------- d-----w- c:\users\Romi\AppData\Roaming\LimeWire
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 15:24 . 2009-02-21 14:34 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-14 15:24 . 2009-02-21 14:34 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-13 20:12 . 2009-09-05 23:12 6836 ----a-w- c:\users\Romi\AppData\Local\d3d9caps.dat
2009-10-13 16:52 . 2009-02-21 07:51 -------- d-----w- c:\programdata\Microsoft Help
2009-10-09 22:04 . 2009-08-29 23:34 -------- d-----w- c:\programdata\VistaCodecs
2009-09-26 08:40 . 2009-08-29 18:21 75264 ----a-w- c:\users\Romi\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-19 00:59 . 2009-09-13 09:35 -------- d-----w- c:\program files\Yahoo!
2009-09-17 19:45 . 2009-02-21 07:58 -------- d-----w- c:\programdata\CyberLink
2009-09-13 12:18 . 2009-08-31 17:34 -------- d-----w- c:\program files\PacificPoker
2009-09-13 09:47 . 2009-09-13 09:47 -------- d-----w- c:\program files\Alwil Software
2009-09-13 09:41 . 2009-02-21 06:54 -------- d-----w- c:\programdata\Norton
2009-09-13 09:35 . 2009-09-13 09:35 -------- d-----w- c:\program files\CCleaner
2009-09-13 09:35 . 2009-09-13 09:35 -------- d-----w- c:\users\Romi\AppData\Roaming\Yahoo!
2009-09-13 09:33 . 2009-09-13 09:33 308160 ----a-w- c:\program files\avast_home_setup.exe
2009-09-13 02:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-13 02:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-13 02:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-13 02:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-13 02:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-13 02:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-13 02:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-10 05:00 . 2009-09-02 05:15 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-05 23:08 . 2003-04-05 12:33 20458 ----a-w- c:\windows\hpoins01.dat
2009-09-05 23:07 . 2009-02-21 06:37 -------- d-----w- c:\program files\Hewlett-Packard
2009-09-05 23:07 . 2009-09-05 23:07 77004 ----a-w- c:\windows\system32\drivers\AFS.SYS
2009-09-05 22:56 . 2009-09-05 22:56 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-09-02 20:44 . 2009-02-21 07:39 -------- d-----w- c:\program files\Microsoft Works
2009-09-02 05:15 . 2009-09-02 05:08 -------- d-----w- c:\program files\Microsoft
2009-09-02 05:14 . 2009-09-02 05:08 -------- d-----w- c:\program files\Windows Live
2009-09-02 05:13 . 2009-09-02 05:13 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-09-02 05:11 . 2009-09-02 05:11 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-02 05:08 . 2009-09-02 05:08 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-02 04:55 . 2009-09-02 04:55 -------- d-----w- c:\program files\Common Files\Windows Live
2009-08-31 17:35 . 2009-08-31 17:34 -------- d-----w- c:\users\Romi\AppData\Roaming\PacificPoker
2009-08-31 17:25 . 2009-08-31 17:25 -------- d-----w- c:\programdata\LightScribe
2009-08-31 16:29 . 2009-02-21 07:57 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-31 15:26 . 2009-08-31 15:26 -------- d-----w- c:\program files\QuickTime
2009-08-31 05:00 . 2009-08-31 05:00 -------- d-----w- c:\program files\Google
2009-08-30 16:27 . 2009-08-29 18:31 -------- d-----w- c:\users\Romi\AppData\Roaming\hewlett-packard
2009-08-30 16:27 . 2009-02-21 06:52 -------- d-----w- c:\programdata\Hewlett-Packard
2009-08-30 06:05 . 2009-08-30 06:05 -------- d-----w- c:\users\Romi\AppData\Roaming\WildTangent
2009-08-30 06:05 . 2009-02-21 07:21 -------- d-----w- c:\programdata\WildTangent
2009-08-30 05:52 . 2009-08-30 05:52 -------- d-----w- c:\users\Romi\AppData\Roaming\CyberLink
2009-08-29 23:35 . 2009-08-29 23:35 -------- d-----w- c:\program files\VistaCodecPack
2009-08-29 23:34 . 2009-08-29 23:34 20750642 ----a-w- c:\program files\VistaCodecs_v540.exe
2009-08-29 23:12 . 2009-08-29 22:11 -------- d-----w- c:\users\Romi\AppData\Roaming\Skype
2009-08-29 22:06 . 2009-08-29 21:25 -------- d-----w- c:\users\Romi\AppData\Roaming\U3
2009-08-29 22:01 . 2009-08-29 22:01 -------- d-----w- c:\program files\Skype
2009-08-29 22:01 . 2009-08-29 22:00 -------- d-----w- c:\programdata\Skype
2009-08-29 22:01 . 2009-08-29 22:01 -------- d-----w- c:\program files\Common Files\Skype
2009-08-29 21:25 . 2009-08-29 21:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-08-29 21:04 . 2009-08-29 21:04 -------- d-----w- c:\program files\MSXML 4.0
2009-08-29 20:44 . 2009-08-29 20:34 -------- d-----w- c:\program files\OrangeHSS
2009-08-29 20:35 . 2009-08-29 20:35 -------- d-----w- c:\program files\Securitoo
2009-08-29 20:33 . 2009-08-29 20:33 -------- d-----w- c:\program files\Common Files\France Telecom
2009-08-29 20:31 . 2009-02-21 08:15 -------- d-----w- c:\program files\SMINST
2009-08-29 19:03 . 2009-02-21 06:55 -------- d-----w- c:\programdata\Symantec
2009-08-29 18:32 . 2009-08-29 18:32 -------- d-----w- c:\users\Romi\AppData\Roaming\ATI
2009-08-29 18:17 . 2009-08-29 18:17 -------- d-----w- c:\users\Romi\AppData\Roaming\HP TCS
2009-08-29 18:15 . 2009-08-29 18:15 0 --sha-r- c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv7 Notebook PC_Y5335KV_0U_QCNF926044D_E518373-051_4A_I3063_SQuanta_V19.15_F.13_T090511_WV3-1_L40C_M3069_J250_7AMD_8F31_92.10_#090620_N10EC8168;168C002B_(VB341EA#ABF)_XMOBILE_CN10_Z_2Rev 1.MRK
2009-08-29 18:14 . 2009-08-29 18:14 -------- d-sh--we c:\program files\Fichiers communs
2009-08-29 18:14 . 2009-08-29 18:14 -------- d-sh--we c:\programdata\Modèles
2009-08-29 18:14 . 2009-08-29 18:14 -------- d-sh--we c:\programdata\Menu Démarrer
2009-08-29 18:14 . 2009-08-29 18:14 -------- d-sh--we c:\programdata\Favoris
2009-08-29 18:14 . 2009-08-29 18:14 -------- d-sh--we c:\programdata\Bureau
2009-08-29 00:27 . 2009-09-02 20:16 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 20:16 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-17 16:10 . 2009-09-13 09:47 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:05 . 2009-09-13 09:47 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-09-13 09:47 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:05 . 2009-09-13 09:47 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-08-17 16:04 . 2009-09-13 09:47 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-09-13 09:47 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:02 . 2009-09-13 09:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-14 16:27 . 2009-09-09 21:12 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 21:12 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 21:12 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 21:12 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 21:12 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 21:12 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 21:12 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 21:12 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 21:12 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 21:12 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 21:12 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-05 20:48 . 2009-09-02 05:14 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-08-03 13:07 . 2009-08-03 13:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 13:07 . 2009-08-03 13:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 13:07 . 2009-08-03 13:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-18 16:01 . 2009-08-29 21:02 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 11:35 . 2009-08-29 21:02 828416 ----a-w- c:\windows\system32\wininet.dll
2009-07-17 13:54 . 2009-08-29 21:03 71680 ----a-w- c:\windows\system32\atl.dll
2009-02-21 14:55 . 2009-02-21 14:37 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-31 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-28 1148200]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]
"UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-11-18 914224]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-21 136600]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-01-08 450663]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-02-09 206120]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"UacDisableNotify"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):49,c0,8c,e9,c1,33,ca,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D755B445-097C-4669-93A1-C8EE2CAE6C35}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9D25949F-513A-4944-A71A-47B3CBCD8FB2}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E29E5EF1-EB15-4B70-9BE8-4D65C638342E}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{99E39947-4100-4840-8BF1-494ABE56D9E1}"= c:\program files\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe:HP TouchSmart Music
"{2532C590-49C7-4B7C-AECC-D6015ADF2322}"= c:\program files\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe:HP TouchSmart Photo
"{B562D545-597B-4FC6-90C5-3BAB8DD17B81}"= c:\program files\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe:HP TouchSmart Video
"{32FB9A0F-FB29-4DE4-A92C-D4D4994BB60A}"= c:\program files\Hewlett-Packard\Media\DVD\TSMAgent.exe:HP TouchSmart Media Resident Program
"{091AA9A8-7D8E-4F3C-B20D-336259BBCC8B}"= c:\program files\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe:CyberLink Media Service
"{D77F360A-4857-4EF5-8C75-E6F03DE4D854}"= c:\program files\Hewlett-Packard\Media\DVD\HPDVDSmart.exe:HP MediaSmart DVD
"{1CC0DF4C-D367-4786-80EB-D35C1C638412}"= c:\program files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe:HP TouchSmart Music
"{84D55010-07D3-47D5-9E61-182DABE54B4D}"= c:\program files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe:HP TouchSmart Photo
"{EA150BCA-FEF8-4FD4-9EA0-F121B9C1ED25}"= c:\program files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe:HP TouchSmart Video
"{7960C910-F393-4823-8ACE-129C9A8AE766}"= c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe:HP TouchSmart Media Resident Program
"{09E54511-EFE6-41E8-B3BC-116628BEFC6B}"= c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe:CyberLink Media Service
"{D9D9501A-6300-4198-B749-B37D675F4733}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6E1E812F-1F41-4D95-BB8C-71AF7AA205D8}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live FolderShare
"TCP Query User{7AC69D10-5040-460F-92E1-80F7D57AB04F}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{6DD0E1DD-69AB-42C5-A8C5-A3FCFFCFA868}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{8A0D3BD3-8C11-411E-AFFC-5AA5AB1E0760}"= c:\program files\Hewlett-Packard\Media\TV\QP.exe:Quick Play
"{41B742B9-6586-4EDE-8D5A-45F7B5E61052}"= c:\program files\Hewlett-Packard\Media\TV\QPService.exe:Quick Play Resident Program
"TCP Query User{DC33C42E-B9F7-42EB-88B0-21AE914C1D38}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{580FFEA5-EC07-4835-A227-FED0576E01C3}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [13/09/2009 11:47 114768]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/06/20 03:57];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [28/11/2008 18:04 87536]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\AEstSrv.exe [20/06/2009 03:15 77824]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [13/09/2009 11:47 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [13/09/2009 11:47 53328]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 04:23 21504]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [18/03/2008 16:24 19456]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [21/02/2009 10:15 365952]
R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [09/02/2009 18:14 296320]
R2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [09/02/2009 18:14 116096]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [21/02/2009 09:08 222512]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [04/09/2008 19:47 54784]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [20/06/2009 03:19 22072]
S0 AFS;AFS;c:\windows\System32\drivers\AFS.SYS [06/09/2009 01:07 77004]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [02/09/2009 07:14 54632]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [05/12/2008 13:06 109408]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [29/08/2009 22:36 28224]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'
2009-10-11 c:\windows\Tasks\HPCeeScheduleForRomi.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-21 10:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.orange.fr/
mWindow Title =
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: mappy.com
Trusted Zone: orange.fr
Trusted Zone: voila.fr\rw.search.ke
Trusted Zone: weborama.fr\orange
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-14 18:01
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
Heure de fin: 2009-10-14 18:03
ComboFix-quarantined-files.txt 2009-10-14 16:02
Avant-CF: 167 627 137 024 octets libres
Après-CF: 167 589 625 856 octets libres
274 --- E O F --- 2009-10-13 16:52
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3069.2002 [GMT 2:00]
Lancé depuis: c:\users\Romi\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\21c47.msi
c:\windows\Installer\21c4b.msi
c:\windows\Installer\21c4f.msi
c:\windows\Installer\21c53.msi
c:\windows\Installer\21c57.msi
c:\windows\Installer\294847.msi
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-09-14 au 2009-10-14 ))))))))))))))))))))))))))))))))))))
.
2009-10-14 16:01 . 2009-10-14 16:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-11 11:06 . 2009-10-11 12:06 -------- d-----w- c:\users\Romi\DoctorWeb
2009-10-11 10:27 . 2009-10-11 10:48 -------- d-----w- C:\UsbFix
2009-10-10 04:54 . 2009-10-10 04:54 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-10-09 22:04 . 2009-10-09 22:04 -------- d-----w- c:\users\Romi\AppData\Roaming\VistaCodecs
2009-10-03 09:28 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-03 09:23 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-03 09:23 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-03 09:23 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-03 09:23 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-03 09:23 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-03 09:23 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-03 09:23 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-03 09:23 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-03 09:23 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-09-27 16:28 . 2009-09-27 16:28 -------- d-----w- c:\users\Romi\AppData\Local\Deployment
2009-09-27 16:28 . 2009-09-27 16:28 -------- d-----w- c:\users\Romi\AppData\Local\Apps
2009-09-27 16:09 . 2009-09-27 16:09 -------- d-----w- c:\users\Romi\AppData\Roaming\Malwarebytes
2009-09-27 16:09 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-27 16:09 . 2009-09-27 16:09 -------- d-----w- c:\programdata\Malwarebytes
2009-09-27 16:09 . 2009-09-27 16:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-27 16:09 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-27 16:07 . 2009-09-27 16:09 4045528 ----a-w- c:\program files\mbam-setup.exe
2009-09-27 15:51 . 2009-09-27 15:51 -------- d-----w- C:\_OTM
2009-09-27 15:50 . 2009-09-27 15:50 408064 ----a-w- c:\program files\OTM.exe
2009-09-27 15:23 . 2008-06-05 16:18 5737 ----a-w- c:\users\Romi\AppData\Local\gnc.exe
2009-09-27 14:56 . 2009-09-27 15:23 -------- d-----w- c:\program files\Navilog1
2009-09-27 08:18 . 2009-09-27 09:14 -------- d-----w- C:\ToolBar SD
2009-09-27 07:43 . 2009-10-11 10:03 -------- d-----w- c:\program files\trend micro
2009-09-27 07:43 . 2009-09-27 07:43 -------- d-----w- C:\rsit
2009-09-25 19:41 . 2009-09-25 19:41 41280 ----a-w- c:\windows\system32\shell.reg
2009-09-25 19:19 . 2009-09-25 19:35 40960 ----a-w- c:\users\Romi\Look2Me-Destroyer.exe
2009-09-18 23:48 . 2009-10-01 22:38 -------- d-----w- c:\users\Romi\AppData\Roaming\LimeWire
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 15:24 . 2009-02-21 14:34 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-14 15:24 . 2009-02-21 14:34 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-13 20:12 . 2009-09-05 23:12 6836 ----a-w- c:\users\Romi\AppData\Local\d3d9caps.dat
2009-10-13 16:52 . 2009-02-21 07:51 -------- d-----w- c:\programdata\Microsoft Help
2009-10-09 22:04 . 2009-08-29 23:34 -------- d-----w- c:\programdata\VistaCodecs
2009-09-26 08:40 . 2009-08-29 18:21 75264 ----a-w- c:\users\Romi\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-19 00:59 . 2009-09-13 09:35 -------- d-----w- c:\program files\Yahoo!
2009-09-17 19:45 . 2009-02-21 07:58 -------- d-----w- c:\programdata\CyberLink
2009-09-13 12:18 . 2009-08-31 17:34 -------- d-----w- c:\program files\PacificPoker
2009-09-13 09:47 . 2009-09-13 09:47 -------- d-----w- c:\program files\Alwil Software
2009-09-13 09:41 . 2009-02-21 06:54 -------- d-----w- c:\programdata\Norton
2009-09-13 09:35 . 2009-09-13 09:35 -------- d-----w- c:\program files\CCleaner
2009-09-13 09:35 . 2009-09-13 09:35 -------- d-----w- c:\users\Romi\AppData\Roaming\Yahoo!
2009-09-13 09:33 . 2009-09-13 09:33 308160 ----a-w- c:\program files\avast_home_setup.exe
2009-09-13 02:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-13 02:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-13 02:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-13 02:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-13 02:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-13 02:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-13 02:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-10 05:00 . 2009-09-02 05:15 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-05 23:08 . 2003-04-05 12:33 20458 ----a-w- c:\windows\hpoins01.dat
2009-09-05 23:07 . 2009-02-21 06:37 -------- d-----w- c:\program files\Hewlett-Packard
2009-09-05 23:07 . 2009-09-05 23:07 77004 ----a-w- c:\windows\system32\drivers\AFS.SYS
2009-09-05 22:56 . 2009-09-05 22:56 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-09-02 20:44 . 2009-02-21 07:39 -------- d-----w- c:\program files\Microsoft Works
2009-09-02 05:15 . 2009-09-02 05:08 -------- d-----w- c:\program files\Microsoft
2009-09-02 05:14 . 2009-09-02 05:08 -------- d-----w- c:\program files\Windows Live
2009-09-02 05:13 . 2009-09-02 05:13 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-09-02 05:11 . 2009-09-02 05:11 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-02 05:08 . 2009-09-02 05:08 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-02 04:55 . 2009-09-02 04:55 -------- d-----w- c:\program files\Common Files\Windows Live
2009-08-31 17:35 . 2009-08-31 17:34 -------- d-----w- c:\users\Romi\AppData\Roaming\PacificPoker
2009-08-31 17:25 . 2009-08-31 17:25 -------- d-----w- c:\programdata\LightScribe
2009-08-31 16:29 . 2009-02-21 07:57 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-31 15:26 . 2009-08-31 15:26 -------- d-----w- c:\program files\QuickTime
2009-08-31 05:00 . 2009-08-31 05:00 -------- d-----w- c:\program files\Google
2009-08-30 16:27 . 2009-08-29 18:31 -------- d-----w- c:\users\Romi\AppData\Roaming\hewlett-packard
2009-08-30 16:27 . 2009-02-21 06:52 -------- d-----w- c:\programdata\Hewlett-Packard
2009-08-30 06:05 . 2009-08-30 06:05 -------- d-----w- c:\users\Romi\AppData\Roaming\WildTangent
2009-08-30 06:05 . 2009-02-21 07:21 -------- d-----w- c:\programdata\WildTangent
2009-08-30 05:52 . 2009-08-30 05:52 -------- d-----w- c:\users\Romi\AppData\Roaming\CyberLink
2009-08-29 23:35 . 2009-08-29 23:35 -------- d-----w- c:\program files\VistaCodecPack
2009-08-29 23:34 . 2009-08-29 23:34 20750642 ----a-w- c:\program files\VistaCodecs_v540.exe
2009-08-29 23:12 . 2009-08-29 22:11 -------- d-----w- c:\users\Romi\AppData\Roaming\Skype
2009-08-29 22:06 . 2009-08-29 21:25 -------- d-----w- c:\users\Romi\AppData\Roaming\U3
2009-08-29 22:01 . 2009-08-29 22:01 -------- d-----w- c:\program files\Skype
2009-08-29 22:01 . 2009-08-29 22:00 -------- d-----w- c:\programdata\Skype
2009-08-29 22:01 . 2009-08-29 22:01 -------- d-----w- c:\program files\Common Files\Skype
2009-08-29 21:25 . 2009-08-29 21:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-08-29 21:04 . 2009-08-29 21:04 -------- d-----w- c:\program files\MSXML 4.0
2009-08-29 20:44 . 2009-08-29 20:34 -------- d-----w- c:\program files\OrangeHSS
2009-08-29 20:35 . 2009-08-29 20:35 -------- d-----w- c:\program files\Securitoo
2009-08-29 20:33 . 2009-08-29 20:33 -------- d-----w- c:\program files\Common Files\France Telecom
2009-08-29 20:31 . 2009-02-21 08:15 -------- d-----w- c:\program files\SMINST
2009-08-29 19:03 . 2009-02-21 06:55 -------- d-----w- c:\programdata\Symantec
2009-08-29 18:32 . 2009-08-29 18:32 -------- d-----w- c:\users\Romi\AppData\Roaming\ATI
2009-08-29 18:17 . 2009-08-29 18:17 -------- d-----w- c:\users\Romi\AppData\Roaming\HP TCS
2009-08-29 18:15 . 2009-08-29 18:15 0 --sha-r- c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv7 Notebook PC_Y5335KV_0U_QCNF926044D_E518373-051_4A_I3063_SQuanta_V19.15_F.13_T090511_WV3-1_L40C_M3069_J250_7AMD_8F31_92.10_#090620_N10EC8168;168C002B_(VB341EA#ABF)_XMOBILE_CN10_Z_2Rev 1.MRK
2009-08-29 18:14 . 2009-08-29 18:14 -------- d-sh--we c:\program files\Fichiers communs
2009-08-29 18:14 . 2009-08-29 18:14 -------- d-sh--we c:\programdata\Modèles
2009-08-29 18:14 . 2009-08-29 18:14 -------- d-sh--we c:\programdata\Menu Démarrer
2009-08-29 18:14 . 2009-08-29 18:14 -------- d-sh--we c:\programdata\Favoris
2009-08-29 18:14 . 2009-08-29 18:14 -------- d-sh--we c:\programdata\Bureau
2009-08-29 00:27 . 2009-09-02 20:16 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 20:16 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-17 16:10 . 2009-09-13 09:47 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:05 . 2009-09-13 09:47 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-09-13 09:47 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:05 . 2009-09-13 09:47 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-08-17 16:04 . 2009-09-13 09:47 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-09-13 09:47 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:02 . 2009-09-13 09:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-14 16:27 . 2009-09-09 21:12 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 21:12 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 21:12 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 21:12 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 21:12 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 21:12 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 21:12 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 21:12 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 21:12 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 21:12 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 21:12 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-05 20:48 . 2009-09-02 05:14 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-08-03 13:07 . 2009-08-03 13:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 13:07 . 2009-08-03 13:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 13:07 . 2009-08-03 13:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-18 16:01 . 2009-08-29 21:02 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 11:35 . 2009-08-29 21:02 828416 ----a-w- c:\windows\system32\wininet.dll
2009-07-17 13:54 . 2009-08-29 21:03 71680 ----a-w- c:\windows\system32\atl.dll
2009-02-21 14:55 . 2009-02-21 14:37 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-31 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-28 1148200]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]
"UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-11-18 914224]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-21 136600]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-01-08 450663]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-02-09 206120]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"UacDisableNotify"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):49,c0,8c,e9,c1,33,ca,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D755B445-097C-4669-93A1-C8EE2CAE6C35}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9D25949F-513A-4944-A71A-47B3CBCD8FB2}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E29E5EF1-EB15-4B70-9BE8-4D65C638342E}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{99E39947-4100-4840-8BF1-494ABE56D9E1}"= c:\program files\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe:HP TouchSmart Music
"{2532C590-49C7-4B7C-AECC-D6015ADF2322}"= c:\program files\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe:HP TouchSmart Photo
"{B562D545-597B-4FC6-90C5-3BAB8DD17B81}"= c:\program files\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe:HP TouchSmart Video
"{32FB9A0F-FB29-4DE4-A92C-D4D4994BB60A}"= c:\program files\Hewlett-Packard\Media\DVD\TSMAgent.exe:HP TouchSmart Media Resident Program
"{091AA9A8-7D8E-4F3C-B20D-336259BBCC8B}"= c:\program files\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe:CyberLink Media Service
"{D77F360A-4857-4EF5-8C75-E6F03DE4D854}"= c:\program files\Hewlett-Packard\Media\DVD\HPDVDSmart.exe:HP MediaSmart DVD
"{1CC0DF4C-D367-4786-80EB-D35C1C638412}"= c:\program files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe:HP TouchSmart Music
"{84D55010-07D3-47D5-9E61-182DABE54B4D}"= c:\program files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe:HP TouchSmart Photo
"{EA150BCA-FEF8-4FD4-9EA0-F121B9C1ED25}"= c:\program files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe:HP TouchSmart Video
"{7960C910-F393-4823-8ACE-129C9A8AE766}"= c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe:HP TouchSmart Media Resident Program
"{09E54511-EFE6-41E8-B3BC-116628BEFC6B}"= c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe:CyberLink Media Service
"{D9D9501A-6300-4198-B749-B37D675F4733}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6E1E812F-1F41-4D95-BB8C-71AF7AA205D8}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live FolderShare
"TCP Query User{7AC69D10-5040-460F-92E1-80F7D57AB04F}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{6DD0E1DD-69AB-42C5-A8C5-A3FCFFCFA868}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{8A0D3BD3-8C11-411E-AFFC-5AA5AB1E0760}"= c:\program files\Hewlett-Packard\Media\TV\QP.exe:Quick Play
"{41B742B9-6586-4EDE-8D5A-45F7B5E61052}"= c:\program files\Hewlett-Packard\Media\TV\QPService.exe:Quick Play Resident Program
"TCP Query User{DC33C42E-B9F7-42EB-88B0-21AE914C1D38}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{580FFEA5-EC07-4835-A227-FED0576E01C3}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [13/09/2009 11:47 114768]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/06/20 03:57];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [28/11/2008 18:04 87536]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\AEstSrv.exe [20/06/2009 03:15 77824]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [13/09/2009 11:47 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [13/09/2009 11:47 53328]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 04:23 21504]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [18/03/2008 16:24 19456]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [21/02/2009 10:15 365952]
R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [09/02/2009 18:14 296320]
R2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [09/02/2009 18:14 116096]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [21/02/2009 09:08 222512]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [04/09/2008 19:47 54784]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [20/06/2009 03:19 22072]
S0 AFS;AFS;c:\windows\System32\drivers\AFS.SYS [06/09/2009 01:07 77004]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [02/09/2009 07:14 54632]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [05/12/2008 13:06 109408]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [29/08/2009 22:36 28224]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'
2009-10-11 c:\windows\Tasks\HPCeeScheduleForRomi.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-21 10:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.orange.fr/
mWindow Title =
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: mappy.com
Trusted Zone: orange.fr
Trusted Zone: voila.fr\rw.search.ke
Trusted Zone: weborama.fr\orange
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-14 18:01
Windows 6.0.6002 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
Heure de fin: 2009-10-14 18:03
ComboFix-quarantined-files.txt 2009-10-14 16:02
Avant-CF: 167 627 137 024 octets libres
Après-CF: 167 589 625 856 octets libres
274 --- E O F --- 2009-10-13 16:52
supprime Combofix de cette manière, clique sur le bouton démarrer/ Exécuter puis tape la commande où copier/coller : ComboFix /u
* Télécharge OtmoveIT (de Old_Timer) sur ton Bureau
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/ (de OldTimer) sur ton Bureau
* Double-clique sur OTMoveIt.exe pour le lancer.
* Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.
* copie la liste en gras ci-dessous et colle la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.
:processes
explorer.exe
:files
c:\users\Romi\AppData\Local\gnc.exe
:commands
[emptytemp]
[purity]
[start explorer]
[reboot]
-----------------------------
* clique sur MoveIt! pour lancer la suppression.
* Le résultat apparaitra dans le cadre "Results".
* Clique sur Exit pour fermer.
* Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
* Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
***********************************************************************
Comment se comporte ton pc ?
Post un rapport rsit.a+
* Télécharge OtmoveIT (de Old_Timer) sur ton Bureau
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/ (de OldTimer) sur ton Bureau
* Double-clique sur OTMoveIt.exe pour le lancer.
* Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.
* copie la liste en gras ci-dessous et colle la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.
:processes
explorer.exe
:files
c:\users\Romi\AppData\Local\gnc.exe
:commands
[emptytemp]
[purity]
[start explorer]
[reboot]
-----------------------------
* clique sur MoveIt! pour lancer la suppression.
* Le résultat apparaitra dans le cadre "Results".
* Clique sur Exit pour fermer.
* Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
* Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
***********************************************************************
Comment se comporte ton pc ?
Post un rapport rsit.a+
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
c:\users\Romi\AppData\Local\gnc.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 67 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Romi
File delete failed. C:\Users\Romi\AppData\Local\Temp\~DF308C.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 355692 bytes
->Temporary Internet Files folder emptied: 186208713 bytes
->Google Chrome cache emptied: 6806001 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\Windows\temp\fwtsqmfile00.sqm scheduled to be deleted on reboot.
Windows Temp folder emptied: 120 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 184,41 mb
OTM by OldTimer - Version 3.0.0.6 log created on 10142009_183323
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
c:\users\Romi\AppData\Local\gnc.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 67 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Romi
File delete failed. C:\Users\Romi\AppData\Local\Temp\~DF308C.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 355692 bytes
->Temporary Internet Files folder emptied: 186208713 bytes
->Google Chrome cache emptied: 6806001 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\Windows\temp\fwtsqmfile00.sqm scheduled to be deleted on reboot.
Windows Temp folder emptied: 120 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 184,41 mb
OTM by OldTimer - Version 3.0.0.6 log created on 10142009_183323
Logfile of random's system information tool 1.06 (written by random/random)
Run by Romi at 2009-10-14 19:27:06
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 160 GB (70%) free of 228 GB
Total RAM: 3069 MB (55% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27:11, on 14/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Romi\Documents\RSIT.exe
C:\Program Files\trend micro\Romi.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\aestsrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\STacSV.exe
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
Run by Romi at 2009-10-14 19:27:06
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 160 GB (70%) free of 228 GB
Total RAM: 3069 MB (55% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27:11, on 14/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Romi\Documents\RSIT.exe
C:\Program Files\trend micro\Romi.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\aestsrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\STacSV.exe
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
Cherche ce fichier et ouvre le C:\Program Files\trend micro\Romi.exe
• Relances hijackthis
• Choisi do a system scan only cette fois-ci.
• Puis coche les lignes suivantes et appuie sur fix checked.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - Global Startup: hp psc 1000 series.lnk = ?
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
• Post un nouveau rapport.
• Relances hijackthis
• Choisi do a system scan only cette fois-ci.
• Puis coche les lignes suivantes et appuie sur fix checked.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - Global Startup: hp psc 1000 series.lnk = ?
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
• Post un nouveau rapport.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Romi at 2009-10-14 20:01:08
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 160 GB (70%) free of 228 GB
Total RAM: 3069 MB (58% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01:10, on 14/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Romi\Downloads\RSIT.exe
C:\Program Files\trend micro\Romi.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\aestsrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\STacSV.exe
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
Run by Romi at 2009-10-14 20:01:08
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 160 GB (70%) free of 228 GB
Total RAM: 3069 MB (58% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01:10, on 14/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Romi\Downloads\RSIT.exe
C:\Program Files\trend micro\Romi.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\aestsrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c92065b9\STacSV.exe
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
