9 réponses
Bonjour
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Vas dans "Démarrer" puis Panneau de configuration.
- Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.
- Clique sur Continuer.
- Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
- Valide par OK et redémarre.
ensuite
Télécharge sur le bureau
ftp://ftp.commentcamarche.com/download/HJTInstall.exe
= Double-clic dessus pour l'installer
= Clic Do a system scan and save the log
=coller le rapport
si problème voir l'aide
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
ensuite
Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
=> Installe le
=> Ensuite va en mode sans echec
Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
=> Lance malwarebytes
=> Coche "Executer un examen complet"
=> Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
=> Clique sur Supprimer la sélection
=> Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
=> Fait copier coller et poste le rapport
@+
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Vas dans "Démarrer" puis Panneau de configuration.
- Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.
- Clique sur Continuer.
- Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
- Valide par OK et redémarre.
ensuite
Télécharge sur le bureau
ftp://ftp.commentcamarche.com/download/HJTInstall.exe
= Double-clic dessus pour l'installer
= Clic Do a system scan and save the log
=coller le rapport
si problème voir l'aide
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
ensuite
Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
=> Installe le
=> Ensuite va en mode sans echec
Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
=> Lance malwarebytes
=> Coche "Executer un examen complet"
=> Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
=> Clique sur Supprimer la sélection
=> Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
=> Fait copier coller et poste le rapport
@+
et la le 2eme apres avoir essaié d'enlever les fichiers..
Logfile of HijackThis v1.99.1
Scan saved at 03:22:16, on 12.05.2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Rasta Nina\Desktop\ccm.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://upcmail.hispeed.ch/appsuite/signin
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {73D3A10F-C33F-440A-AD80-0C1D4ABBB3FD} - C:\Users\RASTAN~1\AppData\Local\Temp\xxyxWQKb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 03:22:16, on 12.05.2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Rasta Nina\Desktop\ccm.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://upcmail.hispeed.ch/appsuite/signin
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {73D3A10F-C33F-440A-AD80-0C1D4ABBB3FD} - C:\Users\RASTAN~1\AppData\Local\Temp\xxyxWQKb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)
voila je crois que c bon, jai enlever le trojan avec ton programm alors voici le log apres la supression des fichiers..
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 740
Type de recherche: Examen rapide
Eléments examinés: 31772
Temps écoulé: 2 minute(s), 27 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{f1b2b165-fbf2-4eb3-98ff-9cf5506062b5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f1b2b165-fbf2-4eb3-98ff-9cf5506062b5} (Trojan.Vundo) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Windows\System32\ljJBrRjK.dll (Trojan.Agent) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 740
Type de recherche: Examen rapide
Eléments examinés: 31772
Temps écoulé: 2 minute(s), 27 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{f1b2b165-fbf2-4eb3-98ff-9cf5506062b5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f1b2b165-fbf2-4eb3-98ff-9cf5506062b5} (Trojan.Vundo) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Windows\System32\ljJBrRjK.dll (Trojan.Agent) -> Quarantined and deleted successfully.
Bonjour
ton rapport de hijackthis nous montre encore des infections
Télécharge Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
=> déconnecte toi d'internet et ferme toutes tes applications.
=> désactive tes protections (antivirus, parefeu,antispyware)
=> Double-clic sur combofix,
=> Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
=> Attends que combofix ait terminé, un rapport sera créé.
=> réactive ton parefeu, ton antivirus, la garde de ton antispyware
=> copie/colle le rapport C:\ComboFix.txt
ensuite refais un hijack mais avec la version que je t'ai donné car la tienne n'est plus d'actualité
@+
ton rapport de hijackthis nous montre encore des infections
Télécharge Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
=> déconnecte toi d'internet et ferme toutes tes applications.
=> désactive tes protections (antivirus, parefeu,antispyware)
=> Double-clic sur combofix,
=> Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
=> Attends que combofix ait terminé, un rapport sera créé.
=> réactive ton parefeu, ton antivirus, la garde de ton antispyware
=> copie/colle le rapport C:\ComboFix.txt
ensuite refais un hijack mais avec la version que je t'ai donné car la tienne n'est plus d'actualité
@+
voila le log de combofix
ComboFix 08-05-11.1 - Rasta Nina 2008-05-12 16:40:07.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6000.0.1252.1.1036.18.491 [GMT 2:00]
Endroit: C:\Users\Rasta Nina\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-12 to 2008-05-12 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier cr‚‚ dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 01:29 --------- d-----w C:\Users\Rasta Nina\AppData\Roaming\Malwarebytes
2008-05-12 01:29 --------- d-----w C:\ProgramData\Malwarebytes
2008-05-12 01:29 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-11 14:26 --------- d-----w C:\Users\Rasta Nina\AppData\Roaming\Azureus
2008-05-05 18:46 27,048 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-05-05 18:46 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-04-26 10:07 --------- d-----w C:\Program Files\e-University
2008-04-22 01:43 --------- d-----w C:\Program Files\BatchDPG
2008-04-22 01:42 --------- d-----w C:\Program Files\AviSynth 2.5
2008-04-19 18:16 --------- d-----w C:\Program Files\Azureus
2008-04-15 02:20 --------- d-----w C:\Program Files\PowerISO
2008-04-15 02:15 639,224 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-04-11 05:22 --------- d-----w C:\Program Files\Java
2008-04-11 05:20 --------- d-----w C:\Program Files\Common Files\Java
2008-04-10 01:29 2,560 ----a-w C:\Windows\_MSRSTRT.EXE
2008-04-10 00:19 --------- d-----w C:\Program Files\Stardock
2008-04-10 00:19 --------- d-----w C:\Program Files\Common Files\Stardock
2008-04-09 14:30 --------- d-----w C:\ProgramData\Stardock
2008-04-09 13:16 --------- d-----w C:\ProgramData\NVIDIA
2008-04-09 13:10 --------- d-----w C:\Program Files\Windows Mail
2008-04-06 14:56 --------- d-----w C:\Program Files\Webteh
2008-04-05 14:35 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-03 09:07 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-02 22:29 --------- d-----w C:\Program Files\SuperCopier2
2008-04-02 21:58 --------- d-----w C:\Users\Rasta Nina\AppData\Roaming\Nero
2008-04-02 21:56 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-02 21:53 --------- d-----w C:\ProgramData\Nero
2008-04-02 21:53 --------- d-----w C:\Program Files\Nero
2008-03-31 18:39 --------- d-----w C:\ProgramData\FLEXnet
2008-03-28 12:49 --------- d-----w C:\Users\Rasta Nina\AppData\Roaming\Apple Computer
2008-03-28 12:49 --------- d-----w C:\Program Files\iTunes
2008-03-28 12:48 --------- d-----w C:\ProgramData\Apple Computer
2008-03-28 12:48 --------- d-----w C:\Program Files\iPod
2008-03-28 12:47 --------- d-----w C:\Program Files\QuickTime
2008-03-28 12:47 --------- d-----w C:\Program Files\Bonjour
2008-03-28 12:45 --------- d-----w C:\Program Files\Apple Software Update
2008-03-28 12:43 --------- d-----w C:\ProgramData\Apple
2008-03-28 12:43 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-28 03:31 --------- d---a-w C:\ProgramData\TEMP
2008-03-28 03:03 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-28 02:43 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-27 22:35 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-27 22:35 --------- d-----w C:\Program Files\Windows Live
2008-03-27 22:29 --------- d-----w C:\ProgramData\WLInstaller
2008-03-27 21:28 --------- d-----w C:\Users\Rasta Nina\AppData\Roaming\DivX
2008-03-27 20:45 --------- d-----w C:\Program Files\DivX
2008-03-27 20:45 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-03-27 20:25 --------- d-----w C:\Users\Rasta Nina\AppData\Roaming\Media Player Classic
2008-03-27 20:24 --------- d-----w C:\Program Files\Satsuki Decoder Pack
2008-03-27 20:09 --------- d-----w C:\ProgramData\eMule
2008-03-27 20:07 --------- d-----w C:\Program Files\eMule
2008-03-27 20:03 --------- d-----w C:\ProgramData\Azureus
2008-03-27 19:30 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-03-27 19:30 315,392 ----a-w C:\Windows\HideWin.exe
2008-03-27 19:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-27 19:30 --------- d-----w C:\Program Files\Realtek
2008-03-27 19:30 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-27 19:03 --------- d-----w C:\Users\Rasta Nina\AppData\Roaming\Bitdefender
2008-03-27 19:02 174 --sha-w C:\Program Files\desktop.ini
2008-03-27 18:58 --------- d-----w C:\ProgramData\BitDefender
2008-03-27 18:55 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-27 18:55 --------- d-----w C:\Program Files\Windows Defender
2008-03-27 18:55 --------- d-----w C:\Program Files\Windows Calendar
2008-03-27 18:50 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-03-27 18:50 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-03-27 18:50 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-03-27 18:50 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-03-27 18:50 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-03-27 18:49 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-03-27 18:49 2,923,520 ----a-w C:\Windows\explorer.exe
2008-03-27 18:47 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-27 18:45 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-03-27 18:45 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-03-27 18:45 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-03-27 18:45 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-03-27 18:45 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-03-27 18:45 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-03-27 18:45 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-03-27 18:45 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-03-27 18:43 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-03-27 18:43 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-03-27 18:41 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-03-27 18:41 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-03-27 18:41 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-03-27 18:40 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-03-27 18:40 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-03-27 18:40 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-03-27 18:40 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-03-27 18:40 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-03-27 18:40 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-03-27 18:38 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2008-03-27 18:38 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-03-27 18:38 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-03-27 18:38 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2008-03-27 18:38 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-03-27 18:38 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-03-27 18:37 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-03-27 18:37 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-03-27 18:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-27 18:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73D3A10F-C33F-440A-AD80-0C1D4ABBB3FD}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D81F3C46-A940-45B2-8FB0-D8073B25F768}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-27 20:33 1232896]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-03-27 20:44 1006264]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-03-27 21:01 360448]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 06:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 06:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 06:28 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-11-14 16:50 4706304 C:\Windows\RtHDVCpl.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 01:50 233472]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{94C9B268-2281-44DF-9900-C5B2656BF73D}"= UDP:C:\Windows\Temp\cablecom_installer.exe:cablecom installer
"{116B31B0-3E25-4349-96C8-F69C31B4E5A5}"= TCP:C:\Windows\Temp\cablecom_installer.exe:cablecom installer
"TCP Query User{12C6CEB1-CEFC-4753-B54D-1F8A16394E6F}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{0F4B889B-3672-485D-9381-58914F74F3F9}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{A3092FB9-86BA-4874-B999-02583F202A8D}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{9436609F-E33B-4DA6-8A3B-E493DBB1E250}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{1974A85F-A9CC-4268-8B8D-4B8D4BE55905}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C636C4D1-2BCF-4144-A16F-7478F5CE5BE3}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{2EA6FA80-EB0B-46EC-82CA-34317605C6A9}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{022FA1AC-BB08-43CA-B42F-214B6E8CD056}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{A3F10066-2093-4F35-8B59-6B6F4D2CC104}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{E9DA3927-3F5B-433E-A78E-D9ABD1F46E91}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{7F5989B5-54A6-44EC-81C8-2EAA585DB340}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{B69F5C07-DCE0-4666-ADF6-60F2FDBA27EA}C:\\users\\rasta nina\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\rasta nina\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{FB3B085F-741E-40D1-AD56-BFD04D47C328}C:\\users\\rasta nina\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\rasta nina\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"TCP Query User{7BA3B603-84CC-406F-A666-E4162C66AD67}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{EBF64569-7DCC-4E0C-BCD4-78A0D0D3FDF5}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"TCP Query User{7A72CB10-A0F9-4A57-A1C2-AD381C76F520}C:\\gamigo games\\smash online\\smashonline.exe"= UDP:C:\gamigo games\smash online\smashonline.exe:SmashOnline
"UDP Query User{AA5260E4-603B-4748-AF69-6951CABCCD64}C:\\gamigo games\\smash online\\smashonline.exe"= TCP:C:\gamigo games\smash online\smashonline.exe:SmashOnline
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 11:43]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\AutoRun\command - J:\Start.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 16:47:15
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-12 16:51:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-12 14:51:02
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
207 --- E O F --- 2008-04-09 12:26:56
ComboFix 08-05-11.1 - Rasta Nina 2008-05-12 16:40:07.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6000.0.1252.1.1036.18.491 [GMT 2:00]
Endroit: C:\Users\Rasta Nina\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-12 to 2008-05-12 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier cr‚‚ dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 01:29 --------- d-----w C:\Users\Rasta Nina\AppData\Roaming\Malwarebytes
2008-05-12 01:29 --------- d-----w C:\ProgramData\Malwarebytes
2008-05-12 01:29 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-11 14:26 --------- d-----w C:\Users\Rasta Nina\AppData\Roaming\Azureus
2008-05-05 18:46 27,048 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-05-05 18:46 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-04-26 10:07 --------- d-----w C:\Program Files\e-University
2008-04-22 01:43 --------- d-----w C:\Program Files\BatchDPG
2008-04-22 01:42 --------- d-----w C:\Program Files\AviSynth 2.5
2008-04-19 18:16 --------- d-----w C:\Program Files\Azureus
2008-04-15 02:20 --------- d-----w C:\Program Files\PowerISO
2008-04-15 02:15 639,224 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-04-11 05:22 --------- d-----w C:\Program Files\Java
2008-04-11 05:20 --------- d-----w C:\Program Files\Common Files\Java
2008-04-10 01:29 2,560 ----a-w C:\Windows\_MSRSTRT.EXE
2008-04-10 00:19 --------- d-----w C:\Program Files\Stardock
2008-04-10 00:19 --------- d-----w C:\Program Files\Common Files\Stardock
2008-04-09 14:30 --------- d-----w C:\ProgramData\Stardock
2008-04-09 13:16 --------- d-----w C:\ProgramData\NVIDIA
2008-04-09 13:10 --------- d-----w C:\Program Files\Windows Mail
2008-04-06 14:56 --------- d-----w C:\Program Files\Webteh
2008-04-05 14:35 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-03 09:07 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-02 22:29 --------- d-----w C:\Program Files\SuperCopier2
2008-04-02 21:58 --------- d-----w C:\Users\Rasta Nina\AppData\Roaming\Nero
2008-04-02 21:56 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-02 21:53 --------- d-----w C:\ProgramData\Nero
2008-04-02 21:53 --------- d-----w C:\Program Files\Nero
2008-03-31 18:39 --------- d-----w C:\ProgramData\FLEXnet
2008-03-28 12:49 --------- d-----w C:\Users\Rasta Nina\AppData\Roaming\Apple Computer
2008-03-28 12:49 --------- d-----w C:\Program Files\iTunes
2008-03-28 12:48 --------- d-----w C:\ProgramData\Apple Computer
2008-03-28 12:48 --------- d-----w C:\Program Files\iPod
2008-03-28 12:47 --------- d-----w C:\Program Files\QuickTime
2008-03-28 12:47 --------- d-----w C:\Program Files\Bonjour
2008-03-28 12:45 --------- d-----w C:\Program Files\Apple Software Update
2008-03-28 12:43 --------- d-----w C:\ProgramData\Apple
2008-03-28 12:43 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-28 03:31 --------- d---a-w C:\ProgramData\TEMP
2008-03-28 03:03 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-28 02:43 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-27 22:35 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-27 22:35 --------- d-----w C:\Program Files\Windows Live
2008-03-27 22:29 --------- d-----w C:\ProgramData\WLInstaller
2008-03-27 21:28 --------- d-----w C:\Users\Rasta Nina\AppData\Roaming\DivX
2008-03-27 20:45 --------- d-----w C:\Program Files\DivX
2008-03-27 20:45 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-03-27 20:25 --------- d-----w C:\Users\Rasta Nina\AppData\Roaming\Media Player Classic
2008-03-27 20:24 --------- d-----w C:\Program Files\Satsuki Decoder Pack
2008-03-27 20:09 --------- d-----w C:\ProgramData\eMule
2008-03-27 20:07 --------- d-----w C:\Program Files\eMule
2008-03-27 20:03 --------- d-----w C:\ProgramData\Azureus
2008-03-27 19:30 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-03-27 19:30 315,392 ----a-w C:\Windows\HideWin.exe
2008-03-27 19:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-27 19:30 --------- d-----w C:\Program Files\Realtek
2008-03-27 19:30 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-27 19:03 --------- d-----w C:\Users\Rasta Nina\AppData\Roaming\Bitdefender
2008-03-27 19:02 174 --sha-w C:\Program Files\desktop.ini
2008-03-27 18:58 --------- d-----w C:\ProgramData\BitDefender
2008-03-27 18:55 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-27 18:55 --------- d-----w C:\Program Files\Windows Defender
2008-03-27 18:55 --------- d-----w C:\Program Files\Windows Calendar
2008-03-27 18:50 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-03-27 18:50 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-03-27 18:50 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-03-27 18:50 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-03-27 18:50 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-03-27 18:49 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-03-27 18:49 2,923,520 ----a-w C:\Windows\explorer.exe
2008-03-27 18:47 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-27 18:45 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-03-27 18:45 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-03-27 18:45 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-03-27 18:45 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-03-27 18:45 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-03-27 18:45 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-03-27 18:45 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-03-27 18:45 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-03-27 18:43 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-03-27 18:43 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-03-27 18:41 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-03-27 18:41 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-03-27 18:41 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-03-27 18:40 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-03-27 18:40 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-03-27 18:40 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-03-27 18:40 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-03-27 18:40 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-03-27 18:40 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-03-27 18:38 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2008-03-27 18:38 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-03-27 18:38 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-03-27 18:38 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys
2008-03-27 18:38 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-03-27 18:38 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-03-27 18:37 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-03-27 18:37 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-03-27 18:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-27 18:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73D3A10F-C33F-440A-AD80-0C1D4ABBB3FD}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D81F3C46-A940-45B2-8FB0-D8073B25F768}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-27 20:33 1232896]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-03-27 20:44 1006264]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-03-27 21:01 360448]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 06:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 06:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 06:28 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-11-14 16:50 4706304 C:\Windows\RtHDVCpl.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 01:50 233472]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{94C9B268-2281-44DF-9900-C5B2656BF73D}"= UDP:C:\Windows\Temp\cablecom_installer.exe:cablecom installer
"{116B31B0-3E25-4349-96C8-F69C31B4E5A5}"= TCP:C:\Windows\Temp\cablecom_installer.exe:cablecom installer
"TCP Query User{12C6CEB1-CEFC-4753-B54D-1F8A16394E6F}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{0F4B889B-3672-485D-9381-58914F74F3F9}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{A3092FB9-86BA-4874-B999-02583F202A8D}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{9436609F-E33B-4DA6-8A3B-E493DBB1E250}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{1974A85F-A9CC-4268-8B8D-4B8D4BE55905}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C636C4D1-2BCF-4144-A16F-7478F5CE5BE3}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{2EA6FA80-EB0B-46EC-82CA-34317605C6A9}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{022FA1AC-BB08-43CA-B42F-214B6E8CD056}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{A3F10066-2093-4F35-8B59-6B6F4D2CC104}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{E9DA3927-3F5B-433E-A78E-D9ABD1F46E91}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{7F5989B5-54A6-44EC-81C8-2EAA585DB340}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{B69F5C07-DCE0-4666-ADF6-60F2FDBA27EA}C:\\users\\rasta nina\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\rasta nina\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{FB3B085F-741E-40D1-AD56-BFD04D47C328}C:\\users\\rasta nina\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\rasta nina\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"TCP Query User{7BA3B603-84CC-406F-A666-E4162C66AD67}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{EBF64569-7DCC-4E0C-BCD4-78A0D0D3FDF5}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"TCP Query User{7A72CB10-A0F9-4A57-A1C2-AD381C76F520}C:\\gamigo games\\smash online\\smashonline.exe"= UDP:C:\gamigo games\smash online\smashonline.exe:SmashOnline
"UDP Query User{AA5260E4-603B-4748-AF69-6951CABCCD64}C:\\gamigo games\\smash online\\smashonline.exe"= TCP:C:\gamigo games\smash online\smashonline.exe:SmashOnline
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 11:43]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\AutoRun\command - J:\Start.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 16:47:15
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-12 16:51:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-12 14:51:02
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
207 --- E O F --- 2008-04-09 12:26:56
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
hello. alors la je comprends plus rien. Hijackthis arrive pas a me faire un log parsk il me dis ca: Impossible de trouver le fichier C:\Program Files\Trend Micro\HijackThis\hijackthis.log.
bon voila le log avec l autre version de hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 01:52:15, on 13.05.2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Explorer.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Rasta Nina\Desktop\Programmes\PokerStars\PokerStars.exe
C:\Users\Rasta Nina\Desktop\Programmes\ccm.exe.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://upcmail.hispeed.ch/appsuite/signin
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {73D3A10F-C33F-440A-AD80-0C1D4ABBB3FD} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D81F3C46-A940-45B2-8FB0-D8073B25F768} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 01:52:15, on 13.05.2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Explorer.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Rasta Nina\Desktop\Programmes\PokerStars\PokerStars.exe
C:\Users\Rasta Nina\Desktop\Programmes\ccm.exe.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://upcmail.hispeed.ch/appsuite/signin
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {73D3A10F-C33F-440A-AD80-0C1D4ABBB3FD} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D81F3C46-A940-45B2-8FB0-D8073B25F768} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Bonsoir
supprime toute trace de hiajack sur ton pc
ensuite tu le re-télécharge ici ==>ftp://ftp.commentcamarche.com/download/HJTInstall.exe
laisse le s'installer dans C:\programm files il le fera tout seul
et poste le rapport
supprime toute trace de hiajack sur ton pc
ensuite tu le re-télécharge ici ==>ftp://ftp.commentcamarche.com/download/HJTInstall.exe
laisse le s'installer dans C:\programm files il le fera tout seul
et poste le rapport
Logfile of HijackThis v1.99.1
Scan saved at 16:44:10, on 11.05.2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Rasta Nina\Desktop\ccm.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://upcmail.hispeed.ch/appsuite/signin
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {73D3A10F-C33F-440A-AD80-0C1D4ABBB3FD} - C:\Users\RASTAN~1\AppData\Local\Temp\xxyxWQKb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D81F3C46-A940-45B2-8FB0-D8073B25F768} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ljJBrRjK.dll,#1
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)