Connexion

Identifiant :

Mot de passe :

Se souvenir de moi



Mot de passe perdu ?

Inscrivez-vous !

Contenu du site

731 logiciels gratuits
242 Liens Web
4 Articles
349 Membres
10780 Posts sur le forum
Pour 1729 sujets

Site mis à jour le: 07.08.19

Hébergeur d'images pour le site



Parcourir cette discussion :   1 Utilisateurs non enregistré en ligne




12>


infection scan avec hijack free
#1
Semi pro
Semi pro


Informations utilisateur
Bonjour à tous
Je viens vers vous car j' ai effectué un scan avec hijack free sur mon pc qui a tendance,à ralentir un peu.
Je poste non pas tout le rapport mais seulement les parties où une infection a été détectée.
Je compte sur vous vous pour me dire comment je peux supprimer ceux ci. Ce que j' ai compris c' est que les lignes précédées d' un X peuvent être supprimées.
Je l' ai aussi placé en pièce jointe. c' est peut être plus facile à consulter.
J' ai fait une analyse en ligne avec hyjack et je n' ai pas trouvé la manière de générer un rapport. Alors j' ai fait comme j' ai pu mais là, toutes les parties infectées sont là.
Merci à tous comme d' hab.
Bretzel

X Java developer Script Browse jusched.exe Added by the VB-ESK TROJAN! Note that this is not the legitimate Oracle (was Sun Microsystems) file (of the same name) which is usually located in %Program Files%\Java\version number\bin. This one is located in %Windir%
X Java Update Manager jusched.exe Added by the FKFLDR-C MALWARE! Note that this is not the legitimate Oracle (was Sun Microsystems) file (of the same name) which is usually located in %Program Files%\Java\version number\bin. This one is located in %AppData%\HEX-5823-6893-6818
N Java(TM) Platform SE 6 jusched.exe Checks with Oracle's (was Sun Micrsosystems) Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now
N Java(TM) Platform SE 6 U* jusched.exe Checks with Oracle's (was Sun Micrsosystems) Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now
N Java(TM) Platform SE Auto Updater 2 0 jusched.exe Checks with Oracle's (was Sun Micrsosystems) Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now
N jusched jusched.exe Checks with Oracle's (was Sun Micrsosystems) Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now
X jusched jusched.exe Added by the BANKER-BOV TROJAN! Note that this is not the legitimate Oracle (was Sun Microsystems) file (of the same name) which is usually located in %Program Files%\Java\version number\bin. This one is located in %System%
N SunJavaUpdateSched jusched.exe Checks with Oracle's (was Sun Micrsosystems) Java updates site to see if newer Java versions are available. Either visit the Java download page or click on Start → Control Panel → Java → Update → Update Now
X SunJavaUpdateSched [path to trojan] Added by the BANKER-AU TROJAN!

X SunJavaUpdateSched scvhost.exe Added by the SDBOT-AVX WORM!

X SunJavaUpdateSched javamx.exe Added by the SDBOT-WI WORM!

X SunJavaUpdateSched javaupd.exe Added by the SISCOS.VA TROJAN!

X SunJavaUpdateSched jusched.exe Added by the AGENT.ETQ TROJAN! Note that this is not the legitimate Oracle (was Sun Microsystems) file (of the same name) which is usually located in %Program Files%\Java\version number\bin. This one is located in %ProgramFiles%\Common Files
X SunJavaUpdateSched rundll32.exe Added by the VBKRYPT.FNL TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in %Windir% (Me/98) or %System% (Windows 7/Vista/XP/2K/NT). This one is located in %AppData%
X winupdate jusched.exe Added by the DWNLDR-FUX TROJAN! Note that this is not the legitimate Oracle (was Sun Microsystems) file (of the same name) which is usually located in %Program Files%\Java\version number\bin. This one is located in %Windir%
X wmon jusched.exe Added by the AGOBOT-OW WORM! Note that this is not the legitimate Oracle (was Sun Microsystems) file (of the same name) which is usually located in %Program Files%\Java\version number\bin. This one is located in %System%


• "Y" - Normally leave to run at start-up
• "N" - Not required - typically infrequently used tasks that can be started manually if necessary
• "U" - User's choice - depends whether a user deems it necessary
• "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
• "?" - Unknown
Autorun information provided by http://www.sysinfo.org
Status Name Command Description
X gcasServ realsched.exe Added by a variant of the TACTSLAY.A TROJAN! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name
X MSService_v1.0 realsched.exe EHU adware. Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name which is normally located in %ProgramFiles%\Common Files\Real\Update_OB. This one is located in %System% or %Temp%
X Realplayer Codec Support realsched.exe Added by the AGOBOT-AAD WORM! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name
N Realsched realsched.exe Application Scheduler installed along with RealOne Player. Runs independently of RealOne Player, to remind AutoUpdate and Message Center to perform their tasks at pre-scheduled intervals. If it can't be disabled try deleting or renaming realsched.exe and then delete the entry in the registry
X realtpsk realsched.exe Chinese originated adware - detected by Panda as NewWeb. Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name and this file is located in %System%
N TkBell.Exe realsched.exe Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
N TkBellExe evntsvc.exe Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
N TkBellExe realsched.exe Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
N TkBellExe tkbell.exe Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
X WinHelp realsched.exe Added by the LOVGATE-F WORM! Note - this is not the legitimate RealPlayer (realsched.exe) application of the same name. This one is located in %System%
tatus Name Command Description
X Adobe_Reader acrotray.exe Added by the AGENT-LNS TROJAN! Note that the legitimate Adobe file (if installed) would normally be found in %ProgramFiles%\Adobe\%ProgramName% (where %ProgramName% is Acrobat 9.0\Acrobat or Acrobat 7.0\Distillr for example) whereas this one is located in %ProgramFiles%\Adobe
U Acrobat Assistant AcroTray.exe Installed with older versions of the Adobe Acrobat PDF creation/editing utility. Used when PDF files are created from non Adobe applications through the "Watched Folders" feature of Acrobat Distiller (which is the main engine for turning PostScript files into PDF files)
U Acrobat Assistant 7.0 Acrotray.exe Installed with older versions of the Adobe Acrobat PDF creation/editing utility. Used when PDF files are created from non Adobe applications through the "Watched Folders" feature of Acrobat Distiller (which is the main engine for turning PostScript files into PDF files)
U Acrobat Assistant 8.0 Acrotray.exe Installed with the Adobe Acrobat PDF creation/editing utility. Used when PDF files are created from non Adobe applications through the "Watched Folders" feature of Acrobat Distiller (which is the main engine for turning PostScript files into PDF files)
U Acrotray Acrotray.exe Installed with the Adobe Acrobat PDF creation/editing utility. Used when PDF files are created from non Adobe applications through the "Watched Folders" feature of Acrobat Distiller (which is the main engine for turning PostScript files into PDF files)
U AcroTray - Adobe Acrobat Distiller helper application. Acrotray.exe Installed with the Adobe Acrobat PDF creation/editing utility. Used when PDF files are created from non Adobe applications through the "Watched Folders" feature of Acrobat Distiller (which is the main engine for turning PostScript files into PDF files)
X Adobe Acrobat Distiller Application acrotray.exe Added by the RANDEX.DFJ WORM! Note that the legitimate Adobe file (if installed) would normally be found in %ProgramFiles%\Adobe%\%ProgramName% (where %ProgramName% is Acrobat 9.0\Acrobat or Acrobat 7.0\Distillr for example) whereas this one is located in %System%
Status Name Command Description
X Adobe_Reader acrotray.exe Added by the AGENT-LNS TROJAN! Note that the legitimate Adobe file (if installed) would normally be found in %ProgramFiles%\Adobe\%ProgramName% (where %ProgramName% is Acrobat 9.0\Acrobat or Acrobat 7.0\Distillr for example) whereas this one is located in %ProgramFiles%\Adobe
U Acrobat Assistant AcroTray.exe Installed with older versions of the Adobe Acrobat PDF creation/editing utility. Used when PDF files are created from non Adobe applications through the "Watched Folders" feature of Acrobat Distiller (which is the main engine for turning PostScript files into PDF files)
U Acrobat Assistant 7.0 Acrotray.exe Installed with older versions of the Adobe Acrobat PDF creation/editing utility. Used when PDF files are created from non Adobe applications through the "Watched Folders" feature of Acrobat Distiller (which is the main engine for turning PostScript files into PDF files)
U Acrobat Assistant 8.0 Acrotray.exe Installed with the Adobe Acrobat PDF creation/editing utility. Used when PDF files are created from non Adobe applications through the "Watched Folders" feature of Acrobat Distiller (which is the main engine for turning PostScript files into PDF files)
U Acrotray Acrotray.exe Installed with the Adobe Acrobat PDF creation/editing utility. Used when PDF files are created from non Adobe applications through the "Watched Folders" feature of Acrobat Distiller (which is the main engine for turning PostScript files into PDF files)
U AcroTray - Adobe Acrobat Distiller helper application. Acrotray.exe Installed with the Adobe Acrobat PDF creation/editing utility. Used when PDF files are created from non Adobe applications through the "Watched Folders" feature of Acrobat Distiller (which is the main engine for turning PostScript files into PDF files)
X Adobe Acrobat Distiller Application acrotray.exe Added by the RANDEX.DFJ WORM! Note that the legitimate Adobe file (if installed) would normally be found in %ProgramFiles%\Adobe%\%ProgramName% (where %ProgramName% is Acrobat 9.0\Acrobat or Acrobat 7.0\Distillr for example) whereas this one is located in %System%
Status Name Command Description
N QTTask QTTask.exe System Tray access to Apple's QuickTime Player media player from version 5 onwards. Disabling this entry via the programs preferences leaves the entry in place but it no longer runs
N Quick Time Task qttask.exe System Tray access to Apple's QuickTime Player media player from version 5 onwards. Disabling this entry via the programs preferences leaves the entry in place but it no longer runs
X QuickTime qttask.exe Added by the AGENT-ENG TROJAN! Note - this is not the legitimate Apple "Quick Time" viewer that has the same startup name and filename and is normally located in %ProgramFiles%\QuickTime. This one is located in %System%
N QuickTime QTTask.exe System Tray access to Apple's QuickTime Player media player from version 5 onwards. Disabling this entry via the programs preferences leaves the entry in place but it no longer runs
N QuickTime Task QTTask.exe System Tray access to Apple's QuickTime Player media player from version 5 onwards. Disabling this entry via the programs preferences leaves the entry in place but it no longer runs
X QuickTime Task qttasks.exe CoolWebSearch parasite variant

X Quicktime Task [random filename] Trafficadvance dialer

X QuickTime Task qttask.exe Trojan that is typically bundled with rogue security programs (such as Virus Trigger and AntivirusTrigger) and fake codecs. Note - this is not the legitimate Apple "Quick Time" viewer that has the same startup name and filename and is normally located in %ProgramFiles%\QuickTime. This one is located in %ProgramFiles%\WebMediaViewer

Status Name Command Description
N Google Update GoogleUpdate.exe Update manager for the range of tools available from Google - such as the Chrome web browser and Picasa photo manager. Located in %AppData%\Google\Update
X Google Update GoogleUpdate.exe Added by the BUZUS.DBFM TROJAN! Note - this is not the valid Google program which is normally located in %AppData%\Google\Update. This version resides in %System%
X GoogleUpdate googleupdate.exe Added by the FYNLOSKI-A BACKDOOR! Note - this is not the valid Google program which is normally located in %AppData%\Google\Update. This version resides in the main %AppData% directory
X Acroread GoogleUpdate.exe Added by the AGENT-JGI TROJAN! Note - this is not the valid Google program which is normally located in %AppData%\Google\Update. This version resides in %Temp%
Status Name Command Description
X ctfmon msnmsgr.exe Added by the BDOOR-JV BACKDOOR! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%
X Configuration Loader msnmsgr.exe Added by the SDBOT-SO WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%
X Microsoft Windows Update MSNMSGR.EXE Added by the SDBOT-WM WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%
N Messenger MsnMsgr.exe Windows Live Messenger (was MSN Messenger) utility - available via the Start menu. Disable by clicking on the "Show menu" icon and select Tools → Options → General → deselect "Automatically run Windows Live Messenger when I log on to Windows". This is the Windows Defender/Vista MSConfig entry for version 8.*
X Microsoft System Firewall 2006.2 msnmsgr.exe Added by a variant of the SDBOT WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%
X MSN msnmsgr.exe Added by the MYTOB or MYTOB.B WORMS! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%
X Msn Messager msnmsgr.exe Added by the DOWNLOADER.19456.C TROJAN! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%
X MSN Messenger msnmsgr.exe Added by the AGOBOT.AOQ WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%
N MSN Messenger MsnMsgr.exe MSN Messenger utility (now replaced by Windows Live Messenger) - available via the Start menu. Disable by clicking on Tools → Options → General → deselect "Automatically run Messenger when I log on to Windows"
X Msn Messengers MSNMSGR.EXE Added by the RBOT.KX WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%
X MSN Tray Monitor msnmsgr.exe Added by the SDBOT.FKX WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%\inetsrv
X MsnMessengerSvc msnmsgr.exe Added by a variant of the RBOT WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%
N msnmsgr msnmsgr.exe Windows Live Messenger or the older MSN Messenger utility - available via the Start menu. For Windows Live Messenger, disable by clicking on the "Show menu" icon and select Tools → Options → Sign In → deselect "Automatically run Windows Live Messenger when I log on to Windows". For MSN Messenger, disable by clicking on Tools → Options → General → deselect "Automatically run Messenger when I log on to Windows"
X MsnMsgr MsnMsgrs.exe Added by the NETSKY.AD WORM!

X MsnMsgr msnmsgr.exe Added by the ANNEW-FAM WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%
X picview msnmsgr.exe Added by the BANLOA-AF TROJAN! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %Windir%
X SN Messenger msnmsgr.exe Added by the RBOT-AVP WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%
X SysCom msnmsgr.exe Added by the BANK-AF TROJAN! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %Windir%\system
X Windows Live Messenger msnmsgr.exe Added by a variant of the RBOT WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%
N Windows Live Messenger msnmsgr.exe Windows Live Messenger (was MSN Messenger) utility - available via the Start menu. Disable by clicking on the "Show menu" icon and select Tools → Options → Sign In → deselect "Automatically run Windows Live Messenger when I log on to Windows". This is the Windows Defender/Vista MSConfig entry for version 14.*
X Windows Login msnmsgr.exe Added by the AGOBOT-UC WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%
X Windows Service Agent msnmsgr.exe Added by the RBOT.ABIK BACKDOOR! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility which is located in either %ProgramFiles%\MSN Messenger or %ProgramFiles%\Windows Live\Messenger. This one is located in %System%


• "Y" - Normally leave to run at start-up
• "N" - Not required - typically infrequently used tasks that can be started manually if necessary
• "U" - User's choice - depends whether a user deems it necessary
• "X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
• "?" - Unknown
Autorun information provided by http://www.sysinfo.org

Date de publication : 22/12/2011 19:25
Twitter Facebook Google Plus Linkedin Del.icio.us Digg Reddit Dénoncer Haut


Re: infection scan avec hijack free
#2
Semi pro
Semi pro


Informations utilisateur
Merci Robert pour ton MP. Je scanne régulièrement mon pc avec Super anti spyveare que j' ai téléchargé sur le site de TF. D' ailleurs avant de passer HiJack tis j' ai fait un scanne avec tous mes anti machins chouettes.
J' ai quand même voulu voir pas acquis de conscience avec Hijack. J' ai eu raison.
Maintenant je ne sais pas comment virer tous ces malwares.
a+ et bon courage à toi bob et encore merci de ton aide.
bretzel
j' ai retéléchargé le rapport hijack. je crois que hier ça ne s' est pas bien installé.

Date de publication : 23/12/2011 19:29
Twitter Facebook Google Plus Linkedin Del.icio.us Digg Reddit Dénoncer Haut


Re: infection scan avec hijack free
#3
Régulier
Régulier


Informations utilisateur
Bonjour ROMAIN,
avec Windows 7 on n'utilise pas hijackThis.
voir ici http://assiste.forum.free.fr/viewtopic.php?f=29&t=27734

Big

Date de publication : 24/12/2011 10:54
Twitter Facebook Google Plus Linkedin Del.icio.us Digg Reddit Dénoncer Haut


Re: infection scan avec hijack free
#4
Administrateur
Administrateur


Informations utilisateur
Bonjour Bretzel,

excuse mon retard, mais je vois que Robert t'as apporté quelques réponses
dommage que ce soit en MP, il aurait été préférable que tout le monde en
profite).

Sinon, pour ton petit souci, te serait il possible de procéder ainsi :

Analyse de ton PC (HiJackThis n'étant qu'une infime partie du processus de nettoyage)
-> Installe et démarre HiJackThis
-> Sélectionne l'option "Do a system scan and save a logfile"
-> Une fois le scan terminé, HiJackThis lance ton éditeur de texte préféré et affiche le log généré.
-> Copie l'intégralité du log (CTRL A + CTRL C) et colle-le sur ta réponse sur technifree (CTRL V)

Avec cette manipulation, je pourrais évaluer les risques potentiels et les entrées à supprimer.

HiJackThis n'est certes pas l'outil idéal pour Windows 7 mais il offre l'avantage de fournir suffisamment d'information sur une éventuelle "pollution" de sa machine.
On verra le nettoyage par la suite...

Date de publication : 24/12/2011 11:11
Image redimensionnée
Twitter Facebook Google Plus Linkedin Del.icio.us Digg Reddit Dénoncer Haut


Re: infection scan avec hijack free
#5
Semi pro
Semi pro


Informations utilisateur
Bonjour Vincent

Merci pour ton petit mot. Je vais immédiatement procéder suivant tes indications. Je te tiens au courant de la suite.
Je vais également regarder la contribution de Bigduffy que je remercie aussi.
Joyeux Noel à Vous
Bretzel

Date de publication : 24/12/2011 11:17
bretzel
Twitter Facebook Google Plus Linkedin Del.icio.us Digg Reddit Dénoncer Haut


Re: infection scan avec hijack free
#6
Semi pro
Semi pro


Informations utilisateur
Je viens de suivre le lien de Bigduffy. Il est dit que HiJack This n' est pas adapté à Wind 7 64 bits. C' est ce que j' ai.
Je vais quand même éssayer. En tout cas il faudra être prudent.
Bonne journée encore
bretzel

Date de publication : 24/12/2011 11:20
bretzel
Twitter Facebook Google Plus Linkedin Del.icio.us Digg Reddit Dénoncer Haut


Re: infection scan avec hijack free
#7
Administrateur
Administrateur


Informations utilisateur
HiJackThis me donnera une piste.
Ensuite, une fois fait, si tu peux me poster le rapport je pourrais voir quels sont les programmes concernés et s'il y a lieu d'aller plus loin (avec OTL ou ZHB).

Je te donnerais la procédure à suivre une fois l'analyse rapide effectuée (ne coche rien dans HiJackThis, ce n'est pas le but pour l'instant).

Merci

Date de publication : 24/12/2011 12:14
Image redimensionnée
Twitter Facebook Google Plus Linkedin Del.icio.us Digg Reddit Dénoncer Haut


Re: infection scan avec hijack free
#8
Semi pro
Semi pro


Informations utilisateur
Voilà le rapport Vincent. j' espère que ça ira.
BRETZEL



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:02:54, on 24/12/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Romain\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\Romain\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\JAN2OSD.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Users\Romain\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Romain\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Romain\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Romain\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Romain\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Romain\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/?ocid=OIE9HP
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYP ... c=94&bd=crossfire&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYP ... c=94&bd=crossfire&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: WinZipBar_FR Toolbar - {bb1227ac-7a0d-4076-8c1a-51a1348f6fa8} - C:\Program Files (x86)\WinZipBar_FR\prxtbWinZ.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Barre d'outils ALOT Helper - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files (x86)\alot\bin\BHO\alotBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: WinZipBar_FR - {bb1227ac-7a0d-4076-8c1a-51a1348f6fa8} - C:\Program Files (x86)\WinZipBar_FR\prxtbWinZ.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Barre d'outils ALOT - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files (x86)\alot\bin\alot.dll
O3 - Toolbar: WinZipBar_FR Toolbar - {bb1227ac-7a0d-4076-8c1a-51a1348f6fa8} - C:\Program Files (x86)\WinZipBar_FR\prxtbWinZ.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [Buttons & OSDs control application gen3] c:\Program Files (x86)\Hewlett-Packard\Buttons & OSDs control application gen3\FastUserSwitching.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [Module Loader] C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe -StartUpRun
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
O4 - HKLM\..\Run: [emsisoftantimalwaresetup] "C:\Users\Romain\AppData\Local\Temp\EmsisoftAntiMalwareSetup.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - HKCU\..\Run: [Google Update] "C:\Users\Romain\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Romain\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\Romain\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Users\Romain\AppData\Roaming\Orange\MessengerByOrange\addfavorites.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: envoyer le texte sélectionné par sms - C:\Users\Romain\AppData\Roaming\Orange\MessengerByOrange\sendsmsselectedtext.html
O8 - Extra context menu item: envoyer par sms - C:\Users\Romain\AppData\Roaming\Orange\MessengerByOrange\sendsms.html
O8 - Extra context menu item: envoyer un mail - C:\Users\Romain\AppData\Roaming\Orange\MessengerByOrange\sendmail.html
O8 - Extra context menu item: orange.fr - C:\Users\Romain\AppData\Roaming\Orange\MessengerByOrange\orange.html
O8 - Extra context menu item: rechercher le texte sélectionné - C:\Users\Romain\AppData\Roaming\Orange\MessengerByOrange\selectedsearch.html
O8 - Extra context menu item: traduire la page - C:\Users\Romain\AppData\Roaming\Orange\MessengerByOrange\translate.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\Users\Romain\AppData\Roaming\Orange\MessengerByOrange\translateSelectedText.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Envoyer à Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Envoyer au périphérique &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager ... x/dlm-activex-2.2.5.4.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softw ... e/su2/ocx/15111/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
O23 - Service: Akamai NetSession Interface (Akamai) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Easybits Shared Services for Windows (ezSharedSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Orange update Core Service - Unknown owner - C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

--
End of file - 37518 bytes
:yes:

Date de publication : 24/12/2011 13:08
Twitter Facebook Google Plus Linkedin Del.icio.us Digg Reddit Dénoncer Haut


Re: infection scan avec hijack free
#9
Semi pro
Semi pro


Informations utilisateur
Sur le site de Trend Micro sur lequel j' ai téléchargé Hijack This il y a la possibilité de scanner gratuitement l' ordinateur en ligne avec le logiciel gratuit "House Call". Sans installation; scan effectué en 8min45. Résultat.... 0 infection. Je trouve que ce logiciel très pratique pourrait figurer au tableau des logiciels de TF.

Date de publication : 24/12/2011 13:50
bretzel
Twitter Facebook Google Plus Linkedin Del.icio.us Digg Reddit Dénoncer Haut


Re: infection scan avec hijack free
#10
Administrateur
Administrateur


Informations utilisateur
Tu peux déjà virer ces items :

O3 - Toolbar: Barre d'outils ALOT - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files (x86)\alot\bin\alot.dll

O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\Romain\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe

O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Users\Romain\AppData\Roaming\Orange\MessengerByOrange\addfavorites.html

O8 - Extra context menu item: rechercher le texte sélectionné - C:\Users\Romain\AppData\Roaming\Orange\MessengerByOrange\selectedsearch.html

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager ... x/dlm-activex-2.2.5.4.cab

Ensuite, passes un petit coup de Ccleaner avant de continuer.

Une fois fait, tu peux effectuer une analyse avec OTL que tu trouveras ici.

Image redimensionnée

Tu le lances (c'est un exécutable, donc pas besoin de l'installer) et tu vérifies que les options suivantes sont cochées :
- Tous les utilisateurs
- Avec analyses 64bit
- Registre : Tous
- Registre approfondi : avec liste blanche

Copie et colle le contenu des lignes ci-dessous dans la partie "Personnalisation" :
netsvcs
%SYSTEMDRIVE%*.exe
/md5start
ctfmon
.exe
explorer
.exe
userinit
.exe
wininit
.exe
winlogon
.exe
eventlog
.dll
scecli
.dll
netlogon
.dll
cngaudit
.dll
sceclt
.dll
ntelogon
.dll
logevent
.dll
iaStor
.sys
nvstor
.sys
atapi
.sys
IdeChnDr
.sys
viasraid
.sys
AGP440
.sys
vaxscsi
.sys
nvatabus
.sys
viamraid
.sys
nvata
.sys
nvgts
.sys
iastorv
.sys
ViPrt
.sys
eNetHook
.dll
ahcix86
.sys
KR10N
.sys
nvstor32
.sys
ahcix86s
.sys
nvrd32
.sys
/md5stop
%systemroot%*. /mp /s
%systemroot%system32*.dll /lockedfiles
%systemroot%Tasks*.job /lockedfiles
createrestorepoint
SAVEMBR
:0

et cliques sur le bouton "Analyse".

Laisse l'analyse se faire (opération assez longue) et poste ici le rapport ainsi généré.

Date de publication : 24/12/2011 14:21
Image redimensionnée
Twitter Facebook Google Plus Linkedin Del.icio.us Digg Reddit Dénoncer Haut


Re: infection scan avec hijack free
#11
Semi pro
Semi pro


Informations utilisateur
Ok Vincent, je vais faire cela. Dis moi comment je fais pour virer les choses inutiles que tu as noté.
excuses moi mais je ne suis pas un as.
Merci.
Bretzel

Date de publication : 24/12/2011 17:01
Twitter Facebook Google Plus Linkedin Del.icio.us Digg Reddit Dénoncer Haut


Re: infection scan avec hijack free
#12
Régulier
Régulier


Informations utilisateur
C avec Hijack This que l'on supprime c lignes

Date de publication : 24/12/2011 18:23
Twitter Facebook Google Plus Linkedin Del.icio.us Digg Reddit Dénoncer Haut


Re: infection scan avec hijack free
#13
Semi pro
Semi pro


Informations utilisateur
bonjour.
j' espère que vous avez tous passe un bon reveillon.
j' ai oté les lignes précaunisées par Vincent.
j'ai fait un scan et je poste le rapport avec OTL dont voici la teneur.

[edit] : j'ai transformé le post en fichier txt pour une lisibilité plus aisée.

Joindre un fichier:


Lien visibles uniquement pour les utilisateurs enregistrés

Date de publication : 25/12/2011 11:55
bretzel
Twitter Facebook Google Plus Linkedin Del.icio.us Digg Reddit Dénoncer Haut


Re: infection scan avec hijack free
#14
Administrateur
Administrateur


Informations utilisateur
Ok,
pour commencer je te conseille de faire une analyse (et nettoyage) à partir de Malwarebyte's Anti-Malware que tu trouveras sur technifree.

MBAM se chargera de nettoyer (ou du moins d'éradiquer) les malwares présents sur ta machine. Procède ainsi :

- Télécharge l'application
- lance l'installation sur ton PC (c'est une version d'essai à 30 jours mais totalement fonctionnelle, après quoi MBAM ne surveillera plus ton système mais sera malgré cela efficace contre les malwares sur des scans manuels)
- Au démarrage, tu mets la base de donnée à jour en cochant l'option appropriée :
Image redimensionnée
- Malwarebytes antimalwares se mettra à jour comme convenu :
Image redimensionnée
- Démarre l'application et cliques sur la version d'essai :
Image redimensionnée
- Choisis un examen rapide de ton système et cliques sur le bouton "Rechercher"
Image redimensionnée
- Une fois l'analyse terminée, cliques sur le bouton "supprimer sélection" en bas à gauche pour éradiquer les éléments détectés.
- Quitte l'application, redémarre ton PC et refais à nouveau une analyse rapide et dis moi si tu as encore des éléments dans la liste.

Voilà pour la première partie, si celle-ci a fonctionné, on procédera ensuite au nettoyage du système.

Date de publication : 25/12/2011 20:42
Image redimensionnée
Twitter Facebook Google Plus Linkedin Del.icio.us Digg Reddit Dénoncer Haut


Re: infection scan avec hijack free
#15
Administrateur
Administrateur


Informations utilisateur
Petite précision, d'après les conseils de nickW du forum Assiste, il n'est pas conseillé de supprimer la sélection après l'analyse faite avec MBAM.
Je te conseille donc de générer un rapport d'analyse et de nous le communiquer, nous t'indiquerons les éléments à supprimer de ceux à garder.
(merci au passage à nickW pour ces précieux conseils en MP )

Date de publication : 28/12/2011 19:36
Image redimensionnée
Twitter Facebook Google Plus Linkedin Del.icio.us Digg Reddit Dénoncer Haut








[Recherche avancée]