MON PC DEVIENT LENT ET SE BLOQUE
Résolu/Fermé
A voir également:
- MON PC DEVIENT LENT ET SE BLOQUE
- Pc lent - Guide
- Mon pc est trop lent et se bloque - Guide
- Benchmark pc - Guide
- Mon pc s'allume mais ne démarre pas windows 10 - Guide
- Reinitialiser pc - Guide
14 réponses
admiralc
Messages postés
1815
Date d'inscription
jeudi 30 octobre 2008
Statut
Membre
Dernière intervention
12 juillet 2013
140
14 nov. 2009 à 02:36
14 nov. 2009 à 02:36
Salut,
personnellement je n'approuve pas les deux écritures mais la raison de l'un est aussi bonne que la raison de l'autre mais celà n'aide en rien la personne qui a fait la demande d'aide.Si ne pouvez l'aider ne pourissez pas son post et laissez ceux qui peuve le faire s'exprimer.
Je m'excuse auprès de la personne qui a besoin d'aide parce que je contribue moi même à dévier son post et je n'ai pas d'idée comment l'aider pour le moment.
a+
personnellement je n'approuve pas les deux écritures mais la raison de l'un est aussi bonne que la raison de l'autre mais celà n'aide en rien la personne qui a fait la demande d'aide.Si ne pouvez l'aider ne pourissez pas son post et laissez ceux qui peuve le faire s'exprimer.
Je m'excuse auprès de la personne qui a besoin d'aide parce que je contribue moi même à dévier son post et je n'ai pas d'idée comment l'aider pour le moment.
a+
salut TheTROLL,
voila le rapport que tu voulais le lire, j attend toujours ta reponse
merci d´avance
voila le rapport que tu voulais le lire, j attend toujours ta reponse
merci d´avance
TheTROLL
Messages postés
4163
Date d'inscription
samedi 9 février 2008
Statut
Contributeur
Dernière intervention
19 décembre 2012
659
14 nov. 2009 à 01:26
14 nov. 2009 à 01:26
merci de ne pas écrire en majuscule! car c'est incompréhensible!
TheTROLL
Messages postés
4163
Date d'inscription
samedi 9 février 2008
Statut
Contributeur
Dernière intervention
19 décembre 2012
659
>
tex
14 nov. 2009 à 01:31
14 nov. 2009 à 01:31
si je met en gras c'est que j'ai mes raison ! et méme en gras tu me comprend !
et au lieu de te mettre en anonyme inscrit toi!
et au lieu de te mettre en anonyme inscrit toi!
tex
>
TheTROLL
Messages postés
4163
Date d'inscription
samedi 9 février 2008
Statut
Contributeur
Dernière intervention
19 décembre 2012
14 nov. 2009 à 01:38
14 nov. 2009 à 01:38
s'est une menace ?
TheTROLL
Messages postés
4163
Date d'inscription
samedi 9 février 2008
Statut
Contributeur
Dernière intervention
19 décembre 2012
659
>
tex
14 nov. 2009 à 02:05
14 nov. 2009 à 02:05
ou as tu vu une menace ??
oO
oO
tex
>
TheTROLL
Messages postés
4163
Date d'inscription
samedi 9 février 2008
Statut
Contributeur
Dernière intervention
19 décembre 2012
14 nov. 2009 à 02:08
14 nov. 2009 à 02:08
méfiance >https://www.commentcamarche.net/communaute/profil-TheTROLL
une réinstallation de ton systéme pourrait certe arranger ton probléme mais attention si tu a des données sensibles déplace l'est sur un disque dur externe !
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
TheTROLL
Messages postés
4163
Date d'inscription
samedi 9 février 2008
Statut
Contributeur
Dernière intervention
19 décembre 2012
659
15 nov. 2009 à 02:59
15 nov. 2009 à 02:59
CHABERT68,
désoler pour la discutions qui est parti en live!
pour ton problème:
fait un scan avec ton anti-virus
puis installe et fait une annalise avec : Malwarebytes' Anti-Malware
et poste nous aussi un rapport de HijackThis
dans HijackThis clic sur : " Do a system scan and save a logfile"
désoler pour la discutions qui est parti en live!
pour ton problème:
fait un scan avec ton anti-virus
puis installe et fait une annalise avec : Malwarebytes' Anti-Malware
et poste nous aussi un rapport de HijackThis
dans HijackThis clic sur : " Do a system scan and save a logfile"
admiralc
Messages postés
1815
Date d'inscription
jeudi 30 octobre 2008
Statut
Membre
Dernière intervention
12 juillet 2013
140
15 nov. 2009 à 03:23
15 nov. 2009 à 03:23
Bien vu TheTroll tu mérites un +
TheTROLL
Messages postés
4163
Date d'inscription
samedi 9 février 2008
Statut
Contributeur
Dernière intervention
19 décembre 2012
659
15 nov. 2009 à 03:32
15 nov. 2009 à 03:32
merci!
c'est mieux d'explorer via ses manip que de réinstallé directement !! la réinstallation c'est a mettre en dernier recours!
c'est mieux d'explorer via ses manip que de réinstallé directement !! la réinstallation c'est a mettre en dernier recours!
Utilisateur anonyme
>
TheTROLL
Messages postés
4163
Date d'inscription
samedi 9 février 2008
Statut
Contributeur
Dernière intervention
19 décembre 2012
15 nov. 2009 à 04:25
15 nov. 2009 à 04:25
salut
pas d'accord. sous vista, des que ca merde vraiment, la reinstall est la meilleure solution, surtout pour des personnes qui viennent ici poser ce genre de questions. Surement que toi, moi, et d'autres ici peuvent aller s'amuser avec les registres et se barbituriquer la tronche.
pas d'accord. sous vista, des que ca merde vraiment, la reinstall est la meilleure solution, surtout pour des personnes qui viennent ici poser ce genre de questions. Surement que toi, moi, et d'autres ici peuvent aller s'amuser avec les registres et se barbituriquer la tronche.
TheTROLL
Messages postés
4163
Date d'inscription
samedi 9 février 2008
Statut
Contributeur
Dernière intervention
19 décembre 2012
659
>
Utilisateur anonyme
15 nov. 2009 à 04:29
15 nov. 2009 à 04:29
moi j'ai Vista sur mon PC portable et je me suis jamais amusé a allé dans la BD Vista il y a trop de bordel dedans!
et moi quand mon PC rame je fait exactement la méme chose que dans mon conseil!
et moi quand mon PC rame je fait exactement la méme chose que dans mon conseil!
Utilisateur anonyme
>
TheTROLL
Messages postés
4163
Date d'inscription
samedi 9 février 2008
Statut
Contributeur
Dernière intervention
19 décembre 2012
15 nov. 2009 à 04:36
15 nov. 2009 à 04:36
pas de prob. moi quand mon pc rame vraiment (ce qui n'arrive pas souvent), je reinstall. sous windows en tout cas,. mes mac et le cray n'ont pas vu de reinstall depuis un moment, mais, bon,on vas pas comparer les pommes et les poires.....
chabert68
Messages postés
13
Date d'inscription
dimanche 15 novembre 2009
Statut
Membre
Dernière intervention
9 juillet 2011
15 nov. 2009 à 04:16
15 nov. 2009 à 04:16
c est quoi le HijackThis, comment faire pour le copier une fois que j ai fini de scanner mon ?je suis nul en informatic
TheTROLL
Messages postés
4163
Date d'inscription
samedi 9 février 2008
Statut
Contributeur
Dernière intervention
19 décembre 2012
659
15 nov. 2009 à 04:23
15 nov. 2009 à 04:23
tu double clic sur le programme et tu clic sur " Do a system scan and save a logfile"
une fois l'analyse fini un fichier texte va s'ouvrir et tu sélection tout Ctrl+A puis Ctrl+C et quand tu est sur la page de CCM pour répondre tu fait Ctrl+V
une fois l'analyse fini un fichier texte va s'ouvrir et tu sélection tout Ctrl+A puis Ctrl+C et quand tu est sur la page de CCM pour répondre tu fait Ctrl+V
cette fois, j ia scanne et le probleme persite, il se plante toujours, apres le scannage, j essayé d´anlyse avec ad.awre toujours riens, il ne bvoit absolument rien.et en plus je vis dans un pays ayant pour langue l espagnol , et mon programme est en espagnol. ma mis a jour telecharge et refuse d´installer maintenant, alors que j ai un logiciel original windows vista starter, je suis egare vraiment. aidez moi.
TheTROLL
Messages postés
4163
Date d'inscription
samedi 9 février 2008
Statut
Contributeur
Dernière intervention
19 décembre 2012
659
15 nov. 2009 à 09:32
15 nov. 2009 à 09:32
installe puis met le a jour et en suite fait une annalise avec : Malwarebytes' Anti-Malware
et poste nous aussi le rapport de HijackThis
dans HijackThis clic sur : " Do a system scan and save a logfile"
et poste nous aussi le rapport de HijackThis
dans HijackThis clic sur : " Do a system scan and save a logfile"
Logfile created: 11/15/2009 19:32:27
Lavasoft Ad-Aware version: 8.1.0
User performing scan: AD
*********************** Definitions database information ***********************
Lavasoft definition file: 149.93
Genotype definition file version: 2009/11/12 16:16:13
******************************** Scan results: *********************************
Scan profile name: Analyse intelligente (ID: smart)
Objects scanned: 19695
Objects detected: 18
Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 18
Browser hijacks.: 0
MRU objects.....: 0
Removed items:
Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
Description: *adtech* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409018 Family ID: 0
Description: *weborama* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408955 Family ID: 0
Description: *weborama* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408955 Family ID: 0
Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0
Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0
Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0
Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0
Description: *2o7* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408943 Family ID: 0
Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0
Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0
Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0
Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0
Description: *weborama* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408955 Family ID: 0
Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
Scan and cleaning complete: Finished correctly after 526 seconds
*********************************** Settings ***********************************
Scan profile:
ID: smart, enabled:1, value: Analyse intelligente
ID: folderstoscan, enabled:1, value:
ID: useantivirus, enabled:0, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: false
ID: scanhostsfile, enabled:1, value: false
ID: scanmru, enabled:1, value: false
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: false
ID: onlyexecutables, enabled:1, value: true
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true
ID: heuristicslevel, enabled:1, value: mild, domain: medium,mild,strict
Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav
Scheduled scan settings:
<Empty>
Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: silently, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:0, value: Daily 1
ID: time, enabled:0, value: Wed Nov 11 20:08:00 2009
ID: frequency, enabled:0, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:0
ID: monday, enabled:0, value: false
ID: tuesday, enabled:0, value: false
ID: wednesday, enabled:0, value: false
ID: thursday, enabled:0, value: false
ID: friday, enabled:0, value: false
ID: saturday, enabled:0, value: false
ID: sunday, enabled:0, value: false
ID: monthly, enabled:0, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:0, value:
ID: auto_deal_with_infections, enabled:0, value: false
ID: updatedaily2, enabled:0, value: Daily 2
ID: time, enabled:0, value: Wed Nov 11 02:08:00 2009
ID: frequency, enabled:0, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:0
ID: monday, enabled:0, value: false
ID: tuesday, enabled:0, value: false
ID: wednesday, enabled:0, value: false
ID: thursday, enabled:0, value: false
ID: friday, enabled:0, value: false
ID: saturday, enabled:0, value: false
ID: sunday, enabled:0, value: false
ID: monthly, enabled:0, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:0, value:
ID: auto_deal_with_infections, enabled:0, value: false
ID: updatedaily3, enabled:0, value: Daily 3
ID: time, enabled:0, value: Wed Nov 11 08:08:00 2009
ID: frequency, enabled:0, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:0
ID: monday, enabled:0, value: false
ID: tuesday, enabled:0, value: false
ID: wednesday, enabled:0, value: false
ID: thursday, enabled:0, value: false
ID: friday, enabled:0, value: false
ID: saturday, enabled:0, value: false
ID: sunday, enabled:0, value: false
ID: monthly, enabled:0, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:0, value:
ID: auto_deal_with_infections, enabled:0, value: false
ID: updatedaily4, enabled:0, value: Daily 4
ID: time, enabled:0, value: Wed Nov 11 14:08:00 2009
ID: frequency, enabled:0, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:0
ID: monday, enabled:0, value: false
ID: tuesday, enabled:0, value: false
ID: wednesday, enabled:0, value: false
ID: thursday, enabled:0, value: false
ID: friday, enabled:0, value: false
ID: saturday, enabled:0, value: false
ID: sunday, enabled:0, value: false
ID: monthly, enabled:0, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:0, value:
ID: auto_deal_with_infections, enabled:0, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Wed Nov 11 20:08:00 2009
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: true
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: true
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:0, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: fr, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
Realtime protection settings:
ID: realtime, enabled:1
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:0, value: true
ID: networkprotection, enabled:0, value: true
ID: layers, enabled:1
ID: useantivirus, enabled:0, value: true
ID: usespywareheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
****************************** System information ******************************
Computer name: AD1
Processor name: AMD Sempron(tm) Processor LE-1250
Processor identifier: x86 Family 15 Model 127 Stepping 2
Processor speed: ~2210MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 32514, number of processors 1, processor features: [MMX,SSE,SSE2,SSE3,3DNow]
Physical memory available: 175251456 bytes
Physical memory total: 938037248 bytes
Virtual memory available: 1978195968 bytes
Virtual memory total: 2147352576 bytes
Memory load: 81%
Microsoft Windows Vista Starter Edition, 32-bit Service Pack 2 (build 6002)
Windows startup mode:
Running processes:
PID: 432 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 508 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 556 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT AUTHORITY
PID: 564 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 604 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 620 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 628 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT AUTHORITY
PID: 652 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 828 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 876 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 900 name: C:\Windows\System32\svchost.exe owner: Servicio de red domain: NT AUTHORITY
PID: 936 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1004 name: C:\Windows\System32\svchost.exe owner: SERVICIO LOCAL domain: NT AUTHORITY
PID: 1080 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1096 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1200 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1216 name: C:\Windows\System32\SLsvc.exe owner: Servicio de red domain: NT AUTHORITY
PID: 1244 name: C:\Windows\System32\svchost.exe owner: SERVICIO LOCAL domain: NT AUTHORITY
PID: 1356 name: C:\Windows\System32\svchost.exe owner: Servicio de red domain: NT AUTHORITY
PID: 1440 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1464 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1600 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1632 name: C:\Windows\System32\svchost.exe owner: SERVICIO LOCAL domain: NT AUTHORITY
PID: 1972 name: C:\Windows\System32\taskeng.exe owner: AD domain: AD1
PID: 2024 name: C:\Windows\System32\dwm.exe owner: AD domain: AD1
PID: 276 name: C:\Windows\explorer.exe owner: AD domain: AD1
PID: 292 name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 364 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
PID: 460 name: C:\Program Files\McAfee\SiteAdvisor\McSACore.exe owner: SYSTEM domain: NT AUTHORITY
PID: 512 name: C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe owner: SYSTEM domain: NT AUTHORITY
PID: 948 name: C:\Windows\System32\rundll32.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1136 name: C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe owner: SYSTEM domain: NT AUTHORITY
PID: 812 name: C:\Program Files\McAfee\MPF\MpfSrv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 984 name: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2060 name: C:\Windows\System32\svchost.exe owner: SERVICIO LOCAL domain: NT AUTHORITY
PID: 2124 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2172 name: C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 2228 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2600 name: C:\Windows\System32\WUDFHost.exe owner: SERVICIO LOCAL domain: NT AUTHORITY
PID: 2888 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2956 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3048 name: C:\Windows\System32\conime.exe owner: AD domain: AD1
PID: 3236 name: C:\Windows\System32\mobsync.exe owner: AD domain: AD1
PID: 3356 name: C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 3432 name: C:\Program Files\Windows Defender\MSASCui.exe owner: AD domain: AD1
PID: 3564 name: C:\Windows\RtHDVCpl.exe owner: AD domain: AD1
PID: 3732 name: C:\Program Files\McAfee.com\Agent\mcagent.exe owner: AD domain: AD1
PID: 3740 name: C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe owner: AD domain: AD1
PID: 3764 name: C:\Program Files\Windows Sidebar\sidebar.exe owner: AD domain: AD1
PID: 3780 name: C:\Program Files\Windows Live\Messenger\msnmsgr.exe owner: AD domain: AD1
PID: 3828 name: C:\Users\AD\Bluebirds\BlueBirds.exe owner: AD domain: AD1
PID: 3868 name: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe owner: AD domain: AD1
PID: 3948 name: C:\Windows\System32\taskeng.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3960 name: C:\Program Files\Skype\Phone\Skype.exe owner: AD domain: AD1
PID: 3504 name: C:\Program Files\Windows Sidebar\sidebar.exe owner: AD domain: AD1
PID: 3328 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: AD domain: AD1
PID: 3848 name: C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2100 name: C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2360 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: Servicio de red domain: NT AUTHORITY
PID: 3984 name: C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 852 name: C:\Program Files\Windows Live\Contacts\wlcomm.exe owner: AD domain: AD1
PID: 4552 name: C:\Program Files\FoxyTunes\FoxyTunesEngine\1.0.0.7271_{A7E5DC79-E985-48B3-8B76-33C6870FEE80}\FoxyTunesEngine.exe owner: AD domain: AD1
PID: 5632 name: C:\Program Files\Internet Explorer\iexplore.exe owner: AD domain: AD1
PID: 5900 name: C:\Program Files\Internet Explorer\iexplore.exe owner: AD domain: AD1
PID: 1488 name: C:\Program Files\Windows Live\Toolbar\wltuser.exe owner: AD domain: AD1
PID: 3348 name: C:\Windows\System32\wuauclt.exe owner: AD domain: AD1
PID: 4964 name: C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe owner: AD domain: AD1
PID: 4712 name: C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe owner: AD domain: AD1
PID: 5588 name: C:\Users\AD\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe owner: AD domain: AD1
PID: 4808 name: C:\Program Files\Internet Explorer\iexplore.exe owner: AD domain: AD1
PID: 9432 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: AD domain: AD1
Startup items:
Name: Windows Defender
imagepath: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
Name: QuickTime Task
imagepath: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Name: RtHDVCpl
imagepath: RtHDVCpl.exe
Name: Skytel
imagepath: Skytel.exe
Name: Adobe ARM
imagepath: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Name: AppleSyncNotifier
imagepath: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
Name: mcagent_exe
imagepath: "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
Name: YSearchProtection
imagepath: "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name:
imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete
Running services:
Name: AeLookupSvc
displayname: Experiencia con aplicaciones
Name: Appinfo
displayname: Información de la aplicación
Name: Apple Mobile Device
displayname: Apple Mobile Device
Name: AudioEndpointBuilder
displayname: Compilador de extremo de audio de Windows
Name: Audiosrv
displayname: Audio de Windows
Name: BFE
displayname: Motor de filtro de base
Name: BITS
displayname: Servicio de transferencia inteligente en segundo plano
Name: Bonjour Service
displayname: Servicio Bonjour
Name: Browser
displayname: Examinador de equipos
Name: CryptSvc
displayname: Servicios de cifrado
Name: DcomLaunch
displayname: Iniciador de procesos de servidor DCOM
Name: Dhcp
displayname: Cliente DHCP
Name: Dnscache
displayname: Cliente DNS
Name: DPS
displayname: Servicio de directivas de diagnóstico
Name: EMDMgmt
displayname: ReadyBoost
Name: Eventlog
displayname: Registro de eventos de Windows
Name: EventSystem
displayname: Sistema de eventos COM+
Name: FDResPub
displayname: Publicación de recurso de detección de función
Name: gpsvc
displayname: Cliente de directiva de grupo
Name: IKEEXT
displayname: Módulos de creación de claves de IPsec para IKE y AuthIP
Name: iphlpsvc
displayname: Aplicación auxiliar IP
Name: KtmRm
displayname: KTMRM para DTC (Coordinador de transacciones distribuidas)
Name: LanmanServer
displayname: Servidor
Name: LanmanWorkstation
displayname: Estación de trabajo
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: lmhosts
displayname: Aplicación auxiliar de NetBIOS sobre TCP/IP
Name: McAfee SiteAdvisor Service
displayname: McAfee SiteAdvisor Service
Name: mcmscsvc
displayname: McAfee Services
Name: McNASvc
displayname: McAfee Network Agent
Name: McProxy
displayname: McAfee Proxy Service
Name: McShield
displayname: McAfee Real-time Scanner
Name: McSysmon
displayname: McAfee SystemGuards
Name: MMCSS
displayname: Programador de aplicaciones multimedia
Name: MpfService
displayname: McAfee Personal Firewall Service
Name: MpsSvc
displayname: Firewall de Windows
Name: Netman
displayname: Conexiones de red
Name: netprofm
displayname: Servicio de lista de redes
Name: NlaSvc
displayname: Reconocimiento de ubicación de red
Name: nsi
displayname: Servicio Interfaz de almacenamiento en red
Name: nvsvc
displayname: NVIDIA Display Driver Service
Name: PcaSvc
displayname: Servicio de compatibilidad de programas
Name: PlugPlay
displayname: Plug and Play
Name: ProfSvc
displayname: Servicio de perfil de usuario
Name: RasMan
displayname: Administrador de conexión de acceso remoto
Name: RpcSs
displayname: Llamada a procedimiento remoto (RPC)
Name: SamSs
displayname: Administrador de cuentas de seguridad
Name: Schedule
displayname: Programador de tareas
Name: SeaPort
displayname: SeaPort
Name: SENS
displayname: Servicio de notificación de eventos de sistema
Name: ShellHWDetection
displayname: Detección de hardware shell
Name: slsvc
displayname: Licencias de software
Name: Spooler
displayname: Cola de impresión
Name: SSDPSRV
displayname: Detección SSDP
Name: SstpSvc
displayname: Servicio de protocolo de túnel de sockets seguros
Name: stisvc
displayname: Adquisición de imágenes de Windows (WIA)
Name: SysMain
displayname: Superfetch
Name: TabletInputService
displayname: Servicio de entrada de Tablet PC
Name: TapiSrv
displayname: Telefonía
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Temas
Name: TrkWks
displayname: Cliente de seguimiento de vínculos distribuidos
Name: upnphost
displayname: Dispositivo host de UPnP
Name: UxSms
displayname: Administrador de sesión del Administrador de ventanas de escritorio
Name: W32Time
displayname: Horario de Windows
Name: WdiSystemHost
displayname: Host de sistema de diagnóstico
Name: WerSvc
displayname: Servicio Informe de errores de Windows
Name: WinDefend
displayname: Windows Defender
Name: Winmgmt
displayname: Instrumental de administración de Windows
Name: wlidsvc
displayname: Windows Live ID Sign-in Assistant
Name: WPDBusEnum
displayname: Servicio enumerador de dispositivos portátiles
Name: wscsvc
displayname: Centro de seguridad
Name: WSearch
displayname: Windows Search
Name: wuauserv
displayname: Windows Update
Name: wudfsvc
displayname: Windows Driver Foundation - User-mode Driver Framework
Lavasoft Ad-Aware version: 8.1.0
User performing scan: AD
*********************** Definitions database information ***********************
Lavasoft definition file: 149.93
Genotype definition file version: 2009/11/12 16:16:13
******************************** Scan results: *********************************
Scan profile name: Analyse intelligente (ID: smart)
Objects scanned: 19695
Objects detected: 18
Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 18
Browser hijacks.: 0
MRU objects.....: 0
Removed items:
Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
Description: *adtech* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409018 Family ID: 0
Description: *weborama* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408955 Family ID: 0
Description: *weborama* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408955 Family ID: 0
Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0
Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0
Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0
Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0
Description: *2o7* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408943 Family ID: 0
Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0
Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0
Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0
Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0
Description: *weborama* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408955 Family ID: 0
Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
Scan and cleaning complete: Finished correctly after 526 seconds
*********************************** Settings ***********************************
Scan profile:
ID: smart, enabled:1, value: Analyse intelligente
ID: folderstoscan, enabled:1, value:
ID: useantivirus, enabled:0, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: false
ID: scanhostsfile, enabled:1, value: false
ID: scanmru, enabled:1, value: false
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: false
ID: onlyexecutables, enabled:1, value: true
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true
ID: heuristicslevel, enabled:1, value: mild, domain: medium,mild,strict
Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav
Scheduled scan settings:
<Empty>
Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: silently, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:0, value: Daily 1
ID: time, enabled:0, value: Wed Nov 11 20:08:00 2009
ID: frequency, enabled:0, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:0
ID: monday, enabled:0, value: false
ID: tuesday, enabled:0, value: false
ID: wednesday, enabled:0, value: false
ID: thursday, enabled:0, value: false
ID: friday, enabled:0, value: false
ID: saturday, enabled:0, value: false
ID: sunday, enabled:0, value: false
ID: monthly, enabled:0, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:0, value:
ID: auto_deal_with_infections, enabled:0, value: false
ID: updatedaily2, enabled:0, value: Daily 2
ID: time, enabled:0, value: Wed Nov 11 02:08:00 2009
ID: frequency, enabled:0, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:0
ID: monday, enabled:0, value: false
ID: tuesday, enabled:0, value: false
ID: wednesday, enabled:0, value: false
ID: thursday, enabled:0, value: false
ID: friday, enabled:0, value: false
ID: saturday, enabled:0, value: false
ID: sunday, enabled:0, value: false
ID: monthly, enabled:0, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:0, value:
ID: auto_deal_with_infections, enabled:0, value: false
ID: updatedaily3, enabled:0, value: Daily 3
ID: time, enabled:0, value: Wed Nov 11 08:08:00 2009
ID: frequency, enabled:0, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:0
ID: monday, enabled:0, value: false
ID: tuesday, enabled:0, value: false
ID: wednesday, enabled:0, value: false
ID: thursday, enabled:0, value: false
ID: friday, enabled:0, value: false
ID: saturday, enabled:0, value: false
ID: sunday, enabled:0, value: false
ID: monthly, enabled:0, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:0, value:
ID: auto_deal_with_infections, enabled:0, value: false
ID: updatedaily4, enabled:0, value: Daily 4
ID: time, enabled:0, value: Wed Nov 11 14:08:00 2009
ID: frequency, enabled:0, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:0
ID: monday, enabled:0, value: false
ID: tuesday, enabled:0, value: false
ID: wednesday, enabled:0, value: false
ID: thursday, enabled:0, value: false
ID: friday, enabled:0, value: false
ID: saturday, enabled:0, value: false
ID: sunday, enabled:0, value: false
ID: monthly, enabled:0, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:0, value:
ID: auto_deal_with_infections, enabled:0, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Wed Nov 11 20:08:00 2009
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: true
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: true
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:0, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: fr, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
Realtime protection settings:
ID: realtime, enabled:1
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:0, value: true
ID: networkprotection, enabled:0, value: true
ID: layers, enabled:1
ID: useantivirus, enabled:0, value: true
ID: usespywareheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
****************************** System information ******************************
Computer name: AD1
Processor name: AMD Sempron(tm) Processor LE-1250
Processor identifier: x86 Family 15 Model 127 Stepping 2
Processor speed: ~2210MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 32514, number of processors 1, processor features: [MMX,SSE,SSE2,SSE3,3DNow]
Physical memory available: 175251456 bytes
Physical memory total: 938037248 bytes
Virtual memory available: 1978195968 bytes
Virtual memory total: 2147352576 bytes
Memory load: 81%
Microsoft Windows Vista Starter Edition, 32-bit Service Pack 2 (build 6002)
Windows startup mode:
Running processes:
PID: 432 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 508 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 556 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT AUTHORITY
PID: 564 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 604 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 620 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 628 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT AUTHORITY
PID: 652 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 828 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 876 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 900 name: C:\Windows\System32\svchost.exe owner: Servicio de red domain: NT AUTHORITY
PID: 936 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1004 name: C:\Windows\System32\svchost.exe owner: SERVICIO LOCAL domain: NT AUTHORITY
PID: 1080 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1096 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1200 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1216 name: C:\Windows\System32\SLsvc.exe owner: Servicio de red domain: NT AUTHORITY
PID: 1244 name: C:\Windows\System32\svchost.exe owner: SERVICIO LOCAL domain: NT AUTHORITY
PID: 1356 name: C:\Windows\System32\svchost.exe owner: Servicio de red domain: NT AUTHORITY
PID: 1440 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1464 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1600 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1632 name: C:\Windows\System32\svchost.exe owner: SERVICIO LOCAL domain: NT AUTHORITY
PID: 1972 name: C:\Windows\System32\taskeng.exe owner: AD domain: AD1
PID: 2024 name: C:\Windows\System32\dwm.exe owner: AD domain: AD1
PID: 276 name: C:\Windows\explorer.exe owner: AD domain: AD1
PID: 292 name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 364 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
PID: 460 name: C:\Program Files\McAfee\SiteAdvisor\McSACore.exe owner: SYSTEM domain: NT AUTHORITY
PID: 512 name: C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe owner: SYSTEM domain: NT AUTHORITY
PID: 948 name: C:\Windows\System32\rundll32.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1136 name: C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe owner: SYSTEM domain: NT AUTHORITY
PID: 812 name: C:\Program Files\McAfee\MPF\MpfSrv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 984 name: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2060 name: C:\Windows\System32\svchost.exe owner: SERVICIO LOCAL domain: NT AUTHORITY
PID: 2124 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2172 name: C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 2228 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2600 name: C:\Windows\System32\WUDFHost.exe owner: SERVICIO LOCAL domain: NT AUTHORITY
PID: 2888 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2956 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3048 name: C:\Windows\System32\conime.exe owner: AD domain: AD1
PID: 3236 name: C:\Windows\System32\mobsync.exe owner: AD domain: AD1
PID: 3356 name: C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 3432 name: C:\Program Files\Windows Defender\MSASCui.exe owner: AD domain: AD1
PID: 3564 name: C:\Windows\RtHDVCpl.exe owner: AD domain: AD1
PID: 3732 name: C:\Program Files\McAfee.com\Agent\mcagent.exe owner: AD domain: AD1
PID: 3740 name: C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe owner: AD domain: AD1
PID: 3764 name: C:\Program Files\Windows Sidebar\sidebar.exe owner: AD domain: AD1
PID: 3780 name: C:\Program Files\Windows Live\Messenger\msnmsgr.exe owner: AD domain: AD1
PID: 3828 name: C:\Users\AD\Bluebirds\BlueBirds.exe owner: AD domain: AD1
PID: 3868 name: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe owner: AD domain: AD1
PID: 3948 name: C:\Windows\System32\taskeng.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3960 name: C:\Program Files\Skype\Phone\Skype.exe owner: AD domain: AD1
PID: 3504 name: C:\Program Files\Windows Sidebar\sidebar.exe owner: AD domain: AD1
PID: 3328 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: AD domain: AD1
PID: 3848 name: C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2100 name: C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2360 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: Servicio de red domain: NT AUTHORITY
PID: 3984 name: C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 852 name: C:\Program Files\Windows Live\Contacts\wlcomm.exe owner: AD domain: AD1
PID: 4552 name: C:\Program Files\FoxyTunes\FoxyTunesEngine\1.0.0.7271_{A7E5DC79-E985-48B3-8B76-33C6870FEE80}\FoxyTunesEngine.exe owner: AD domain: AD1
PID: 5632 name: C:\Program Files\Internet Explorer\iexplore.exe owner: AD domain: AD1
PID: 5900 name: C:\Program Files\Internet Explorer\iexplore.exe owner: AD domain: AD1
PID: 1488 name: C:\Program Files\Windows Live\Toolbar\wltuser.exe owner: AD domain: AD1
PID: 3348 name: C:\Windows\System32\wuauclt.exe owner: AD domain: AD1
PID: 4964 name: C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe owner: AD domain: AD1
PID: 4712 name: C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe owner: AD domain: AD1
PID: 5588 name: C:\Users\AD\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe owner: AD domain: AD1
PID: 4808 name: C:\Program Files\Internet Explorer\iexplore.exe owner: AD domain: AD1
PID: 9432 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: AD domain: AD1
Startup items:
Name: Windows Defender
imagepath: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
Name: QuickTime Task
imagepath: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Name: RtHDVCpl
imagepath: RtHDVCpl.exe
Name: Skytel
imagepath: Skytel.exe
Name: Adobe ARM
imagepath: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Name: AppleSyncNotifier
imagepath: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
Name: mcagent_exe
imagepath: "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
Name: YSearchProtection
imagepath: "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name:
imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete
Running services:
Name: AeLookupSvc
displayname: Experiencia con aplicaciones
Name: Appinfo
displayname: Información de la aplicación
Name: Apple Mobile Device
displayname: Apple Mobile Device
Name: AudioEndpointBuilder
displayname: Compilador de extremo de audio de Windows
Name: Audiosrv
displayname: Audio de Windows
Name: BFE
displayname: Motor de filtro de base
Name: BITS
displayname: Servicio de transferencia inteligente en segundo plano
Name: Bonjour Service
displayname: Servicio Bonjour
Name: Browser
displayname: Examinador de equipos
Name: CryptSvc
displayname: Servicios de cifrado
Name: DcomLaunch
displayname: Iniciador de procesos de servidor DCOM
Name: Dhcp
displayname: Cliente DHCP
Name: Dnscache
displayname: Cliente DNS
Name: DPS
displayname: Servicio de directivas de diagnóstico
Name: EMDMgmt
displayname: ReadyBoost
Name: Eventlog
displayname: Registro de eventos de Windows
Name: EventSystem
displayname: Sistema de eventos COM+
Name: FDResPub
displayname: Publicación de recurso de detección de función
Name: gpsvc
displayname: Cliente de directiva de grupo
Name: IKEEXT
displayname: Módulos de creación de claves de IPsec para IKE y AuthIP
Name: iphlpsvc
displayname: Aplicación auxiliar IP
Name: KtmRm
displayname: KTMRM para DTC (Coordinador de transacciones distribuidas)
Name: LanmanServer
displayname: Servidor
Name: LanmanWorkstation
displayname: Estación de trabajo
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: lmhosts
displayname: Aplicación auxiliar de NetBIOS sobre TCP/IP
Name: McAfee SiteAdvisor Service
displayname: McAfee SiteAdvisor Service
Name: mcmscsvc
displayname: McAfee Services
Name: McNASvc
displayname: McAfee Network Agent
Name: McProxy
displayname: McAfee Proxy Service
Name: McShield
displayname: McAfee Real-time Scanner
Name: McSysmon
displayname: McAfee SystemGuards
Name: MMCSS
displayname: Programador de aplicaciones multimedia
Name: MpfService
displayname: McAfee Personal Firewall Service
Name: MpsSvc
displayname: Firewall de Windows
Name: Netman
displayname: Conexiones de red
Name: netprofm
displayname: Servicio de lista de redes
Name: NlaSvc
displayname: Reconocimiento de ubicación de red
Name: nsi
displayname: Servicio Interfaz de almacenamiento en red
Name: nvsvc
displayname: NVIDIA Display Driver Service
Name: PcaSvc
displayname: Servicio de compatibilidad de programas
Name: PlugPlay
displayname: Plug and Play
Name: ProfSvc
displayname: Servicio de perfil de usuario
Name: RasMan
displayname: Administrador de conexión de acceso remoto
Name: RpcSs
displayname: Llamada a procedimiento remoto (RPC)
Name: SamSs
displayname: Administrador de cuentas de seguridad
Name: Schedule
displayname: Programador de tareas
Name: SeaPort
displayname: SeaPort
Name: SENS
displayname: Servicio de notificación de eventos de sistema
Name: ShellHWDetection
displayname: Detección de hardware shell
Name: slsvc
displayname: Licencias de software
Name: Spooler
displayname: Cola de impresión
Name: SSDPSRV
displayname: Detección SSDP
Name: SstpSvc
displayname: Servicio de protocolo de túnel de sockets seguros
Name: stisvc
displayname: Adquisición de imágenes de Windows (WIA)
Name: SysMain
displayname: Superfetch
Name: TabletInputService
displayname: Servicio de entrada de Tablet PC
Name: TapiSrv
displayname: Telefonía
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Temas
Name: TrkWks
displayname: Cliente de seguimiento de vínculos distribuidos
Name: upnphost
displayname: Dispositivo host de UPnP
Name: UxSms
displayname: Administrador de sesión del Administrador de ventanas de escritorio
Name: W32Time
displayname: Horario de Windows
Name: WdiSystemHost
displayname: Host de sistema de diagnóstico
Name: WerSvc
displayname: Servicio Informe de errores de Windows
Name: WinDefend
displayname: Windows Defender
Name: Winmgmt
displayname: Instrumental de administración de Windows
Name: wlidsvc
displayname: Windows Live ID Sign-in Assistant
Name: WPDBusEnum
displayname: Servicio enumerador de dispositivos portátiles
Name: wscsvc
displayname: Centro de seguridad
Name: WSearch
displayname: Windows Search
Name: wuauserv
displayname: Windows Update
Name: wudfsvc
displayname: Windows Driver Foundation - User-mode Driver Framework
TheTROLL
Messages postés
4163
Date d'inscription
samedi 9 février 2008
Statut
Contributeur
Dernière intervention
19 décembre 2012
659
16 nov. 2009 à 04:02
16 nov. 2009 à 04:02
bon je recommence une dernière fois!
télécharge et installe et en suite fait une annalise avec : Malwarebytes' Anti-Malware
et télécharge et installe HijackThis et poste nous le rapport
dans HijackThis clic sur : " Do a system scan and save a logfile"
télécharge et installe et en suite fait une annalise avec : Malwarebytes' Anti-Malware
et télécharge et installe HijackThis et poste nous le rapport
dans HijackThis clic sur : " Do a system scan and save a logfile"
voila ce que j ai trouvé TROLL,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:59 p.m., on 11/15/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\AD\Bluebirds\BlueBirds.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\FoxyTunes\FoxyTunesEngine\1.0.0.7271_{A7E5DC79-E985-48B3-8B76-33C6870FEE80}\FoxyTunesEngine.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Users\AD\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr10/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr10/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Softonic.fr Toolbar - {2cdcbcf7-7969-43f5-ac59-91ded800eddf} - C:\Program Files\Softonic.fr\tbSoft.dll
R3 - URLSearchHook: P2P Max France Toolbar - {fe37be35-b028-49f9-bb0c-6a38c4e55b97} - C:\Program Files\P2P_Max_France\tbP2P1.dll
R3 - URLSearchHook: iCu2 Toolbar - {0a65b163-1d7b-434c-86dd-4afb5d3ba3b4} - C:\Program Files\iCu2\tbiCu2.dll
R3 - URLSearchHook: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSoft.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: iCu2 Toolbar - {0a65b163-1d7b-434c-86dd-4afb5d3ba3b4} - C:\Program Files\iCu2\tbiCu2.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Softonic.fr Toolbar - {2cdcbcf7-7969-43f5-ac59-91ded800eddf} - C:\Program Files\Softonic.fr\tbSoft.dll
O2 - BHO: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSoft.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: FoxyTunes Toolbar Helper - {784D8FBC-4165-4D88-90FB-62907ACDD045} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Aplicación auxiliar de inicio de sesión de Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: P2P Max France Toolbar - {fe37be35-b028-49f9-bb0c-6a38c4e55b97} - C:\Program Files\P2P_Max_France\tbP2P1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Softonic.fr Toolbar - {2cdcbcf7-7969-43f5-ac59-91ded800eddf} - C:\Program Files\Softonic.fr\tbSoft.dll
O3 - Toolbar: P2P Max France Toolbar - {fe37be35-b028-49f9-bb0c-6a38c4e55b97} - C:\Program Files\P2P_Max_France\tbP2P1.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: iCu2 Toolbar - {0a65b163-1d7b-434c-86dd-4afb5d3ba3b4} - C:\Program Files\iCu2\tbiCu2.dll
O3 - Toolbar: FoxyTunes Toolbar - {1D1901C3-F72A-46f3-9DBB-0AAA0DEEF6DF} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O3 - Toolbar: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSoft.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [bluebirds] C:\Users\AD\Bluebirds\BlueBirds.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:59 p.m., on 11/15/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\AD\Bluebirds\BlueBirds.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\FoxyTunes\FoxyTunesEngine\1.0.0.7271_{A7E5DC79-E985-48B3-8B76-33C6870FEE80}\FoxyTunesEngine.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Users\AD\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr10/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr10/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Softonic.fr Toolbar - {2cdcbcf7-7969-43f5-ac59-91ded800eddf} - C:\Program Files\Softonic.fr\tbSoft.dll
R3 - URLSearchHook: P2P Max France Toolbar - {fe37be35-b028-49f9-bb0c-6a38c4e55b97} - C:\Program Files\P2P_Max_France\tbP2P1.dll
R3 - URLSearchHook: iCu2 Toolbar - {0a65b163-1d7b-434c-86dd-4afb5d3ba3b4} - C:\Program Files\iCu2\tbiCu2.dll
R3 - URLSearchHook: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSoft.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: iCu2 Toolbar - {0a65b163-1d7b-434c-86dd-4afb5d3ba3b4} - C:\Program Files\iCu2\tbiCu2.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Softonic.fr Toolbar - {2cdcbcf7-7969-43f5-ac59-91ded800eddf} - C:\Program Files\Softonic.fr\tbSoft.dll
O2 - BHO: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSoft.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: FoxyTunes Toolbar Helper - {784D8FBC-4165-4D88-90FB-62907ACDD045} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Aplicación auxiliar de inicio de sesión de Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: P2P Max France Toolbar - {fe37be35-b028-49f9-bb0c-6a38c4e55b97} - C:\Program Files\P2P_Max_France\tbP2P1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Softonic.fr Toolbar - {2cdcbcf7-7969-43f5-ac59-91ded800eddf} - C:\Program Files\Softonic.fr\tbSoft.dll
O3 - Toolbar: P2P Max France Toolbar - {fe37be35-b028-49f9-bb0c-6a38c4e55b97} - C:\Program Files\P2P_Max_France\tbP2P1.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: iCu2 Toolbar - {0a65b163-1d7b-434c-86dd-4afb5d3ba3b4} - C:\Program Files\iCu2\tbiCu2.dll
O3 - Toolbar: FoxyTunes Toolbar - {1D1901C3-F72A-46f3-9DBB-0AAA0DEEF6DF} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O3 - Toolbar: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSoft.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [bluebirds] C:\Users\AD\Bluebirds\BlueBirds.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:14 p.m., on 11/15/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\AD\Bluebirds\BlueBirds.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\FoxyTunes\FoxyTunesEngine\1.0.0.7271_{A7E5DC79-E985-48B3-8B76-33C6870FEE80}\FoxyTunesEngine.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Users\AD\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr10/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr10/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Softonic.fr Toolbar - {2cdcbcf7-7969-43f5-ac59-91ded800eddf} - C:\Program Files\Softonic.fr\tbSoft.dll
R3 - URLSearchHook: P2P Max France Toolbar - {fe37be35-b028-49f9-bb0c-6a38c4e55b97} - C:\Program Files\P2P_Max_France\tbP2P1.dll
R3 - URLSearchHook: iCu2 Toolbar - {0a65b163-1d7b-434c-86dd-4afb5d3ba3b4} - C:\Program Files\iCu2\tbiCu2.dll
R3 - URLSearchHook: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSoft.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: iCu2 Toolbar - {0a65b163-1d7b-434c-86dd-4afb5d3ba3b4} - C:\Program Files\iCu2\tbiCu2.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Softonic.fr Toolbar - {2cdcbcf7-7969-43f5-ac59-91ded800eddf} - C:\Program Files\Softonic.fr\tbSoft.dll
O2 - BHO: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSoft.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: FoxyTunes Toolbar Helper - {784D8FBC-4165-4D88-90FB-62907ACDD045} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Aplicación auxiliar de inicio de sesión de Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: P2P Max France Toolbar - {fe37be35-b028-49f9-bb0c-6a38c4e55b97} - C:\Program Files\P2P_Max_France\tbP2P1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Softonic.fr Toolbar - {2cdcbcf7-7969-43f5-ac59-91ded800eddf} - C:\Program Files\Softonic.fr\tbSoft.dll
O3 - Toolbar: P2P Max France Toolbar - {fe37be35-b028-49f9-bb0c-6a38c4e55b97} - C:\Program Files\P2P_Max_France\tbP2P1.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: iCu2 Toolbar - {0a65b163-1d7b-434c-86dd-4afb5d3ba3b4} - C:\Program Files\iCu2\tbiCu2.dll
O3 - Toolbar: FoxyTunes Toolbar - {1D1901C3-F72A-46f3-9DBB-0AAA0DEEF6DF} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O3 - Toolbar: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSoft.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [bluebirds] C:\Users\AD\Bluebirds\BlueBirds.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
Scan saved at 11:30:14 p.m., on 11/15/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\AD\Bluebirds\BlueBirds.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\FoxyTunes\FoxyTunesEngine\1.0.0.7271_{A7E5DC79-E985-48B3-8B76-33C6870FEE80}\FoxyTunesEngine.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Users\AD\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr10/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr10/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr10/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Softonic.fr Toolbar - {2cdcbcf7-7969-43f5-ac59-91ded800eddf} - C:\Program Files\Softonic.fr\tbSoft.dll
R3 - URLSearchHook: P2P Max France Toolbar - {fe37be35-b028-49f9-bb0c-6a38c4e55b97} - C:\Program Files\P2P_Max_France\tbP2P1.dll
R3 - URLSearchHook: iCu2 Toolbar - {0a65b163-1d7b-434c-86dd-4afb5d3ba3b4} - C:\Program Files\iCu2\tbiCu2.dll
R3 - URLSearchHook: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSoft.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: iCu2 Toolbar - {0a65b163-1d7b-434c-86dd-4afb5d3ba3b4} - C:\Program Files\iCu2\tbiCu2.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Softonic.fr Toolbar - {2cdcbcf7-7969-43f5-ac59-91ded800eddf} - C:\Program Files\Softonic.fr\tbSoft.dll
O2 - BHO: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSoft.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: FoxyTunes Toolbar Helper - {784D8FBC-4165-4D88-90FB-62907ACDD045} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Aplicación auxiliar de inicio de sesión de Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: P2P Max France Toolbar - {fe37be35-b028-49f9-bb0c-6a38c4e55b97} - C:\Program Files\P2P_Max_France\tbP2P1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Softonic.fr Toolbar - {2cdcbcf7-7969-43f5-ac59-91ded800eddf} - C:\Program Files\Softonic.fr\tbSoft.dll
O3 - Toolbar: P2P Max France Toolbar - {fe37be35-b028-49f9-bb0c-6a38c4e55b97} - C:\Program Files\P2P_Max_France\tbP2P1.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: iCu2 Toolbar - {0a65b163-1d7b-434c-86dd-4afb5d3ba3b4} - C:\Program Files\iCu2\tbiCu2.dll
O3 - Toolbar: FoxyTunes Toolbar - {1D1901C3-F72A-46f3-9DBB-0AAA0DEEF6DF} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O3 - Toolbar: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSoft.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [bluebirds] C:\Users\AD\Bluebirds\BlueBirds.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
