Probleme trojan
dmt
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour
j'ai un petit soucie avec les trojan si desous qui chaqu'un leurs tour viennent me faire c.... des que je lance une appication
Trojan-clicker.win32.tiny.h
Trojan-downloader.win32.agent.bq
Trojan-spy.win32.keylogger.aa
Trojan-spy.win32.GreenScreen
Trojan-spy.HTML.Bankfraud.dq
que dois-je faire?
merci d'avance
config
windows visa
intel core 2 duo cpu t7100 @ 1.80GHz
2.0GB RAM
NVIDIA GeForce 8600M GT
j'ai un petit soucie avec les trojan si desous qui chaqu'un leurs tour viennent me faire c.... des que je lance une appication
Trojan-clicker.win32.tiny.h
Trojan-downloader.win32.agent.bq
Trojan-spy.win32.keylogger.aa
Trojan-spy.win32.GreenScreen
Trojan-spy.HTML.Bankfraud.dq
que dois-je faire?
merci d'avance
config
windows visa
intel core 2 duo cpu t7100 @ 1.80GHz
2.0GB RAM
NVIDIA GeForce 8600M GT
A voir également:
- Probleme trojan
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Anti trojan - Télécharger - Antivirus & Antimalwares
- Virus trojan al11 ✓ - Forum Virus
- Csrss.exe trojan fr ✓ - Forum Virus
- Trojan win32 - Forum Virus
26 réponses
salut
tu télécharge Malwarebytes et tu lance une analyse complete, tu supprime tout ce qu'il trouve.
tu télécharge Malwarebytes et tu lance une analyse complete, tu supprime tout ce qu'il trouve.
slt
scn avec malwarebyte , vires ce qui est trouvé et colles le rapport:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
_______________________
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/(...)
manuel :
http://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackth(...)
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
scn avec malwarebyte , vires ce qui est trouvé et colles le rapport:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
_______________________
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/(...)
manuel :
http://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackth(...)
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
voila mon rapport de cette nuit avec malwarebyte
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1042
Windows 6.0.6000
03:17:40 12/08/2008
mbam-log-8-12-2008 (03-17-40).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 158070
Temps écoulé: 2 hour(s), 36 minute(s), 32 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Windows\System32\drivers\etc\.security (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\.security (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Windows\.security (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\.security (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.security (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1042
Windows 6.0.6000
03:17:40 12/08/2008
mbam-log-8-12-2008 (03-17-40).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 158070
Temps écoulé: 2 hour(s), 36 minute(s), 32 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Windows\System32\drivers\etc\.security (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\.security (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Windows\.security (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\.security (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.security (Trojan.FakeAlert) -> Quarantined and deleted successfully.
et voila mon rapport hajackthis
Logfile of HijackThis v1.99.1
Scan saved at 10:32:21, on 12/08/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\ytkfczuf\kdafcxij.exe
C:\ProgramData\GenShAdm\ujqtotyx.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\johan\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [actsh] C:\ProgramData\actsh\yjgbodsz.exe
O4 - HKCU\..\Run: [geDwLePbA1] C:\ProgramData\ytkfczuf\kdafcxij.exe
O4 - HKCU\..\Run: [GenShAdm] C:\ProgramData\GenShAdm\ujqtotyx.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: .security
O4 - Global Startup: .security
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - C:\Windows\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - LANDesk Software Ltd. - C:\Windows\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - LANDesk Software Ltd. - C:\Windows\system32\cba\xfr.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\Windows\system32\cba\pds.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Logfile of HijackThis v1.99.1
Scan saved at 10:32:21, on 12/08/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\ytkfczuf\kdafcxij.exe
C:\ProgramData\GenShAdm\ujqtotyx.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\johan\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [actsh] C:\ProgramData\actsh\yjgbodsz.exe
O4 - HKCU\..\Run: [geDwLePbA1] C:\ProgramData\ytkfczuf\kdafcxij.exe
O4 - HKCU\..\Run: [GenShAdm] C:\ProgramData\GenShAdm\ujqtotyx.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: .security
O4 - Global Startup: .security
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - C:\Windows\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - LANDesk Software Ltd. - C:\Windows\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - LANDesk Software Ltd. - C:\Windows\system32\cba\xfr.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\Windows\system32\cba\pds.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
helas oui je viens de finir a l'instant mon second scan avec mawarebytes et juste apres la supression mon probleme a donné signe de vie
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1043
Windows 6.0.6000
10:43:26 12/08/2008
mbam-log-8-12-2008 (10-43-26).txt
Type de recherche: Examen rapide
Eléments examinés: 38551
Temps écoulé: 4 minute(s), 59 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Windows\System32\drivers\etc\.security (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\.security (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Windows\.security (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\.security (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.security (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1043
Windows 6.0.6000
10:43:26 12/08/2008
mbam-log-8-12-2008 (10-43-26).txt
Type de recherche: Examen rapide
Eléments examinés: 38551
Temps écoulé: 4 minute(s), 59 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Windows\System32\drivers\etc\.security (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\.security (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Windows\.security (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\.security (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.security (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Comment se fait-il que sa resiste autant j'ai scanner avec CCleaner , norton , thecleaner , malwarebytes , spyware doctor , spybot .... et mon probleme et toujours là...
c deux logiciel existe t'il vraiment?
http://www.antispyware-review.info/?wmid=4663&pwebmid=uWfLn0pimL&a=
http://www.antispyware-review.info/?wmid=4663&pwebmid=uWfLn0pimL&a=
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\ProgramData\ytkfczuf\kdafcxij.exe
C:\ProgramData\GenShAdm\ujqtotyx.exe
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
______________________________
désactive ton compte utilisateur
http://www.vic38.fr/...
puis
Télécharge Combofix de sUBs : aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\ProgramData\ytkfczuf\kdafcxij.exe
C:\ProgramData\GenShAdm\ujqtotyx.exe
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
______________________________
désactive ton compte utilisateur
http://www.vic38.fr/...
puis
Télécharge Combofix de sUBs : aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
combofix plante enfin je pense car il fait 4 supression et apres il dit qu'il manque un fichier systeme 0x8
Clique sur ce lien
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
pour télécharger le fichier d'installation d'HijackThis.
Enregistre HJTInstall.exe sur ton bureau.
Double-clique sur HJTInstall.exe pour lancer le programme
Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis
Accepte la license en cliquant sur le bouton "I Accept"
Ferme Hijackthis en cliquant sur la croix-rouge.
Télécharge DSS (Deckard's System Scanner de Deckard) sur ton Bureau à partir de ce lien :
http://www.techsupportforum.com/sectools/Deckard/dss.exe
Choisis "Enregistrer" et "Bureau" comme emplacement.
Ferme toutes les applications en cours (très important, sinon l'ordi peut planter).
Double-clique sur DSS.exe pour lancer l'outil.
S'il ne trouve pas HijackThis, clique sur Oui.
Clique sur OK à chaque fois que cela sera demandé.
L'analyse finie, un fichier texte s'affichera. Poste son contenu dans ta réponse.
Le rapport se trouve ici : C:\Deckard\System Scanner\main.txt.
Poste aussi le apport complémentaire : C:\Deckard\System Scanner\extra.txt
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
pour télécharger le fichier d'installation d'HijackThis.
Enregistre HJTInstall.exe sur ton bureau.
Double-clique sur HJTInstall.exe pour lancer le programme
Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis
Accepte la license en cliquant sur le bouton "I Accept"
Ferme Hijackthis en cliquant sur la croix-rouge.
Télécharge DSS (Deckard's System Scanner de Deckard) sur ton Bureau à partir de ce lien :
http://www.techsupportforum.com/sectools/Deckard/dss.exe
Choisis "Enregistrer" et "Bureau" comme emplacement.
Ferme toutes les applications en cours (très important, sinon l'ordi peut planter).
Double-clique sur DSS.exe pour lancer l'outil.
S'il ne trouve pas HijackThis, clique sur Oui.
Clique sur OK à chaque fois que cela sera demandé.
L'analyse finie, un fichier texte s'affichera. Poste son contenu dans ta réponse.
Le rapport se trouve ici : C:\Deckard\System Scanner\main.txt.
Poste aussi le apport complémentaire : C:\Deckard\System Scanner\extra.txt
Télécharge ComboScan sur ton Bureau en bas de cette pae en clickant sur download file
-> http://www.geekstogo.com/forum/files/
Ferme toutes les applications en cours : antivirus, pare-feu, etc ..
Double-clic sur comboscan.exe, dans la fenêtre qui s'affiche, clic sur OK.
Soit patient...
Le rapport Comboscan.txt s'affichera, copie et colle le contenu de ce fichier ici.
Le rapport peut-être long et en deux morceaux vérifie qu'il soit en entier.
-> http://www.geekstogo.com/forum/files/
Ferme toutes les applications en cours : antivirus, pare-feu, etc ..
Double-clic sur comboscan.exe, dans la fenêtre qui s'affiche, clic sur OK.
Soit patient...
Le rapport Comboscan.txt s'affichera, copie et colle le contenu de ce fichier ici.
Le rapport peut-être long et en deux morceaux vérifie qu'il soit en entier.
question mon pc rame a mort
j'arrive pas a eteindre norton et dss ne fini jamais donc si je reformate part dessus tu pense que se sera bon ou pas?
j'arrive pas a eteindre norton et dss ne fini jamais donc si je reformate part dessus tu pense que se sera bon ou pas?
si tu formate ce sera bon :
http://www.depannetonpc.net/...
sinon pour tenter de virer les infections:
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
http://www.depannetonpc.net/...
sinon pour tenter de virer les infections:
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
deja voila les rapport de dss et combo fix
combo fix
ComboFix 08-08-11.01 - johan 2008-08-12 14:17:38.3 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1631 [GMT 2:00]
Endroit: C:\Users\johan\Desktop\Combo-Fix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Windows\system32\MSINET.oca
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-12 to 2008-08-12 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 09:35 --------- d---a-w C:\ProgramData\TEMP
2008-08-12 09:19 --------- d-----w C:\ProgramData\ytkfczuf
2008-08-12 09:19 --------- d-----w C:\ProgramData\GenShAdm
2008-08-12 09:10 --------- d-----w C:\Program Files\Spyware Doctor
2008-08-12 08:31 --------- d-----w C:\Program Files\The Cleaner Free
2008-08-12 01:12 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-11 22:19 --------- d-----w C:\Users\johan\AppData\Roaming\Malwarebytes
2008-08-11 22:19 --------- d-----w C:\ProgramData\Malwarebytes
2008-08-11 22:19 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-11 22:14 --------- d-----w C:\Program Files\CCleaner
2008-08-11 19:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-11 19:01 --------- d-----w C:\Users\johan\AppData\Roaming\PC Tools
2008-08-11 19:01 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-08-11 19:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-11 12:54 --------- d-----w C:\ProgramData\UiMon
2008-08-11 10:27 --------- d-----w C:\ProgramData\Lavasoft
2008-08-10 20:48 --------- d-----w C:\ProgramData\actsh
2008-08-10 20:47 --------- d-----w C:\ProgramData\WebApl
2008-08-09 14:57 --------- d-----w C:\Users\johan\AppData\Roaming\Apple Computer
2008-08-09 12:55 --------- d-----w C:\Program Files\Apple Software Update
2008-08-09 12:54 --------- d-----w C:\Program Files\iTunes
2008-08-09 12:54 --------- d-----w C:\Program Files\iPod
2008-08-09 12:53 --------- d-----w C:\ProgramData\Apple Computer
2008-08-09 12:52 --------- d-----w C:\Program Files\QuickTime
2008-08-09 12:12 --------- d-----w C:\Program Files\Safari
2008-08-03 17:13 27,335 ----a-w C:\Users\johan\AppData\Roaming\nvModes.dat
2008-07-30 18:15 38,472 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-07-30 18:15 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-07-27 18:56 --------- d-----w C:\Program Files\ProtectDisc Driver Installer
2008-07-27 18:51 --------- d-----w C:\Program Files\ANACONDA
2008-07-27 10:10 --------- d-----w C:\Program Files\SC
2008-07-14 19:37 --------- d-----w C:\Users\johan\AppData\Roaming\Ubisoft
2008-07-14 19:35 --------- d-----w C:\ProgramData\Ubisoft
2008-07-14 19:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-14 19:16 --------- d-----w C:\Program Files\Ubisoft
2008-06-18 10:40 --------- d-----w C:\Users\johan\AppData\Roaming\thriXXX
2008-06-18 10:37 --------- d-----w C:\Program Files\thriXXX
2008-05-14 16:57 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-05-14 16:57 22,328 ----a-w C:\Users\johan\AppData\Roaming\PnkBstrK.sys
2008-05-14 16:57 2,337,865 ----a-w C:\Windows\System32\pbsvc.exe
2008-05-14 16:57 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-05-13 01:53 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-05-13 01:53 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-05-13 01:51 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-05-13 01:51 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-05-13 01:49 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-05-13 01:49 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2007-10-02 19:58 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-15 00:26 171448]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 13:51 202024]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 20:05 1232896]
"actsh"="C:\ProgramData\actsh\yjgbodsz.exe" [2008-08-10 22:48 86016]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 08:03 17920]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-04-18 05:31 159744]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-09-27 23:43 77824]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 17:10 184320]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 21:40 16384]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-28 00:01 1862144]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35 221184]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 11:22 221184]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 15:21 94208]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 17:12 107112]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-11-28 06:34 134808]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 17:24 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 17:21 54832]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 22:24 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 22:24 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 22:24 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-10-04 22:24 86016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"SigmatelSysTrayApp"="sttray.exe" [2007-03-06 22:37 303104 C:\Windows\sttray.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 18:55:50 703280]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-09-27 23:48:06 50688]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-09-27 23:47:10 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2007-12-15 12:02 482760 C:\Program Files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-01-23 11:19 223232 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F45D1B3A-2698-4545-BF00-4955A4405735}"= Profile=Private|C:\Program Files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
"{7E4941E8-298F-463B-82E4-FDAC25027504}"= Profile=Private|C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{C7BA7DB2-6060-49AA-B32F-EAC4F236CD55}"= Profile=Private|C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{123230DC-3E99-4F75-BCB7-3A1C5CC56F59}"= Profile=Private|C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{530D1B43-41FF-4BE9-873C-2074B8567EC1}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{E9686544-F135-4F05-B896-4B8EF5F37AEE}"= UDP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{B604F513-FC12-4A2E-8B98-16B8945F41AB}"= TCP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{1BDA3CE0-4B26-44B1-8E8E-3AB373A684D1}"= UDP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{F3316756-2EA4-478D-B456-740666865636}"= TCP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"TCP Query User{0C1317E2-38B1-407F-B416-AB5AD33A918D}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{171135D3-4409-47D3-A8C1-01E160FE4D5E}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{49BFA80F-F353-4268-8EE7-D46F2454B306}C:\\program files\\lucasarts\\swkotor2\\swupdate.exe"= UDP:C:\program files\lucasarts\swkotor2\swupdate.exe:Star Wars: Knights of the Old Republic II: The Sith Lords Update Program
"UDP Query User{330D788B-8BE4-4253-AACD-4FC31535BFF9}C:\\program files\\lucasarts\\swkotor2\\swupdate.exe"= TCP:C:\program files\lucasarts\swkotor2\swupdate.exe:Star Wars: Knights of the Old Republic II: The Sith Lords Update Program
"TCP Query User{89D5B6E5-3CEA-4D69-B432-1850FA171D45}C:\\users\\johan\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\s2yqjhp9\\kwartz-auth[1].exe"= UDP:C:\users\johan\appdata\local\microsoft\windows\temporary internet files\content.ie5\s2yqjhp9\kwartz-auth[1].exe:kwartz-auth[1].exe
"UDP Query User{479C8F1E-7C56-4785-9927-CC406F2662AA}C:\\users\\johan\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\s2yqjhp9\\kwartz-auth[1].exe"= TCP:C:\users\johan\appdata\local\microsoft\windows\temporary internet files\content.ie5\s2yqjhp9\kwartz-auth[1].exe:kwartz-auth[1].exe
"TCP Query User{2BA742FA-888C-44E4-A1A0-C48F8B1754BD}C:\\program files\\partage\\t-ide211\\identd.exe"= UDP:C:\program files\partage\t-ide211\identd.exe:identd
"UDP Query User{BF1324B5-0276-4A33-9A0D-C2976D23AA08}C:\\program files\\partage\\t-ide211\\identd.exe"= TCP:C:\program files\partage\t-ide211\identd.exe:identd
"{315F2FD5-717A-455B-BEFB-E331845E1A17}"= Profile=Private|C:\Program Files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"TCP Query User{5375BBB6-F961-42EA-B2EC-E56A533CE5D0}C:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= UDP:C:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
"UDP Query User{8BEA1391-04D9-4FA9-8D82-321B1C2D841F}C:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= TCP:C:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
"TCP Query User{1A902E2C-BD7E-43B5-B278-680FA057DADE}C:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= UDP:C:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
"UDP Query User{87A6FCA1-BB40-4DCF-9477-02FDB2F143CE}C:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= TCP:C:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
"TCP Query User{D849D06A-054A-4335-A331-45F9BC042527}C:\\program files\\fox\\aliens vs. predator 2\\lithtech.exe"= UDP:C:\program files\fox\aliens vs. predator 2\lithtech.exe:Client
"UDP Query User{FBF180C7-28CF-4307-88DD-0391D6301C65}C:\\program files\\fox\\aliens vs. predator 2\\lithtech.exe"= TCP:C:\program files\fox\aliens vs. predator 2\lithtech.exe:Client
"TCP Query User{3FEC099F-0A95-4D89-95C9-34F8432F4185}C:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= UDP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3
"UDP Query User{E748337A-1728-40EA-8FE4-295D58BF04DD}C:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= TCP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3
"{3D4A10CD-1633-4711-876E-2F8A992A014C}"= Disabled:C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{901D199D-24B9-4FAB-855F-126D87E95E51}"= Disabled:C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{349F3692-1C20-4ADC-9574-9BB35AC1D1CF}"= Disabled:C:\Program Files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
"{FCE19A10-905D-40E3-A618-721A00213E21}"= Disabled:C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{263AED49-CD1F-4E94-BF4D-034BE4E2A980}"= Disabled:C:\Program Files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{8DA81EB1-7928-457A-B067-F1E3B007BDF0}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas
"{923EF86A-2CDA-4AA8-833C-8DC0DACCBDD2}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas
"{96C5B2E0-B29B-4DB0-89B8-263C8E5868B3}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater
"{863EE51A-63C6-4A57-8605-01A74C362109}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater
"TCP Query User{01AAAFFC-C2A1-4536-A191-7B46F5A0555E}C:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= UDP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3
"UDP Query User{6E29B76E-A6E5-4B91-9D07-3AFBE700614B}C:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= TCP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3
"TCP Query User{4CC86F19-D7EB-4AA9-8554-D05344D7065F}C:\\program files\\valve lan\\hl.exe"= UDP:C:\program files\valve lan\hl.exe:Half-Life Launcher
"UDP Query User{F3D94D10-1919-4CA4-99D7-4143E8CF0540}C:\\program files\\valve lan\\hl.exe"= TCP:C:\program files\valve lan\hl.exe:Half-Life Launcher
"TCP Query User{4F956659-E8F8-48F4-8BD5-A4418681E5DA}C:\\program files\\valve lan\\hl.exe"= UDP:C:\program files\valve lan\hl.exe:Half-Life Launcher
"UDP Query User{CCFAB589-3CB5-47A8-8445-5014C66A8A01}C:\\program files\\valve lan\\hl.exe"= TCP:C:\program files\valve lan\hl.exe:Half-Life Launcher
"TCP Query User{F11C44CF-D928-4AFC-8334-C9C790240E54}C:\\world of padman\\wop.exe"= UDP:C:\world of padman\wop.exe:wop
"UDP Query User{DBFB64D6-D760-473F-B3AF-58EDB38039A7}C:\\world of padman\\wop.exe"= TCP:C:\world of padman\wop.exe:wop
"TCP Query User{057CD0D6-EA7A-4CC5-9714-984B5C38913E}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{CD46F03F-13BB-4BD6-92DC-97A91E084C6C}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{4BBB0E7B-8B14-42BB-8C8C-7F1BF49AA54D}C:\\world of padman\\wop.exe"= UDP:C:\world of padman\wop.exe:wop
"UDP Query User{5ADFFE01-4BB9-4826-B975-878E4BD4C5F7}C:\\world of padman\\wop.exe"= TCP:C:\world of padman\wop.exe:wop
"TCP Query User{6328D44D-C655-47F7-BD23-9C9C83F1BFF1}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{48C3C862-E5F5-4599-A9A8-11DCCF0686DA}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{A2375774-44D8-4302-A7FD-C714C83BD730}"= UDP:4662:emule
"{89695ED4-9A6D-41F9-B622-0982B1D3A2E2}"= TCP:4672:emule
"TCP Query User{E93319CB-D77D-4ECC-A73B-7695300F2DD9}C:\\program files\\gsc game world\\cossacks ii\\data\\engine.exe"= UDP:C:\program files\gsc game world\cossacks ii\data\engine.exe:Cossacks 2: Napoleonic Wars
"UDP Query User{DDC81ADF-B976-47F8-B896-5E40D57B6564}C:\\program files\\gsc game world\\cossacks ii\\data\\engine.exe"= TCP:C:\program files\gsc game world\cossacks ii\data\engine.exe:Cossacks 2: Napoleonic Wars
"{DBDDDE4E-DB69-43B1-B1BF-99F95C4BB99D}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{88494DD0-FC4E-4C98-B785-38E5A1876F07}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{22D08876-2B71-4EAF-B79D-ABB114103F63}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{32C4BF88-5387-4FA4-8F50-FE427D8ECC73}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{4CF9E8C7-03B6-45D0-879F-875A0C57B93B}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{E43C06E2-6060-4985-99AB-1F922A097AB6}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{8884D66F-D6E1-44CA-8B26-39E5303E1E6D}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{38BDB99E-9B73-47F3-977B-38B851DF8D97}C:\\program files\\ubisoft\\tom clancy's rainbow six vegas 2\\binaries\\r6vegas2_game.exe"= UDP:C:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe:R6Vegas2_Game.exe
"UDP Query User{04646CC3-85DA-4B52-A815-3AF73A49AFE2}C:\\program files\\ubisoft\\tom clancy's rainbow six vegas 2\\binaries\\r6vegas2_game.exe"= TCP:C:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe:R6Vegas2_Game.exe
"{0AE57736-489B-4B51-869B-685489A92883}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{47AB88ED-4408-457E-8A7A-6CD51F09DA9F}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{D3E96DF0-7A5C-4025-B556-D4B21EF47169}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{E95347FD-0547-4BC9-83CE-70403EFC1BF6}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{E5E67094-F4E4-461F-915E-6C7052931036}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{25DB1B33-49A0-40F9-9C8B-3B465A6DE4E8}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{17335ABD-E6A6-48ED-B5E9-426454008CEB}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{BBD3845B-3925-4105-A251-6C851466955D}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\Windows\system32\drivers\sfsync03.sys [2006-07-11 09:30]
R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2007-02-08 20:05]
S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0/u00.fcl [2006-11-02 17:51]
S2 acedrv11;acedrv11;C:\Windows\system32\drivers\acedrv11.sys [2008-01-23 10:19]
S2 ELOADER;General Purpose USB Driver (adildr.sys);C:\Windows\system32\Drivers\adildr.sys [2007-02-07 16:50]
S2 TICalc;TICalc;C:\Windows\system32\drivers\TICalc.sys [2001-01-29 16:41]
S3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 03:37]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 01:13]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 01:13]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3a0ba99-d667-11dc-bde8-001c26f233d8}]
\shell\AutoRun\command - CarryItEasy.exe /AUTORUN
\shell\configure\command - CarryItEasy.exe
\shell\install\command - CarryItEasy.exe
*Newly Created Service* - ECACHE
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
2008-08-12 C:\Windows\Tasks\User_Feed_Synchronization-{8A6A0563-2C6F-4726-8013-8B4E6370C987}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-geDwLePbA1 - C:\ProgramData\ytkfczuf\kdafcxij.exe
HKCU-Run-GenShAdm - C:\ProgramData\GenShAdm\ujqtotyx.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://fr.yahoo.com/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
O8 -: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 -: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 -: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 14:24:15
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-08-12 14:24:50
ComboFix-quarantined-files.txt 2008-08-12 12:24:43
Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 27,316,813,824 octets libres
254 --- E O F --- 2008-08-12 01:43:34
et dss
Deckard's System Scanner v20071014.68
Run by johan on 2008-08-12 14:10:59
Computer is in Safe Mode.
--------------------------------------------------------------------------------
-- Last 5 Restore Point(s) --
13: 2008-08-12 09:36:51 UTC - RP408 - ComboFix created restore point
12: 2008-08-12 01:01:05 UTC - RP407 - Windows Update
11: 2008-08-11 18:58:46 UTC - RP406 - Removed Ad-Aware
10: 2008-08-11 10:21:24 UTC - RP405 - Installed Ad-Aware
9: 2008-08-11 09:32:30 UTC - RP404 - Windows Update
-- First Restore Point --
1: 2008-07-31 17:33:40 UTC - RP396 - Point de contrôle planifié
Backed up registry hives.
Performed disk cleanup.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-12 14:14:01
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Safe mode
Running processes:
C:\Windows\explorer.exe
C:\Users\johan\Desktop\dss.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [actsh] C:\ProgramData\actsh\yjgbodsz.exe
O4 - HKCU\..\Run: [geDwLePbA1] C:\ProgramData\ytkfczuf\kdafcxij.exe
O4 - HKCU\..\Run: [GenShAdm] C:\ProgramData\GenShAdm\ujqtotyx.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - C:\Windows\System32\AMS_II\HNDLRSVC.EXE
O23 - Service: Intel Alert Originator - LANDesk Software Ltd. - C:\Windows\System32\AMS_II\IAO.EXE
O23 - Service: Intel File Transfer - LANDesk Software Ltd. - C:\Windows\System32\CBA\XFR.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\Windows\System32\CBA\PDS.EXE
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\System32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\System32\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe
combo fix
ComboFix 08-08-11.01 - johan 2008-08-12 14:17:38.3 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1631 [GMT 2:00]
Endroit: C:\Users\johan\Desktop\Combo-Fix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Windows\system32\MSINET.oca
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-12 to 2008-08-12 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 09:35 --------- d---a-w C:\ProgramData\TEMP
2008-08-12 09:19 --------- d-----w C:\ProgramData\ytkfczuf
2008-08-12 09:19 --------- d-----w C:\ProgramData\GenShAdm
2008-08-12 09:10 --------- d-----w C:\Program Files\Spyware Doctor
2008-08-12 08:31 --------- d-----w C:\Program Files\The Cleaner Free
2008-08-12 01:12 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-11 22:19 --------- d-----w C:\Users\johan\AppData\Roaming\Malwarebytes
2008-08-11 22:19 --------- d-----w C:\ProgramData\Malwarebytes
2008-08-11 22:19 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-11 22:14 --------- d-----w C:\Program Files\CCleaner
2008-08-11 19:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-11 19:01 --------- d-----w C:\Users\johan\AppData\Roaming\PC Tools
2008-08-11 19:01 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-08-11 19:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-11 12:54 --------- d-----w C:\ProgramData\UiMon
2008-08-11 10:27 --------- d-----w C:\ProgramData\Lavasoft
2008-08-10 20:48 --------- d-----w C:\ProgramData\actsh
2008-08-10 20:47 --------- d-----w C:\ProgramData\WebApl
2008-08-09 14:57 --------- d-----w C:\Users\johan\AppData\Roaming\Apple Computer
2008-08-09 12:55 --------- d-----w C:\Program Files\Apple Software Update
2008-08-09 12:54 --------- d-----w C:\Program Files\iTunes
2008-08-09 12:54 --------- d-----w C:\Program Files\iPod
2008-08-09 12:53 --------- d-----w C:\ProgramData\Apple Computer
2008-08-09 12:52 --------- d-----w C:\Program Files\QuickTime
2008-08-09 12:12 --------- d-----w C:\Program Files\Safari
2008-08-03 17:13 27,335 ----a-w C:\Users\johan\AppData\Roaming\nvModes.dat
2008-07-30 18:15 38,472 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-07-30 18:15 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-07-27 18:56 --------- d-----w C:\Program Files\ProtectDisc Driver Installer
2008-07-27 18:51 --------- d-----w C:\Program Files\ANACONDA
2008-07-27 10:10 --------- d-----w C:\Program Files\SC
2008-07-14 19:37 --------- d-----w C:\Users\johan\AppData\Roaming\Ubisoft
2008-07-14 19:35 --------- d-----w C:\ProgramData\Ubisoft
2008-07-14 19:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-14 19:16 --------- d-----w C:\Program Files\Ubisoft
2008-06-18 10:40 --------- d-----w C:\Users\johan\AppData\Roaming\thriXXX
2008-06-18 10:37 --------- d-----w C:\Program Files\thriXXX
2008-05-14 16:57 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-05-14 16:57 22,328 ----a-w C:\Users\johan\AppData\Roaming\PnkBstrK.sys
2008-05-14 16:57 2,337,865 ----a-w C:\Windows\System32\pbsvc.exe
2008-05-14 16:57 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-05-13 01:53 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-05-13 01:53 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-05-13 01:51 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-05-13 01:51 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-05-13 01:49 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-05-13 01:49 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2007-10-02 19:58 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-15 00:26 171448]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 13:51 202024]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 20:05 1232896]
"actsh"="C:\ProgramData\actsh\yjgbodsz.exe" [2008-08-10 22:48 86016]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 08:03 17920]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-04-18 05:31 159744]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-09-27 23:43 77824]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 17:10 184320]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 21:40 16384]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-28 00:01 1862144]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35 221184]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 11:22 221184]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 15:21 94208]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 17:12 107112]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-11-28 06:34 134808]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 17:24 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 17:21 54832]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 22:24 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 22:24 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 22:24 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-10-04 22:24 86016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"SigmatelSysTrayApp"="sttray.exe" [2007-03-06 22:37 303104 C:\Windows\sttray.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 18:55:50 703280]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-09-27 23:48:06 50688]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-09-27 23:47:10 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2007-12-15 12:02 482760 C:\Program Files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-01-23 11:19 223232 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F45D1B3A-2698-4545-BF00-4955A4405735}"= Profile=Private|C:\Program Files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
"{7E4941E8-298F-463B-82E4-FDAC25027504}"= Profile=Private|C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{C7BA7DB2-6060-49AA-B32F-EAC4F236CD55}"= Profile=Private|C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{123230DC-3E99-4F75-BCB7-3A1C5CC56F59}"= Profile=Private|C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{530D1B43-41FF-4BE9-873C-2074B8567EC1}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{E9686544-F135-4F05-B896-4B8EF5F37AEE}"= UDP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{B604F513-FC12-4A2E-8B98-16B8945F41AB}"= TCP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{1BDA3CE0-4B26-44B1-8E8E-3AB373A684D1}"= UDP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{F3316756-2EA4-478D-B456-740666865636}"= TCP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"TCP Query User{0C1317E2-38B1-407F-B416-AB5AD33A918D}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{171135D3-4409-47D3-A8C1-01E160FE4D5E}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{49BFA80F-F353-4268-8EE7-D46F2454B306}C:\\program files\\lucasarts\\swkotor2\\swupdate.exe"= UDP:C:\program files\lucasarts\swkotor2\swupdate.exe:Star Wars: Knights of the Old Republic II: The Sith Lords Update Program
"UDP Query User{330D788B-8BE4-4253-AACD-4FC31535BFF9}C:\\program files\\lucasarts\\swkotor2\\swupdate.exe"= TCP:C:\program files\lucasarts\swkotor2\swupdate.exe:Star Wars: Knights of the Old Republic II: The Sith Lords Update Program
"TCP Query User{89D5B6E5-3CEA-4D69-B432-1850FA171D45}C:\\users\\johan\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\s2yqjhp9\\kwartz-auth[1].exe"= UDP:C:\users\johan\appdata\local\microsoft\windows\temporary internet files\content.ie5\s2yqjhp9\kwartz-auth[1].exe:kwartz-auth[1].exe
"UDP Query User{479C8F1E-7C56-4785-9927-CC406F2662AA}C:\\users\\johan\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\s2yqjhp9\\kwartz-auth[1].exe"= TCP:C:\users\johan\appdata\local\microsoft\windows\temporary internet files\content.ie5\s2yqjhp9\kwartz-auth[1].exe:kwartz-auth[1].exe
"TCP Query User{2BA742FA-888C-44E4-A1A0-C48F8B1754BD}C:\\program files\\partage\\t-ide211\\identd.exe"= UDP:C:\program files\partage\t-ide211\identd.exe:identd
"UDP Query User{BF1324B5-0276-4A33-9A0D-C2976D23AA08}C:\\program files\\partage\\t-ide211\\identd.exe"= TCP:C:\program files\partage\t-ide211\identd.exe:identd
"{315F2FD5-717A-455B-BEFB-E331845E1A17}"= Profile=Private|C:\Program Files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"TCP Query User{5375BBB6-F961-42EA-B2EC-E56A533CE5D0}C:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= UDP:C:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
"UDP Query User{8BEA1391-04D9-4FA9-8D82-321B1C2D841F}C:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= TCP:C:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
"TCP Query User{1A902E2C-BD7E-43B5-B278-680FA057DADE}C:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= UDP:C:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
"UDP Query User{87A6FCA1-BB40-4DCF-9477-02FDB2F143CE}C:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= TCP:C:\program files\ea games\battlefield 1942\bf1942.exe:BF1942
"TCP Query User{D849D06A-054A-4335-A331-45F9BC042527}C:\\program files\\fox\\aliens vs. predator 2\\lithtech.exe"= UDP:C:\program files\fox\aliens vs. predator 2\lithtech.exe:Client
"UDP Query User{FBF180C7-28CF-4307-88DD-0391D6301C65}C:\\program files\\fox\\aliens vs. predator 2\\lithtech.exe"= TCP:C:\program files\fox\aliens vs. predator 2\lithtech.exe:Client
"TCP Query User{3FEC099F-0A95-4D89-95C9-34F8432F4185}C:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= UDP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3
"UDP Query User{E748337A-1728-40EA-8FE4-295D58BF04DD}C:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= TCP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3
"{3D4A10CD-1633-4711-876E-2F8A992A014C}"= Disabled:C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{901D199D-24B9-4FAB-855F-126D87E95E51}"= Disabled:C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{349F3692-1C20-4ADC-9574-9BB35AC1D1CF}"= Disabled:C:\Program Files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
"{FCE19A10-905D-40E3-A618-721A00213E21}"= Disabled:C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{263AED49-CD1F-4E94-BF4D-034BE4E2A980}"= Disabled:C:\Program Files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{8DA81EB1-7928-457A-B067-F1E3B007BDF0}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas
"{923EF86A-2CDA-4AA8-833C-8DC0DACCBDD2}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas
"{96C5B2E0-B29B-4DB0-89B8-263C8E5868B3}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater
"{863EE51A-63C6-4A57-8605-01A74C362109}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater
"TCP Query User{01AAAFFC-C2A1-4536-A191-7B46F5A0555E}C:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= UDP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3
"UDP Query User{6E29B76E-A6E5-4B91-9D07-3AFBE700614B}C:\\program files\\unreal tournament 3\\binaries\\ut3.exe"= TCP:C:\program files\unreal tournament 3\binaries\ut3.exe:UT3
"TCP Query User{4CC86F19-D7EB-4AA9-8554-D05344D7065F}C:\\program files\\valve lan\\hl.exe"= UDP:C:\program files\valve lan\hl.exe:Half-Life Launcher
"UDP Query User{F3D94D10-1919-4CA4-99D7-4143E8CF0540}C:\\program files\\valve lan\\hl.exe"= TCP:C:\program files\valve lan\hl.exe:Half-Life Launcher
"TCP Query User{4F956659-E8F8-48F4-8BD5-A4418681E5DA}C:\\program files\\valve lan\\hl.exe"= UDP:C:\program files\valve lan\hl.exe:Half-Life Launcher
"UDP Query User{CCFAB589-3CB5-47A8-8445-5014C66A8A01}C:\\program files\\valve lan\\hl.exe"= TCP:C:\program files\valve lan\hl.exe:Half-Life Launcher
"TCP Query User{F11C44CF-D928-4AFC-8334-C9C790240E54}C:\\world of padman\\wop.exe"= UDP:C:\world of padman\wop.exe:wop
"UDP Query User{DBFB64D6-D760-473F-B3AF-58EDB38039A7}C:\\world of padman\\wop.exe"= TCP:C:\world of padman\wop.exe:wop
"TCP Query User{057CD0D6-EA7A-4CC5-9714-984B5C38913E}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{CD46F03F-13BB-4BD6-92DC-97A91E084C6C}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{4BBB0E7B-8B14-42BB-8C8C-7F1BF49AA54D}C:\\world of padman\\wop.exe"= UDP:C:\world of padman\wop.exe:wop
"UDP Query User{5ADFFE01-4BB9-4826-B975-878E4BD4C5F7}C:\\world of padman\\wop.exe"= TCP:C:\world of padman\wop.exe:wop
"TCP Query User{6328D44D-C655-47F7-BD23-9C9C83F1BFF1}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{48C3C862-E5F5-4599-A9A8-11DCCF0686DA}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{A2375774-44D8-4302-A7FD-C714C83BD730}"= UDP:4662:emule
"{89695ED4-9A6D-41F9-B622-0982B1D3A2E2}"= TCP:4672:emule
"TCP Query User{E93319CB-D77D-4ECC-A73B-7695300F2DD9}C:\\program files\\gsc game world\\cossacks ii\\data\\engine.exe"= UDP:C:\program files\gsc game world\cossacks ii\data\engine.exe:Cossacks 2: Napoleonic Wars
"UDP Query User{DDC81ADF-B976-47F8-B896-5E40D57B6564}C:\\program files\\gsc game world\\cossacks ii\\data\\engine.exe"= TCP:C:\program files\gsc game world\cossacks ii\data\engine.exe:Cossacks 2: Napoleonic Wars
"{DBDDDE4E-DB69-43B1-B1BF-99F95C4BB99D}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{88494DD0-FC4E-4C98-B785-38E5A1876F07}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{22D08876-2B71-4EAF-B79D-ABB114103F63}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{32C4BF88-5387-4FA4-8F50-FE427D8ECC73}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{4CF9E8C7-03B6-45D0-879F-875A0C57B93B}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{E43C06E2-6060-4985-99AB-1F922A097AB6}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{8884D66F-D6E1-44CA-8B26-39E5303E1E6D}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{38BDB99E-9B73-47F3-977B-38B851DF8D97}C:\\program files\\ubisoft\\tom clancy's rainbow six vegas 2\\binaries\\r6vegas2_game.exe"= UDP:C:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe:R6Vegas2_Game.exe
"UDP Query User{04646CC3-85DA-4B52-A815-3AF73A49AFE2}C:\\program files\\ubisoft\\tom clancy's rainbow six vegas 2\\binaries\\r6vegas2_game.exe"= TCP:C:\program files\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe:R6Vegas2_Game.exe
"{0AE57736-489B-4B51-869B-685489A92883}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{47AB88ED-4408-457E-8A7A-6CD51F09DA9F}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{D3E96DF0-7A5C-4025-B556-D4B21EF47169}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{E95347FD-0547-4BC9-83CE-70403EFC1BF6}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{E5E67094-F4E4-461F-915E-6C7052931036}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{25DB1B33-49A0-40F9-9C8B-3B465A6DE4E8}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{17335ABD-E6A6-48ED-B5E9-426454008CEB}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{BBD3845B-3925-4105-A251-6C851466955D}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\Windows\system32\drivers\sfsync03.sys [2006-07-11 09:30]
R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2007-02-08 20:05]
S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0/u00.fcl [2006-11-02 17:51]
S2 acedrv11;acedrv11;C:\Windows\system32\drivers\acedrv11.sys [2008-01-23 10:19]
S2 ELOADER;General Purpose USB Driver (adildr.sys);C:\Windows\system32\Drivers\adildr.sys [2007-02-07 16:50]
S2 TICalc;TICalc;C:\Windows\system32\drivers\TICalc.sys [2001-01-29 16:41]
S3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 03:37]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 01:13]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 01:13]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3a0ba99-d667-11dc-bde8-001c26f233d8}]
\shell\AutoRun\command - CarryItEasy.exe /AUTORUN
\shell\configure\command - CarryItEasy.exe
\shell\install\command - CarryItEasy.exe
*Newly Created Service* - ECACHE
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
2008-08-12 C:\Windows\Tasks\User_Feed_Synchronization-{8A6A0563-2C6F-4726-8013-8B4E6370C987}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-geDwLePbA1 - C:\ProgramData\ytkfczuf\kdafcxij.exe
HKCU-Run-GenShAdm - C:\ProgramData\GenShAdm\ujqtotyx.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://fr.yahoo.com/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
O8 -: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 -: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 -: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 14:24:15
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-08-12 14:24:50
ComboFix-quarantined-files.txt 2008-08-12 12:24:43
Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 27,316,813,824 octets libres
254 --- E O F --- 2008-08-12 01:43:34
et dss
Deckard's System Scanner v20071014.68
Run by johan on 2008-08-12 14:10:59
Computer is in Safe Mode.
--------------------------------------------------------------------------------
-- Last 5 Restore Point(s) --
13: 2008-08-12 09:36:51 UTC - RP408 - ComboFix created restore point
12: 2008-08-12 01:01:05 UTC - RP407 - Windows Update
11: 2008-08-11 18:58:46 UTC - RP406 - Removed Ad-Aware
10: 2008-08-11 10:21:24 UTC - RP405 - Installed Ad-Aware
9: 2008-08-11 09:32:30 UTC - RP404 - Windows Update
-- First Restore Point --
1: 2008-07-31 17:33:40 UTC - RP396 - Point de contrôle planifié
Backed up registry hives.
Performed disk cleanup.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-12 14:14:01
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Safe mode
Running processes:
C:\Windows\explorer.exe
C:\Users\johan\Desktop\dss.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [actsh] C:\ProgramData\actsh\yjgbodsz.exe
O4 - HKCU\..\Run: [geDwLePbA1] C:\ProgramData\ytkfczuf\kdafcxij.exe
O4 - HKCU\..\Run: [GenShAdm] C:\ProgramData\GenShAdm\ujqtotyx.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - C:\Windows\System32\AMS_II\HNDLRSVC.EXE
O23 - Service: Intel Alert Originator - LANDesk Software Ltd. - C:\Windows\System32\AMS_II\IAO.EXE
O23 - Service: Intel File Transfer - LANDesk Software Ltd. - C:\Windows\System32\CBA\XFR.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\Windows\System32\CBA\PDS.EXE
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\System32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\System32\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe
toujours les memes trojan ....
Logfile of HijackThis v1.99.1
Scan saved at 16:42:52, on 12/08/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\actsh\yjgbodsz.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\johan\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [actsh] C:\ProgramData\actsh\yjgbodsz.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - C:\Windows\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - LANDesk Software Ltd. - C:\Windows\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - LANDesk Software Ltd. - C:\Windows\system32\cba\xfr.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\Windows\system32\cba\pds.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Logfile of HijackThis v1.99.1
Scan saved at 16:42:52, on 12/08/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\actsh\yjgbodsz.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\johan\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [actsh] C:\ProgramData\actsh\yjgbodsz.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - C:\Windows\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - LANDesk Software Ltd. - C:\Windows\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - LANDesk Software Ltd. - C:\Windows\system32\cba\xfr.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\Windows\system32\cba\pds.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
BitDefender Online Scanner - Rapport virus en temps réel
Généré à: Tue, Aug 12, 2008 - 17:02:53
--------------------------------------------------------------------------------
Info d'analyse
Fichiers scannés
120501
Infectés Fichiers
0
Virus Détectés
Aucun virus trouvé.
--------------------------------------------------------------------------------
Ce sommaire du processus d'analyse sera utilisé par les laboratoires Antivirus BitDefender pour créer des statistiques agréguées sur l'activité des virus dans le monde.
Généré à: Tue, Aug 12, 2008 - 17:02:53
--------------------------------------------------------------------------------
Info d'analyse
Fichiers scannés
120501
Infectés Fichiers
0
Virus Détectés
Aucun virus trouvé.
--------------------------------------------------------------------------------
Ce sommaire du processus d'analyse sera utilisé par les laboratoires Antivirus BitDefender pour créer des statistiques agréguées sur l'activité des virus dans le monde.
