Virus msn... encore et toujours... Résolu

Question

Bonsoir tout le monde,

Voilà j'ai reçu un message d'un de mes amis genre "album photo.zip". Et naïf comme je suis j'ai cliqué...
Maintenant a chaque démarrage de Window Live Messenger, mon ordinateur envoie automatiquement le même message a mes contact en ligne... et pendant ce temps, je ne peux rien faire, ma souris est bloqué...

Je voulais savoir qu'elle procédure suivre pour détruire complètement ce virus, comme j'ai vu plusieurs situations différentes, peut-être que ce ne sera pas pareil pour moi. Voilà.

Mercii d'avance. ^^

pimprenelle27 · Answer

Télécharge :

-  MSNFix (!aur3n7) et décompresse-le sur le Bureau.

Regarde bien le Tuto Ici

Ensuite :

Redémarre en mode sans échec comme indiqué  ici ;  Choisis ta session courante.

Lance le fichier MSNFix.bat qui se trouve dans le dossier MSNfix, sur le bureau.
- Exécute l'option R.
- Si l'infection est détectée, exécute l'option N.
- Sauvegarde ce rapport sur ton bureau. 

Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs


Le rapport sera enregistré dans C:\Windows\ sous le nom de MSNFix

tulipe94 · Answer

salut
jai exactement le meme pb ,pareil sur msn avec un album photo,ca me ferme tt le tps internet
j'arrive pas a ouvrir mon antivirus.la ya brahim33 qui m'aide suit la discussion je suis tulipe94

pimprenelle27 · Answer

tu doit créeer ton propre sujet et je viendrais t'aider volontiers.

Dark66 · Answer

D'accord, merci, j'essaie de ce pas ^^

tulipe94 · Answer

on ta donné la solution
qd je fé mode sans echec
je nai pas lencadrer pr cliquer oui
je blok

pimprenelle27 · Answer

je t'ai déjà dit tu doit créer ton propre sujet je ne peux pas traiter 2 personnes en même temps c'est impossible. désolé.

Dark66 · Answer

Voilà j'ai démarré le scan depuis au moins 25 minutes, et il est toujours au même point, est-ce normal ?

pimprenelle27 · Answer

oui il peut être long.

Dark66 · Answer

Après deux essais, il ne trouve aucune infection... ='(

pimprenelle27 · Answer

il a été jusqu'au bout?

Dark66 · Answer

Vouii, il dit que rien est détecté

pimprenelle27 · Answer

ok fait moi ceci : 

Telecharge malwarebytes

NB : S'il te manque COMCTL32.OCX alors télécharge le ici

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log


Tutoriaux

Dark66 · Answer

Voilou!

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1831
Windows 6.0.6001 Service Pack 1

10/03/2009 15:41:48
mbam-log-2009-03-10 (15-41-48).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|)
Eléments examinés: 306423
Temps écoulé: 1 hour(s), 47 minute(s), 44 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhc3kfj0ea7o (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\rhc3kfj0ea7o (Rogue.Multiple) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\rhc3kfj0ea7o\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc3kfj0ea7o\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc3kfj0ea7o\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc3kfj0ea7o\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc3kfj0ea7o\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.

pimprenelle27 · Answer

Pas mal maintenant ceci : 

Pour commencer :  faire un petit nettoyage de l'ordi et du registre avec Ccleaner, regarde bien le Tuto CCleaner


Télécharge Superantispyware (SAS)



Choisis "enregistrer" et enregistre-le sur ton bureau.

Double-clique sur l'icône d'installation qui vient de se créer et suis les instructions.

Créé une icône sur le bureau.

Double-clique sur l'icône de SAS (une tête dans un cercle rouge barré) pour le lancer.

- Si l'outil te demande de mettre à jour le programme ("update the program definitions", clique sur yes.
- Sous Configuration and Preferences, clique sur le bouton "Preferences"
- Clique sur l'onglet "Scanning Control "
- Dans "Scanner Options ", assure toi que la case devant lles lignes suivantes est cochée :

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining
- Laisse les autres lignes décochées.

- Clique sur le bouton "Close" pour quitter l'écran du centre de contrôle.

- Dans la fenêtre principale, clique, dans "Scan for Harmful Software", sur "Scan your computer".

Dans la colonne de gauche, coche C:\Fixed Drive.

Dans la colonne de droite, sous "Complete scan", clique sur "Perform Complete Scan"

Clique sur "next" pour lancer le scan. Patiente pendant la durée du scan.

A la fin du scan, une fenêtre de résultats s'ouvre . Clique sur OK.

Assure toi que toutes les lignes de la fenêtre blanche sont cochées et clique sur "Next".

Tout ce qui a été trouvé sera mis en quarantaine. S'il t'es demandé de redémarrer l'ordi ("reboot"), clique sur Yes.

Pour recopier les informations sur le forum, fais ceci :

- après le redémarrage de l'ordi, double-clique sur l'icône pour lancer SAS.
- Clique sur "Preferences" puis sur l'onglet "Statistics/Logs ".
- Dans "scanners logs", double-clique sur SUPERAntiSpyware Scan Log.

- Le rapport va s'ouvrir dans ton éditeur de texte par défaut.

- Copie son contenu dans ta réponse.


Regarde bien le tuto SUPERAntiSpyware il est très bien expliqué.

Dark66 · Answer

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining
- Laisse les autres lignes décochées.


Je décoche toutes les autres ?

pimprenelle27 · Answer

ba oui comme demandé.

Dark66 · Answer

5h et toujours pas fini... j'pensais pas que c'était si long =/

pimprenelle27 · Answer

oui il peut être très long suivant ce que tu as sur ton pc.

Dark66 · Answer

A cause des mises à jour windows, mon ordi a redémarrer avant la fin du scan... je dois donc tout recommencer.

pimprenelle27 · Answer

mince.

Dark66 · Answer

Après 28h30 de scan.... Voilà

SUPERAntiSpyware Scan Log
https://www.superantispyware.com/

Generated 03/12/2009 at 04:47 PM

Application Version : 4.25.1014

Core Rules Database Version : 3790
Trace Rules Database Version: 1746

Scan type       : Complete Scan
Total Scan Time : 04:30:30

Memory items scanned      : 948
Memory threats detected   : 0
Registry items scanned    : 6212
Registry threats detected : 1
File items scanned        : 3731593
File threats detected     : 0

Unclassified.Unknown Origin
	HKU\S-1-5-21-138545575-1516831450-1890025808-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

pimprenelle27 · Answer

28h30 de scan pour 1 truc détecté il doit y en avoir des choses sur ton pc.

Maintenant supprime ce que SAS à trouvé, ensuite un nouvel hijackthis, puis ceic: 

https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan

Dark66 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:44:21, on 13/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Voyage Century Online\voyage\Core.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Mika\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lessoiffards.roxorgamers.com/index.php?file=Links&op=description&link_id=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information	opi.exe -startup
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: Download with Rapget - C:\Users\Mika\Documents\Tripperapget.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Notebook Performance Tuning Service  (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

pimprenelle27 · Answer

Télécharge Trojan-Remover sur ton bureau

Lance l'installation, pour cela, regarde bien le Tuto


Ensuite poste le rapport obetenu + un nouvel hijackthis.

Dark66 · Answer

***** THE SYSTEM HAS BEEN RESTARTED *****
14/03/2009 01:30:27: Trojan Remover has been restarted
=======================================================
Removing the following registry keys:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\igfxcui - already removed (or did not exist)
=======================================================
14/03/2009 01:30:27: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.6.2566. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 01:21:44 14 mars 2009
Using Database v7301
Operating System:  Windows Vista Home Premium (SP1) [Build: 6.0.6001]
File System:       NTFS
User Account Control is DISABLED.
UserData directory: C:\Users\Mika\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory:  C:\Users\Mika\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
Avast! Antivirus

************************************************************


************************************************************
01:21:44: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
01:21:45: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: explorer.exe
C:\Windows\explorer.exe
2927104 bytes
Created:  10/12/2008 22:36
Modified: 29/10/2008 07:29
Company:  Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\Windows\system32\userinit.exe,]
File: C:\Windows\system32\userinit.exe
C:\Windows\system32\userinit.exe
25088 bytes
Created:  21/01/2008 03:24
Modified: 21/01/2008 03:24
Company:  Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre6\bin\jusched.exe"
C:\Program Files\Java\jre6\bin\jusched.exe
136600 bytes
Created:  18/12/2008 16:52
Modified: 18/12/2008 16:52
Company:  Sun Microsystems, Inc.
--------------------
Value Name: ITSecMng
Value Data: %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
75136 bytes
Created:  28/09/2007 15:03
Modified: 28/09/2007 15:03
Company:   TOSHIBA CORPORATION
--------------------
Value Name: NDSTray.exe
Value Data: NDSTray.exe
NDSTray.exe - [file not found to scan]
--------------------
Value Name: cfFncEnabler.exe
Value Data: cfFncEnabler.exe
cfFncEnabler.exe - [file not found to scan]
--------------------
Value Name: Google Desktop Search
Value Data: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
29744 bytes
Created:  03/07/2008 16:34
Modified: 03/07/2008 16:34
Company:  Google
--------------------
Value Name: Google EULA Launcher
Value Data: c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
20480 bytes
Created:  28/05/2008 12:40
Modified: 28/05/2008 12:40
Company:   
--------------------
Value Name: Toshiba TEMPO
Value Data: C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
103824 bytes
Created:  24/04/2008 09:22
Modified: 24/04/2008 09:22
Company:  Toshiba Europe GmbH
--------------------
Value Name: topi
Value Data: C:\Program Files\TOSHIBA\Toshiba Online Product Information	opi.exe -startup
C:\Program Files\TOSHIBA\Toshiba Online Product Information	opi.exe
581632 bytes
Created:  03/07/2008 16:35
Modified: 10/07/2007 08:24
Company:  TOSHIBA
--------------------
Value Name: StartCCC
Value Data: "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
61440 bytes
Created:  21/01/2008 11:17
Modified: 21/01/2008 11:17
Company:  Advanced Micro Devices, Inc.
--------------------
Value Name: Apoint
Value Data: C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\Apoint.exe
184320 bytes
Created:  03/07/2008 15:54
Modified: 15/12/2007 15:29
Company:  Alps Electric Co., Ltd.
--------------------
Value Name: Camera Assistant Software
Value Data: "C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe" /start
C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe
417792 bytes
Created:  21/08/2008 16:05
Modified: 29/04/2008 09:33
Company:  Chicony
--------------------
Value Name: TPwrMain
Value Data: %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
431456 bytes
Created:  17/01/2008 15:27
Modified: 17/01/2008 15:27
Company:  TOSHIBA Corporation
--------------------
Value Name: HSON
Value Data: %ProgramFiles%\TOSHIBA\TBS\HSON.exe
C:\Program Files\TOSHIBA\TBS\HSON.exe
54608 bytes
Created:  31/10/2007 21:01
Modified: 31/10/2007 21:01
Company:  TOSHIBA Corporation
--------------------
Value Name: SmoothView
Value Data: %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
509816 bytes
Created:  25/01/2008 12:33
Modified: 25/01/2008 12:33
Company:  TOSHIBA Corporation
--------------------
Value Name: 00TCrdMain
Value Data: %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
716800 bytes
Created:  19/03/2008 12:35
Modified: 19/03/2008 12:35
Company:  TOSHIBA Corporation
--------------------
Value Name: HDMICtrlMan
Value Data: C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
716800 bytes
Created:  21/08/2008 16:08
Modified: 26/04/2008 14:57
Company:  TOSHIBA Corporation.
--------------------
Value Name: Toshiba Registration
Value Data: C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
574864 bytes
Created:  03/07/2008 16:29
Modified: 11/01/2008 03:07
Company:  Toshiba
--------------------
Value Name: avast!
Value Data: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
81000 bytes
Created:  21/08/2008 23:30
Modified: 05/02/2009 22:08
Company:  ALWIL Software
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
C:\Program Files\QuickTime\QTTask.exe
413696 bytes
Created:  04/11/2008 10:30
Modified: 04/11/2008 10:30
Company:  Apple Inc.
--------------------
Value Name: AppleSyncNotifier
Value Data: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
111936 bytes
Created:  07/11/2008 14:16
Modified: 07/11/2008 14:16
Company:  Apple Inc.
--------------------
Value Name: iTunesHelper
Value Data: "C:\Program Files\iTunes\iTunesHelper.exe"
C:\Program Files\iTunes\iTunesHelper.exe
290088 bytes
Created:  20/11/2008 13:20
Modified: 20/11/2008 13:20
Company:  Apple Inc.
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
39792 bytes
Created:  15/10/2008 01:04
Modified: 15/10/2008 01:04
Company:  Adobe Systems Incorporated
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1303432 bytes
Created:  14/03/2009 01:17
Modified: 14/03/2009 01:19
Company:  Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: WindowsWelcomeCenter
Value Data: rundll32.exe oobefldr.dll,ShowWelcomeCenter
C:\Windows\system32\oobefldr.dll
2153472 bytes
Created:  21/01/2008 03:23
Modified: 21/01/2008 03:23
Company:  Microsoft Corporation
--------------------
Value Name: TOSCDSPD
Value Data: TOSCDSPD.EXE
TOSCDSPD.EXE - [file not found to scan]
--------------------
Value Name: MsnMsgr
Value Data: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
3885408 bytes
Created:  06/02/2009 18:51
Modified: 06/02/2009 18:51
Company:  Microsoft Corporation
--------------------
Value Name: DAEMON Tools Lite
Value Data: "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
C:\Program Files\DAEMON Tools Lite\daemon.exe
490952 bytes
Created:  08/08/2008 13:11
Modified: 08/08/2008 13:11
Company:  DT Soft Ltd
--------------------
Value Name: AlcoholAutomount
Value Data: "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe
222592 bytes
Created:  01/08/2007 19:17
Modified: 01/08/2007 19:17
Company:  Alcohol Soft Development Team
--------------------
Value Name: Skype
Value Data: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
C:\Program Files\Skype\Phone\Skype.exe
-R- 21633320 bytes
Created:  18/11/2008 16:31
Modified: 18/11/2008 16:31
Company:  Skype Technologies S.A.
--------------------
Value Name: swg
Value Data: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
68856 bytes
Created:  03/07/2008 16:34
Modified: 03/07/2008 16:34
Company:  Google Inc.
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - entry is globally excluded
--------------------
Value Name: SUPERAntiSpyware
Value Data: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
1830128 bytes
Created:  17/02/2009 11:43
Modified: 17/02/2009 11:43
Company:  SUPERAntiSpyware.com
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
01:21:51: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}
File:      C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
77824 bytes
Created:  13/05/2008 09:13
Modified: 13/05/2008 09:13
Company:  SuperAdBlocker.com
----------

************************************************************
01:21:51: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
01:21:51: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
01:21:51: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
01:21:51: Scanning ----- SERVICEDLL REGISTRY KEYS -----

************************************************************
01:21:53: Scanning ----- SERVICES REGISTRY KEYS -----
Key:       ApfiltrService
ImagePath: system32\DRIVERS\Apfiltr.sys
C:\Windows\system32\DRIVERS\Apfiltr.sys
164400 bytes
Created:  03/07/2008 15:54
Modified: 27/11/2007 09:39
Company:  Alps Electric Co., Ltd.
----------
Key:       Apple Mobile Device
ImagePath: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
132424 bytes
Created:  07/11/2008 14:28
Modified: 07/11/2008 14:28
Company:  Apple Inc.
----------
Key:       aswFsBlk
ImagePath: system32\DRIVERS\aswFsBlk.sys
C:\Windows\system32\DRIVERS\aswFsBlk.sys
20560 bytes
Created:  21/08/2008 23:31
Modified: 05/02/2009 22:07
Company:  ALWIL Software
----------
Key:       aswMonFlt
ImagePath: system32\DRIVERS\aswMonFlt.sys
C:\Windows\system32\DRIVERS\aswMonFlt.sys
51792 bytes
Created:  21/08/2008 23:30
Modified: 05/02/2009 22:06
Company:  ALWIL Software
----------
Key:       aswUpdSv
ImagePath: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
18752 bytes
Created:  21/08/2008 23:30
Modified: 05/02/2009 22:01
Company:  ALWIL Software
----------
Key:       avast! Antivirus
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
C:\Program Files\Alwil Software\Avast4\ashServ.exe
138680 bytes
Created:  21/08/2008 23:30
Modified: 05/02/2009 22:08
Company:  ALWIL Software
----------
Key:       avast! Mail Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
254040 bytes
Created:  21/08/2008 23:30
Modified: 05/02/2009 22:08
Company:  ALWIL Software
----------
Key:       avast! Web Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
352920 bytes
Created:  21/08/2008 23:30
Modified: 05/02/2009 22:06
Company:  ALWIL Software
----------
Key:       Bonjour Service
ImagePath: "C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Program Files\Bonjour\mDNSResponder.exe
238888 bytes
Created:  29/08/2008 10:18
Modified: 29/08/2008 10:18
Company:  Apple Inc.
----------
Key:       catchme
ImagePath: \??\C:\Users\Mika\AppData\Local\Temp\catchme.sys - this file is globally excluded
----------
Key:       CnxtHdAudService
ImagePath: system32\drivers\CHDRT32.sys
C:\Windows\system32\drivers\CHDRT32.sys
188416 bytes
Created:  03/07/2008 15:05
Modified: 04/03/2008 09:32
Company:  Conexant Systems Inc.
----------
Key:       ConfigFree Service
ImagePath: "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe"
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
40960 bytes
Created:  16/04/2008 23:19
Modified: 16/04/2008 23:19
Company:  TOSHIBA CORPORATION
----------
Key:       GoogleDesktopManager-022208-143751
ImagePath: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
29744 bytes
Created:  03/07/2008 16:34
Modified: 03/07/2008 16:34
Company:  Google
----------
Key:       gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
137200 bytes
Created:  03/07/2008 16:34
Modified: 23/02/2009 14:59
Company:  Google
----------
Key:       HSXHWAZL
ImagePath: system32\DRIVERS\HSXHWAZL.sys
C:\Windows\system32\DRIVERS\HSXHWAZL.sys
207872 bytes
Created:  03/07/2008 15:06
Modified: 25/03/2008 14:39
Company:  Conexant Systems, Inc.
----------
Key:       iaStor
ImagePath: system32\DRIVERS\iaStor.sys
C:\Windows\system32\DRIVERS\iaStor.sys
312344 bytes
Created:  21/08/2008 15:59
Modified: 15/04/2008 16:53
Company:  Intel Corporation
----------
Key:       IDriverT
ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
69632 bytes
Created:  03/04/2005 23:41
Modified: 03/04/2005 23:41
Company:  Macrovision Corporation
----------
Key:       igfx
ImagePath: system32\DRIVERS\igdkmd32.sys
C:\Windows\system32\DRIVERS\igdkmd32.sys - [file not found to scan]
----------
Key:       IntcHdmiAddService
ImagePath: system32\drivers\IntcHdmi.sys
C:\Windows\system32\drivers\IntcHdmi.sys - [file not found to scan]
----------
Key:       IpInIp
ImagePath: system32\DRIVERS\ipinip.sys - file is missing - alert is globally excluded
----------
Key:       kbdhid
ImagePath: \SystemRoot\system32\drivers\kbdhid.sys
C:\Windows\system32\drivers\kbdhid.sys
15872 bytes
Created:  02/11/2006 09:51
Modified: 21/01/2008 03:23
Company:  Microsoft Corporation
----------
Key:       msahci
ImagePath: system32\drivers\msahci.sys
C:\Windows\system32\drivers\msahci.sys
28728 bytes
Created:  03/07/2008 15:26
Modified: 12/03/2008 07:38
Company:  Microsoft Corporation
----------
Key:       msiserver
ImagePath: %systemroot%\system32\msiexec /V
----------
Key:       NETw5v32
ImagePath: system32\DRIVERS\NETw5v32.sys
C:\Windows\system32\DRIVERS\NETw5v32.sys
3658752 bytes
Created:  03/07/2008 15:59
Modified: 28/04/2008 05:29
Company:  Intel Corporation
----------
Key:       NMSAccessU
ImagePath: C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
71096 bytes
Created:  17/12/2008 16:53
Modified: 20/10/2008 21:18
Company:  [no info]
----------
Key:       NwlnkFlt
ImagePath: system32\DRIVERS
wlnkflt.sys - file is missing - alert is globally excluded
----------
Key:       NwlnkFwd
ImagePath: system32\DRIVERS
wlnkfwd.sys - file is missing - alert is globally excluded
----------
Key:       o2flash
ImagePath: "C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe"
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
65536 bytes
Created:  12/02/2007 15:43
Modified: 12/02/2007 15:43
Company:  O2Micro International
----------
Key:       O2MDRDR
ImagePath: system32\DRIVERS\o2media.sys
C:\Windows\system32\DRIVERS\o2media.sys
51160 bytes
Created:  15/04/2008 09:13
Modified: 15/04/2008 09:13
Company:  O2Micro 
----------
Key:       pavboot
ImagePath: system32\drivers\pavboot.sys
C:\Windows\system32\drivers\pavboot.sys
28544 bytes
Created:  13/03/2009 15:54
Modified: 19/06/2008 16:24
Company:  Panda Security, S.L.
----------
Key:       PsSdk31
ImagePath: \??\C:\Windows\system32\Drivers\pssdk31.drv
C:\Windows\system32\Drivers\pssdk31.drv
30272 bytes
Created:  26/08/2008 14:14
Modified: 26/08/2008 14:14
Company:  microOLAP Technologies LTD
----------
Key:       PsSdkLBF
ImagePath: \??\C:\Windows\system32\Drivers\pssdklbf.drv
C:\Windows\system32\Drivers\pssdklbf.drv
37440 bytes
Created:  26/08/2008 14:14
Modified: 26/08/2008 14:14
Company:  microOLAP Technologies LTD
----------
Key:       QIOMem
ImagePath: system32\DRIVERS\QIOMem.sys
C:\Windows\system32\DRIVERS\QIOMem.sys
8192 bytes
Created:  09/04/2007 16:13
Modified: 09/04/2007 16:13
Company:  TOSHIBA
----------
Key:       SASDIFSV
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
8944 bytes
Created:  17/02/2009 11:43
Modified: 17/02/2009 11:43
Company:  SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key:       SASENUM
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
-R- 7408 bytes
Created:  17/02/2009 11:43
Modified: 17/02/2009 11:43
Company:   SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key:       SASKUTIL
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
55024 bytes
Created:  17/02/2009 11:43
Modified: 17/02/2009 11:43
Company:  SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key:       Serenum
ImagePath: \SystemRoot\system32\drivers\serenum.sys
C:\Windows\system32\drivers\serenum.sys
17920 bytes
Created:  02/11/2006 09:51
Modified: 02/11/2006 09:51
Company:  Microsoft Corporation
----------
Key:       Serial
ImagePath: \SystemRoot\system32\drivers\serial.sys
C:\Windows\system32\drivers\serial.sys
83456 bytes
Created:  02/11/2006 09:51
Modified: 02/11/2006 09:51
Company:  Microsoft Corporation
----------
Key:       sfdrv01
ImagePath: System32\drivers\sfdrv01.sys
C:\Windows\System32\drivers\sfdrv01.sys
50688 bytes
Created:  10/08/2005 13:44
Modified: 10/08/2005 13:44
Company:  Protection Technology
----------
Key:       sfhlp02
ImagePath: System32\drivers\sfhlp02.sys
C:\Windows\System32\drivers\sfhlp02.sys
6656 bytes
Created:  16/05/2005 14:20
Modified: 16/05/2005 14:20
Company:  Protection Technology
----------
Key:       sfvfs02
ImagePath: System32\drivers\sfvfs02.sys
C:\Windows\System32\drivers\sfvfs02.sys
63488 bytes
Created:  03/11/2005 15:40
Modified: 03/11/2005 15:40
Company:  Protection Technology
----------
Key:       SmartFaceVWatchSrv
ImagePath: "C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe"
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
73728 bytes
Created:  24/04/2008 17:35
Modified: 24/04/2008 17:35
Company:  Toshiba
----------
Key:       sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key:       StarWindServiceAE
ImagePath: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
275968 bytes
Created:  28/05/2007 17:57
Modified: 28/05/2007 17:57
Company:  Rocket Division Software
----------
Key:       tdcmdpst
ImagePath: system32\DRIVERS	dcmdpst.sys
C:\Windows\system32\DRIVERS	dcmdpst.sys
16128 bytes
Created:  18/10/2006 10:50
Modified: 18/10/2006 10:50
Company:  TOSHIBA Corporation.
----------
Key:       TempoMonitoringService
ImagePath: "C:\Program Files\Toshiba TEMPRO\TempoSVC.exe"
C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
99720 bytes
Created:  24/04/2008 09:21
Modified: 24/04/2008 09:21
Company:  Toshiba Europe GmbH
----------
Key:       TNaviSrv
ImagePath: C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
83312 bytes
Created:  21/08/2008 16:08
Modified: 05/06/2008 17:43
Company:  TOSHIBA Corporation
----------
Key:       TODDSrv
ImagePath: C:\Windows\system32\TODDSrv.exe
C:\Windows\system32\TODDSrv.exe
129632 bytes
Created:  03/07/2008 16:24
Modified: 21/11/2007 16:23
Company:  TOSHIBA Corporation
----------
Key:       TosCoSrv
ImagePath: "C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe"
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
431456 bytes
Created:  17/01/2008 15:27
Modified: 17/01/2008 15:27
Company:  TOSHIBA Corporation
----------
Key:       TOSHIBA Bluetooth Service
ImagePath: c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
124264 bytes
Created:  11/04/2008 10:57
Modified: 11/04/2008 10:57
Company:  TOSHIBA CORPORATION
----------
Key:       TOSHIBA SMART Log Service
ImagePath: "C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe"
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
126976 bytes
Created:  03/12/2007 16:03
Modified: 03/12/2007 16:03
Company:  TOSHIBA Corporation
----------
Key:       tosrfbd
ImagePath: system32\DRIVERS	osrfbd.sys
C:\Windows\system32\DRIVERS	osrfbd.sys
131712 bytes
Created:  23/04/2008 16:15
Modified: 23/04/2008 16:15
Company:  TOSHIBA CORPORATION
----------
Key:       tosrfec
ImagePath: system32\DRIVERS	osrfec.sys
C:\Windows\system32\DRIVERS	osrfec.sys
9216 bytes
Created:  23/10/2006 15:32
Modified: 23/10/2006 15:32
Company:  TOSHIBA Corporation
----------
Key:       Tosrfhid
ImagePath: system32\DRIVERS\Tosrfhid.sys
C:\Windows\system32\DRIVERS\Tosrfhid.sys
74112 bytes
Created:  19/03/2008 10:38
Modified: 19/03/2008 10:38
Company:  TOSHIBA Corporation.
----------
Key:       Tosrfusb
ImagePath: system32\DRIVERS	osrfusb.sys
C:\Windows\system32\DRIVERS	osrfusb.sys
41856 bytes
Created:  18/10/2007 13:25
Modified: 18/10/2007 13:25
Company:  TOSHIBA CORPORATION
----------
Key:       tos_sps32
ImagePath: system32\DRIVERS	os_sps32.sys
C:\Windows\system32\DRIVERS	os_sps32.sys
279376 bytes
Created:  21/08/2008 16:08
Modified: 05/06/2008 17:13
Company:  TOSHIBA Corporation
----------
Key:       TVALZ
ImagePath: system32\DRIVERS\TVALZ_O.SYS
C:\Windows\system32\DRIVERS\TVALZ_O.SYS
23640 bytes
Created:  09/11/2007 13:00
Modified: 09/11/2007 13:00
Company:  TOSHIBA Corporation
----------
Key:       UleadBurningHelper
ImagePath: C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
49152 bytes
Created:  03/07/2008 16:19
Modified: 23/08/2006 15:39
Company:  Ulead Systems, Inc.
----------
Key:       USBAAPL
ImagePath: System32\Drivers\usbaapl.sys
C:\Windows\System32\Drivers\usbaapl.sys
32000 bytes
Created:  10/07/2008 08:35
Modified: 10/07/2008 08:35
Company:  Apple, Inc.
----------
Key:       usbvideo
ImagePath: System32\Drivers\usbvideo.sys
C:\Windows\System32\Drivers\usbvideo.sys
134016 bytes
Created:  21/01/2008 03:23
Modified: 21/01/2008 03:23
Company:  Microsoft Corporation
----------
Key:       UVCFTR
ImagePath: System32\Drivers\UVCFTR_S.SYS
C:\Windows\System32\Drivers\UVCFTR_S.SYS
18432 bytes
Created:  21/08/2008 16:05
Modified: 17/12/2007 10:45
Company:  Chicony Electronics Co., Ltd.
----------
Key:       yukonwlh
ImagePath: system32\DRIVERS\yk60x86.sys
C:\Windows\system32\DRIVERS\yk60x86.sys
310272 bytes
Created:  04/04/2008 10:57
Modified: 04/04/2008 10:57
Company:  Marvell
----------

************************************************************
01:22:08: Scanning -----VXD ENTRIES-----

************************************************************
01:22:08: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key    : !SASWinLogon
DLLName: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
356352 bytes
Created:  22/12/2008 11:05
Modified: 22/12/2008 11:05
Company:  SUPERAntiSpyware.com
----------
Key    : igfxcui
DLLName: igfxdev.dll
igfxdev.dll - this reference has been removed [file not found to scan]
----------

************************************************************
01:22:41: Scanning ----- CONTEXTMENUHANDLERS -----
Key:   avast
CLSID: {472083B0-C522-11CF-8763-00608CC02F24}
Path:  C:\Program Files\Alwil Software\Avast4\ashShell.dll
C:\Program Files\Alwil Software\Avast4\ashShell.dll
76880 bytes
Created:  21/08/2008 23:30
Modified: 05/02/2009 22:04
Company:  ALWIL Software
----------
Key:   IZArcCM
CLSID: {8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}
Path:  C:\PROGRA~1\IZArc\IZArcCM.dll
C:\PROGRA~1\IZArc\IZArcCM.dll
617472 bytes
Created:  21/08/2008 20:47
Modified: 02/06/2007 20:41
Company:  [no info]
----------
Key:   {CA8ACAFA-5FBB-467B-B348-90DD488DE003}
Path:  C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
61440 bytes
Created:  27/02/2007 11:39
Modified: 27/02/2007 11:39
Company:  SUPERAntiSpyware.com
----------

************************************************************
01:22:42: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key:  {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: "C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll"
C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll
339968 bytes
Created:  21/01/2008 15:48
Modified: 21/01/2008 15:48
Company:  Sun Microsystems, Inc.
----------

************************************************************
01:22:42: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
62080 bytes
Created:  22/10/2006 23:08
Modified: 22/10/2006 23:08
Company:  Adobe Systems Incorporated
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\PROGRA~1\SPYBOT~1\SDHelper.dll
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
1879896 bytes
Created:  09/03/2009 21:33
Modified: 26/01/2009 15:31
Company:  Safer Networking Limited
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre6\bin\ssv.dll
C:\Program Files\Java\jre6\bin\ssv.dll
320920 bytes
Created:  18/12/2008 16:52
Modified: 18/12/2008 16:52
Company:  Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
408440 bytes
Created:  17/02/2009 16:11
Modified: 17/02/2009 16:11
Company:  Microsoft Corporation
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
251504 bytes
Created:  23/02/2009 14:58
Modified: 23/02/2009 14:45
Company:  [no info]
----------
Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO: C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
657904 bytes
Created:  23/02/2009 14:59
Modified: 23/02/2009 14:59
Company:  Google Inc.
----------
Key: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E}
BHO: C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
522224 bytes
Created:  23/02/2009 14:45
Modified: 23/02/2009 14:45
Company:  Google Inc.
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files\Java\jre6\bin\jp2ssv.dll
C:\Program Files\Java\jre6\bin\jp2ssv.dll
34816 bytes
Created:  18/12/2008 16:52
Modified: 18/12/2008 16:52
Company:  Sun Microsystems, Inc.
----------

************************************************************
01:22:43: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
01:22:43: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
01:22:43: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
01:22:43: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL]
File: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
112128 bytes
Created:  03/07/2008 16:34
Modified: 03/07/2008 16:34
Company:  Google
----------

************************************************************
01:22:43: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
01:22:43: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created:  02/11/2006 13:50
Modified: 21/01/2008 03:43
Company:  [no info]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini - no action taken on this file
--------------------

************************************************************
01:22:43: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: Mika
[C:\Users\Mika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\Mika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created:  21/08/2008 17:13
Modified: 21/08/2008 17:13
Company:  [no info]
C:\Users\Mika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini - no action taken on this file
----------
OpenOffice.org 2.4.lnk - links to C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
393216 bytes
Created:  21/01/2008 15:41
Modified: 21/01/2008 15:41
Company:  [no info]
----------
--------------------

************************************************************
01:22:44: Scanning ----- SCHEDULED TASKS -----
No Scheduled Tasks found to scan

************************************************************
01:22:44: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
No ShellIconOverlayIdentifiers Registry key found to scan

************************************************************
01:22:44: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: vidc.i420
File:  i420vfw.dll
C:\Windows\system32\i420vfw.dll
70656 bytes
Created:  21/02/2009 18:03
Modified: 25/01/2004 00:00
Company:  www.helixcommunity.org
----------
Value: msacm.dvacm
File:  C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
32768 bytes
Created:  03/07/2008 16:19
Modified: 23/08/2006 15:39
Company:  Ulead Systems, Inc.
----------
Value: msacm.vorbis
File:  vorbis.acm
C:\Windows\system32\vorbis.acm
1294336 bytes
Created:  29/08/2008 17:15
Modified: 07/07/2002 23:14
Company:  HMS http://hp.vector.co.jp/authors/VA012897/
----------
Value: vidc.DIVX
File:  DivX.dll
C:\Windows\system32\DivX.dll
684032 bytes
Created:  21/11/2008 22:45
Modified: 21/11/2008 22:45
Company:  DivX, Inc.
----------
Value: vidc.yv12
File:  yv12vfw.dll
C:\Windows\system32\yv12vfw.dll
70656 bytes
Created:  21/02/2009 18:03
Modified: 25/01/2004 00:00
Company:  www.helixcommunity.org
----------
Value: msacm.siren
File:  sirenacm.dll
C:\Windows\system32\sirenacm.dll
49504 bytes
Created:  06/02/2009 18:52
Modified: 06/02/2009 18:52
Company:  Microsoft Corporation
----------

************************************************************
01:22:45: ----- ADDITIONAL CHECKS -----
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\Mika\AppData\Roaming\Mozilla\Firefox\Fond d'écran.bmp
C:\Users\Mika\AppData\Roaming\Mozilla\Firefox\Fond d'écran.bmp
3145782 bytes
Created:  22/08/2008 15:38
Modified: 24/02/2009 15:58
Company:  [no info]
----------
Web Desktop Wallpaper: %APPDATA%\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
C:\Users\Mika\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
184247 bytes
Created:  01/02/2009 13:49
Modified: 01/02/2009 13:49
Company:  [no info]
----------
Checks for rogue DNS NameServers completed
----------
----------
Additional checks completed

************************************************************
01:22:48: Scanning ----- RUNNING PROCESSES -----

C:\Windows\System32\smss.exe
64000 bytes
Created:  21/01/2008 03:23
Modified: 21/01/2008 03:23
Company:  Microsoft Corporation
--------------------
C:\Windows\system32\csrss.exe
6144 bytes
Created:  21/01/2008 03:24
Modified: 21/01/2008 03:24
Company:  Microsoft Corporation
--------------------
C:\Windows\system32\wininit.exe
96768 bytes
Created:  21/01/2008 03:23
Modified: 21/01/2008 03:23
Company:  Microsoft Corporation
--------------------
C:\Windows\system32\csrss.exe - file already scanned
--------------------
C:\Windows\system32\services.exe
279040 bytes
Created:  21/01/2008 03:24
Modified: 21/01/2008 03:24
Company:  Microsoft Corporation
--------------------
C:\Windows\system32\lsass.exe
9728 bytes
Created:  21/01/2008 03:24
Modified: 21/01/2008 03:24
Company:  Microsoft Corporation
--------------------
C:\Windows\system32\lsm.exe
229888 bytes
Created:  21/01/2008 03:23
Modified: 21/01/2008 03:23
Company:  Microsoft Corporation
--------------------
C:\Windows\system32\svchost.exe
21504 bytes
Created:  21/01/2008 03:23
Modified: 21/01/2008 03:23
Company:  Microsoft Corporation
--------------------
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
36864 bytes
Created:  21/01/2008 03:25
Modified: 21/01/2008 03:25
Company:  Microsoft Corporation
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\winlogon.exe
314880 bytes
Created:  21/01/2008 03:24
Modified: 21/01/2008 03:24
Company:  Microsoft Corporation
--------------------
C:\Windows\system32\Ati2evxx.exe
667648 bytes
Created:  03/07/2008 15:46
Modified: 07/04/2008 20:57
Company:  ATI Technologies Inc.
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\SLsvc.exe
2623488 bytes
Created:  21/01/2008 03:25
Modified: 21/01/2008 03:25
Company:  Microsoft Corporation
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\Ati2evxx.exe - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast4\ashServ.exe - file already scanned
--------------------
C:\Windows\System32\spoolsv.exe
125952 bytes
Created:  21/01/2008 03:24
Modified: 21/01/2008 03:24
Company:  Microsoft Corporation
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe - file already scanned
--------------------
C:\Program Files\Bonjour\mDNSResponder.exe - file already scanned
--------------------
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe - file already scanned
--------------------
C:\Program Files\CDBurnerXP\NMSAccessU.exe - file already scanned
--------------------
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Toshiba TEMPRO\TempoSVC.exe - file already scanned
--------------------
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe - file already scanned
--------------------
C:\Windows\system32\TODDSrv.exe - file already scanned
--------------------
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe - file already scanned
--------------------
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe - file already scanned
--------------------
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe - file already scanned
--------------------
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe - file already scanned
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\SearchIndexer.exe
439808 bytes
Created:  31/08/2008 00:43
Modified: 27/05/2008 06:18
Company:  Microsoft Corporation
--------------------
C:\Windows\system32\DRIVERS\xaudio.exe
386560 bytes
Created:  03/07/2008 15:06
Modified: 17/10/2007 06:37
Company:  Conexant Systems, Inc.
--------------------
C:\Windows\system32	askeng.exe
169472 bytes
Created:  21/01/2008 03:24
Modified: 21/01/2008 03:24
Company:  Microsoft Corporation
--------------------
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe - file already scanned
--------------------
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe - file already scanned
--------------------
C:\Windows\system32\Dwm.exe
81920 bytes
Created:  21/01/2008 03:24
Modified: 21/01/2008 03:24
Company:  Microsoft Corporation
--------------------
C:\Windows\system32	askeng.exe - file already scanned
--------------------
C:\Windows\Explorer.EXE - file already scanned
--------------------
C:\Program Files\Java\jre6\bin\jusched.exe - file already scanned
--------------------
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe - file already scanned
--------------------
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
1056768 bytes
Created:  16/04/2008 23:21
Modified: 16/04/2008 23:21
Company:  TOSHIBA CORPORATION
--------------------
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe - file already scanned
--------------------
C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe - file already scanned
--------------------
C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe - file already scanned
--------------------
C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe - file already scanned
--------------------
C:\Program Files\Apoint2K\Apoint.exe - file already scanned
--------------------
C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe - file already scanned
--------------------
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe - file already scanned
--------------------
C:\Program Files\Toshiba\SmoothView\SmoothView.exe - file already scanned
--------------------
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe - file already scanned
--------------------
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe - file already scanned
--------------------
C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
81000 bytes
Created:  21/08/2008 23:30
Modified: 05/02/2009 22:08
Company:  ALWIL Software
--------------------
C:\Program Files\iTunes\iTunesHelper.exe - file already scanned
--------------------
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
430080 bytes
Created:  03/07/2008 16:19
Modified: 24/04/2008 12:03
Company:  TOSHIBA
--------------------
C:\Program Files\Windows Live\Messenger\msnmsgr.exe - file already scanned
--------------------
C:\Program Files\DAEMON Tools Lite\daemon.exe - file already scanned
--------------------
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
49152 bytes
Created:  17/07/2007 10:13
Modified: 17/07/2007 10:13
Company:  Advanced Micro Devices Inc.
--------------------
C:\Program Files\Skype\Phone\Skype.exe - file already scanned
--------------------
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - file already scanned
--------------------
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
-RHS- 2144088 bytes
Created:  09/03/2009 21:33
Modified: 26/01/2009 15:31
Company:  Safer Networking Limited
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - no action taken on this file
--------------------
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe - file already scanned
--------------------
C:\Program Files\Apoint2K\ApMsgFwd.exe
42544 bytes
Created:  03/07/2008 15:54
Modified: 08/09/2006 14:54
Company:  Alps Electric Co., Ltd.
--------------------
C:\Windows\system32\wbem\unsecapp.exe
37888 bytes
Created:  21/01/2008 03:23
Modified: 21/01/2008 03:23
Company:  Microsoft Corporation
--------------------
C:\Windows\system32\wbem\wmiprvse.exe
245248 bytes
Created:  21/01/2008 03:24
Modified: 21/01/2008 03:24
Company:  Microsoft Corporation
--------------------
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
4787712 bytes
Created:  21/08/2008 16:05
Modified: 08/05/2008 09:11
Company:  
--------------------
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
2363392 bytes
Created:  29/05/2008 21:27
Modified: 29/05/2008 21:27
Company:  OpenOffice.org
--------------------
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
2580480 bytes
Created:  29/05/2008 21:27
Modified: 29/05/2008 21:27
Company:  OpenOffice.org
--------------------
C:\Program Files\Apoint2K\Apntex.exe
40960 bytes
Created:  03/07/2008 15:54
Modified: 08/09/2006 15:06
Company:  Alps Electric Co., Ltd.
--------------------
C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
667648 bytes
Created:  21/08/2008 16:08
Modified: 17/04/2008 09:39
Company:  TOSHIBA Corporation.
--------------------
C:\Program Files\Apoint2K\HidFind.exe
40960 bytes
Created:  03/07/2008 15:54
Modified: 08/09/2006 15:10
Company:  Alps Electric Co., Ltd.
--------------------
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
405504 bytes
Created:  16/04/2008 23:19
Modified: 16/04/2008 23:19
Company:  TOSHIBA CORPORATION
--------------------
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe - file already scanned
--------------------
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
49152 bytes
Created:  17/07/2007 10:13
Modified: 17/07/2007 10:13
Company:  ATI Technologies Inc.
--------------------
C:\Program Files\iPod\bin\iPodService.exe
536872 bytes
Created:  20/11/2008 13:20
Modified: 20/11/2008 13:20
Company:  Apple Inc.
--------------------
C:\Program Files\Skype\Plugin Manager\skypePM.exe
-R- 76744 bytes
Created:  18/11/2008 16:31
Modified: 18/11/2008 16:31
Company:  Skype Technologies
--------------------
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
341616 bytes
Created:  11/05/2007 03:06
Modified: 11/05/2007 03:06
Company:  Adobe Systems Incorporated
--------------------
C:\Program Files\Voyage Century Online\voyage\Core.exe
684132 bytes
Created:  21/01/2009 23:16
Modified: 24/02/2009 18:10
Company:  SnailGame
--------------------
C:\Program Files\Voyage Century Online\voyage\Core.exe - file already scanned
--------------------
C:\Program Files\VideoLAN\VLC\vlc.exe
95744 bytes
Created:  10/07/2008 06:51
Modified: 10/07/2008 06:51
Company:  VideoLAN Team
--------------------
C:\Program Files\Trojan Remover\Rmvtrjan.exe
FileSize:          3048312
[This is a Trojan Remover component]
--------------------
C:\Windows\system32\conime.exe
69120 bytes
Created:  21/01/2008 03:24
Modified: 21/01/2008 03:24
Company:  Microsoft Corporation
--------------------

************************************************************
01:22:56: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.google.com/webhp?gws_rd=ssl
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.google.com/webhp?gws_rd=ssl
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://lessoiffards.roxorgamers.com/index.php?file=Links&op=description&link_id=2
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2fbr%2faccess%2fallinone.asp%3f
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.google.com/webhp?gws_rd=ssl

************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
Scan completed at: 01:22:56 14 mars 2009
Total Scan time: 00:01:11
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
14/03/2009 01:25:12: restart commenced
************************************************************

Dark66 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:34:04, on 14/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Readereader_sl.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Voyage Century Online\voyage\Core.exe
C:\Windows\system32\conime.exe
C:\Users\Mika\Desktop\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lessoiffards.roxorgamers.com/index.php?file=Links&op=description&link_id=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information	opi.exe -startup
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: Download with Rapget - C:\Users\Mika\Documents\Tripperapget.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Notebook Performance Tuning Service  (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

pimprenelle27 · Answer

Télécharger RemoveIT Pro

Fais un scan et poste moi le rapport.

Dark66 · Answer

On le trouve où le rapport ?

pimprenelle27 · Answer

tu n'as pas full rapport log

Dark66 · Answer

Ah si voilà:

RemoveIT Pro v4 - SE (Build date: 6.6.2008) full information log file.
Generated at: 14/03/2009 on 19:13:02
Microsoft Windows Vista Home Edition Service Pack 1 (Build 6001)
Author: Damjan Irgolic
https://www.incodesolutions.com/
support@incodesolutions.com


You have some viruses in your computer.
Please Scan your computer with RemoveIT Pro to remove discovered viruses.
Virus list:
Infected with Sys32.flvdx - File C:\Windows\system32\flvdx.dll

Running processes: (46)
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Voyage Century Online\voyage\Core.exe
C:\Windows\system32\conime.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Voyage Century Online\voyage\Core.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SEemoveit.exe
C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SEemoveit.exe

Startup files:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\WindowsWelcomeCenter
[rundll32.exe oobefldr.dll,ShowWelcomeCenter]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\TOSCDSPD
[TOSCDSPD.EXE]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MsnMsgr
["C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\DAEMON Tools Lite
["C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AlcoholAutomount
["C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Skype
["C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\swg
[C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SpybotSD TeaTimer
[C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SUPERAntiSpyware
[C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched
["C:\Program Files\Java\jre6\bin\jusched.exe"]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ITSecMng
[%ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NDSTray.exe
[NDSTray.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\cfFncEnabler.exe
[cfFncEnabler.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Google Desktop Search
["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Google EULA Launcher
[c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Toshiba TEMPO
[C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run	opi
[C:\Program Files\TOSHIBA\Toshiba Online Product Information	opi.exe -startup]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\StartCCC
["C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Apoint
[C:\Program Files\Apoint2K\Apoint.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Camera Assistant Software
["C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe" /start]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\TPwrMain
[%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HSON
[%ProgramFiles%\TOSHIBA\TBS\HSON.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SmoothView
[%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\00TCrdMain
[%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HDMICtrlMan
[C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Toshiba Registration
[C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\avast!
[C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task
["C:\Program Files\QuickTime\QTTask.exe" -atboottime]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AppleSyncNotifier
[C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\iTunesHelper
["C:\Program Files\iTunes\iTunesHelper.exe"]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Adobe Reader Speed Launcher
["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\TrojanScanner
[C:\Program Files\Trojan Remover\Trjscan.exe /boot]

Detail report: (119)
Clsid c:\progra~1\google\google~2\goec62~1.dll[77c05fd07817c08eae1827da98639468][112128]
Clsid c:\program files\superantispyware\saswinlo.dll[972edede23ac8d59aac0c09799c6f18a][356352]
Clsid C:\Windows\system32\iconcodecservice.dll[08578f3ca5365f896d90ce2bf97fd000][9728]
Proc C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe[80660c611b596ffe8af4074b31aa6fb7][341616]
Proc C:\Program Files\Alwil Software\Avast4\ashDisp.exe[fc242dbd786557ac641726dc5c13f060][81000]
Proc C:\Program Files\Apoint2K\ApMsgFwd.exe[7890a95bba6ee9eb0e4539f5270a6201][42544]
Proc C:\Program Files\Apoint2K\Apntex.exe[99a7b10500920e5cc79b700927b18bc1][40960]
Proc C:\Program Files\Apoint2K\Apoint.exe[a4a14fadde82f30a4bdafe5c65cb8abc][184320]
Proc C:\Program Files\Apoint2K\HidFind.exe[c574c551637734b13278898fe2d12d15][40960]
Proc C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[25ca1677aaa3cdc99cd4fcf940886f3c][49152]
Proc C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[e681281d9bfc9d45d3b72532717e5880][49152]
Proc C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[a98c8ba7036258dc73a41fdf326320c8][4787712]
Proc C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe[b1db5edb658f3ff4f13ac069ce622893][417792]
Proc C:\Program Files\DAEMON Tools Lite\daemon.exe[36d773cbea37ab24966963a9b4891227][490952]
Proc C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[b39662e4c237aa25a2cd2379ff508099][29744]
Proc C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe[b40a9f894e1b267b288906336cde0079][20480]
Proc C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[e616a6a6e91b0a86f2f6217cde835ffe][68856]
Proc C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SEemoveit.exe[1ec5a876a537b62f07c92e5bc8103149][550912]
Proc C:\Program Files\iTunes\iTunesHelper.exe[e6a4e341e4304b34aa280d3e73818c90][290088]
Proc C:\Program Files\Java\jre6\bin\jusched.exe[b98ffa8288efaabc436c30d198608345][136600]
Proc C:\Program Files\Mozilla Firefox\firefox.exe[762d1d11bb4e7c8d238d957e5ab60d0e][307704]
Proc C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN[a1e80d64fcd01cd6ad83ccc46051366f][2580480]
Proc C:\Program Files\OpenOffice.org 2.4\program\soffice.exe[fe4f7aadab104194d899e5b8b8b51cf0][2363392]
Proc C:\Program Files\Skype\Phone\Skype.exe[53393fe192776d53640c447ca18b3e22][21633320]
Proc C:\Program Files\Skype\Plugin Manager\skypePM.exe[a8d36addd1fcd24a450807ee693e4762][76744]
Proc C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[896a1db9a972ad2339c2e8569ec926d1][2144088]
Proc C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[11afbca9eac51cf988918bffe935e6ee][1830128]
Proc C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe[04a49fe5efa859b5a92428a02e0ffe29][103824]
Proc C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe[ce0999910d37f61f2314c998f4f9d1d4][75136]
Proc C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[9a815510679c7ecd04ed194a9c9c25e5][405504]
Proc C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[6e3fefb74326a230237613f2b035c71f][1056768]
Proc C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[ef1464c1f3334f65f55943bfda45c519][716800]
Proc C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe[15a4ca3541d32d60c593087ba5066087][667648]
Proc C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe[1b8feec163dc70beddc8b61e21329162][716800]
Proc C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[b0674ae101707d21f9e30484d6465704][431456]
Proc C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe[74d358bd3aa79c90c7dad0234792f238][574864]
Proc C:\Program Files\Toshiba\SmoothView\SmoothView.exe[b50d6e98f87616444b7e3f8d190a5f09][509816]
Proc C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[5d29764082133f302126c85ab96acb80][430080]
Proc C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe[e1faaf7915bc07352ccf1dff37058414][581632]
Proc C:\Program Files\Voyage Century Online\voyage\Core.exe[624c6db7e5611997af8f637cf410aff5][684132]
Proc C:\Program Files\Windows Live\Messenger\msnmsgr.exe[35b9fa77b73358d9063cd61aa3d83ee8][3885408]
Proc C:\Windows\Explorer.EXE[4f554999d7d5f05daaebba7b5ba1089d][2927104]
Proc C:\Windows\system32\conime.exe[f96ebc5a624349d81dcc7600a3c5dc43][69120]
Proc C:\Windows\system32\Dwm.exe[59903071d7ace6a02093c47e9e38af97][81920]
Proc C:\Windows\system32	askeng.exe[5f109032ce46b7184ed9e50f9fe8489e][169472]
Proc C:\Windows\system32\wbem\unsecapp.exe[25873356e52849c3f5b3f1b02317e8c8][37888]
RegRun [d41d8cd98f00b204e9800998ecf8427e][0]
RegRun c:\progra~1\alwils~1\avast4\ashdisp.exe[fc242dbd786557ac641726dc5c13f060][81000]
RegRun c:\program files\adobeeader 8.0eadereader_sl.exe[392845e8d49b5f0e81aac4d795000a8c][39792]
RegRun c:\program files\alcohol soft\alcohol 120\axcmd.exe [eddb8e76d3eee9d2f1ebd5d40f8850b1][222592]
RegRun c:\program files\apoint2k\apoint.exe[a4a14fadde82f30a4bdafe5c65cb8abc][184320]
RegRun c:\program files\ati technologies\ati.ace\core-static\clistart.exe[e1e71d80d078c576801b6fe2a29fcf85][61440]
RegRun c:\program files\camera assistant software for toshiba	raybar.exe [b1db5edb658f3ff4f13ac069ce622893][417792]
RegRun c:\program files\common files\apple\mobile device support\bin\applesyncnotifier.exe[ae2706ca91e7398cfa2069b26d44f424][111936]
RegRun c:\program files\daemon tools lite\daemon.exe [36d773cbea37ab24966963a9b4891227][490952]
RegRun c:\program files\google\google desktop search\googledesktop.exe [b39662e4c237aa25a2cd2379ff508099][29744]
RegRun c:\program files\google\google eula\googleeulalauncher.exe [b40a9f894e1b267b288906336cde0079][20480]
RegRun c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe[e616a6a6e91b0a86f2f6217cde835ffe][68856]
RegRun c:\program files\itunes\ituneshelper.exe[e6a4e341e4304b34aa280d3e73818c90][290088]
RegRun c:\program files\java\jre6\bin\jusched.exe[b98ffa8288efaabc436c30d198608345][136600]
RegRun c:\program files\quicktime\qttask.exe [9c9b6807425cef840c117654d8b033d1][413696]
RegRun c:\program files\skype\phone\skype.exe [53393fe192776d53640c447ca18b3e22][21633320]
RegRun c:\program files\spybot - search & destroy	eatimer.exe[896a1db9a972ad2339c2e8569ec926d1][2144088]
RegRun c:\program files\superantispyware\superantispyware.exe[11afbca9eac51cf988918bffe935e6ee][1830128]
RegRun c:\program files	oshiba tempro	oshiba.tempo.ui.trayapplication.exe[04a49fe5efa859b5a92428a02e0ffe29][103824]
RegRun c:\program files	oshiba\hdmictrlman\hdmictrlman.exe[1b8feec163dc70beddc8b61e21329162][716800]
RegRun c:\program files	oshibaegistration	oshibaregistration.exe[74d358bd3aa79c90c7dad0234792f238][574864]
RegRun c:\program files	oshiba	oshiba online product information	opi.exe [e1faaf7915bc07352ccf1dff37058414][581632]
RegRun c:\program files	rojan remover	rjscan.exe [1d94c02d752e6e94c05ef18a10d1619e][1303432]
RegRun c:\program files\windows live\messenger\msnmsgr.exe [35b9fa77b73358d9063cd61aa3d83ee8][3885408]
Service c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe[b1691af4a072cb674d600db16dd7308e][275968]
Service c:\program files\alwil software\avast4\ashmaisv.exe [f09461c8eccace33c271cc229f11e281][254040]
Service c:\program files\alwil software\avast4\ashserv.exe[62889d40a3fb1a9012428e16fe0dc67a][138680]
Service c:\program files\alwil software\avast4\ashwebsv.exe [23ca3e54474ae5ffdbc0f97b9e1815db][352920]
Service c:\program files\alwil software\avast4\aswupdsv.exe[b4253776ee034f6770fcee32c28490b0][18752]
Service c:\program files\bonjour\mdnsresponder.exe[9efe4236f8670846b6e7c5b0eff6e715][238888]
Service c:\program files\cdburnerxp
msaccessu.exe[fd306fbcce7adb1077b709742e7148e9][71096]
Service c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe[a8aa9d47f971570a5162b862b80f87e8][132424]
Service c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe[1cf03c69b49acb70c722df92755c0c8c][69632]
Service c:\program files\common files\ulead systems\dvd\ulcdrsvr.exe[332d341d92b933600d41953b08360dfb][49152]
Service c:\program files\google\common\google updater\googleupdaterservice.exe[1bf044e23206fddc16891a32922d571b][137200]
Service c:\program files\google\google desktop search\googledesktop.exe[b39662e4c237aa25a2cd2379ff508099][29744]
Service c:\program files\ipod\bin\ipodservice.exe[62937a89470af8ff172f0980ca8aefc9][536872]
Service c:\program files\o2micro flash memory card driver\o2flash.exe[d955d5de998db2476bf0892be3a96c26][65536]
Service c:\program files	oshiba tempro	emposvc.exe[ce0b5d587839614a16480d7b8395ffe9][99720]
Service c:\program files	oshiba\bluetooth toshiba stack	osbtsrv.exe[8e10e654e354cf330ed75882769a0107][124264]
Service c:\program files	oshiba\configfree\cfsvcs.exe[d10d01b2dfcd8d2f32a32ed29e8da1c2][40960]
Service c:\program files	oshiba\power saver	oscosrv.exe[da6903958cbdc091ffcbbca70ccff34c][431456]
Service c:\program files	oshiba\smartfacev\smartfacevwatchsrv.exe[3566310df25ea5c3b2e9f50f5b50eac1][73728]
Service c:\program files	oshiba\smartlogservice	osipcsrv.exe[22690dffc7f2a18279a7a0489aa02bac][126976]
Service c:\program files	oshiba	oshiba dvd player	navisrv.exe[6badbb0b16b25643075a6ffafc489940][83312]
Service c:\program files\windows media player\wmpnetwk.exe[3978704576a121a9204f8cc49a301a9b][896512]
Service c:\windows\ehome\ehrecvr.exe[9be3744d295a7701eb425332014f0797][292352]
Service c:\windows\ehome\ehsched.exe[ad1870c8e5d6dd340c829e6074bf3c3f][131072]
Service c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe[a4af4201bd519971f8f34724f3ca9dbb][70144]
Service c:\windows\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe[e7cc3aeaed9893a88876744cd439f76c][864256]
Service c:\windows\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe[f9102685f97f9ba85f4a70afcf722cfe][122880]
Service c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe[993883524aa9cf1c90e1545411a9ac9c][36864]
Service c:\windows\servicing	rustedinstaller.exe[16613a1bad034d4ecf957af18b7c2ff5][39424]
Service c:\windows\system32\alg.exe[a1545b731579895d8cc44fc0481c1192][59392]
Service c:\windows\system32\ati2evxx.exe[54d715af597c06e87418c50f481bdd2c][667648]
Service c:\windows\system32\dfsr.exe[fa3463f25f9cc9c3bcf1e7912feff099][2091520]
Service c:\windows\system32\dllhost.exe [be01e566d1f569aab32d0335613e1eea][7168]
Service c:\windows\system32\drivers\xaudio.exe[cd5f291a1161f15896d1a4d63daff5df][386560]
Service c:\windows\system32\locator.exe[5123f83cbc4349d065534eeb6bbdc42b][7680]
Service c:\windows\system32\lsass.exe[dcf733788c7d088d814e5f80eb4b3e0f][9728]
Service c:\windows\system32\msdtc.exe[fd7520cc3a80c5fc8c48852bb24c6ded][105984]
Service c:\windows\system32\searchindexer.exe [7778bdfa3f6f6fba0e75b9594098f737][439808]
Service c:\windows\system32\slsvc.exe[0ba91e1358ad25236863039bb2609a2e][2623488]
Service c:\windows\system32\snmptrap.exe[2a146a055b4401c16ee62d18b8e2a032][12800]
Service c:\windows\system32\spoolsv.exe[846cdf9a3cf4da9b306adfb7d55ee4c2][125952]
Service c:\windows\system32\svchost.exe [3794b461c45882e06856f282eef025af][21504]
Service c:\windows\system32	oddsrv.exe[c5ac715b65b01788abc22d10749dddd8][129632]
Service c:\windows\system32\ui0detect.exe[ecef404f62863755951e09c802c94ad5][35840]
Service c:\windows\system32\vds.exe[b13bc395b9d6116628f5af47e0802ac4][382976]
Service c:\windows\system32\vssvc.exe[d5fb73d19c46ade183f968e13f186b23][1054720]
Service c:\windows\system32\wbem\wmiapsrv.exe[aba4cf9f856d9a3a25f4ddd7690a6e9d][137728]
Startup c:\programdata\microsoft\windows\start menu\programs\startup\desktop.ini[7f1698bab066b764a314a589d338daae][174]
System.ini c:\windows\system32\drivers\xaudio.exe[cd5f291a1161f15896d1a4d63daff5df][386560]

Startup folder: (1)
Startup name: desktop.ini
Command: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

Win.ini Startup: (1)
Path: No additional driver found!

Win.ini Startup: (1)
Path: No additional driver found!

Keyboard drivers: (1)
Name: No Keyboard Filter driver found!

Services: (150)
Service Name: Accès du périphérique d'interface utilisateur [Running], 
Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Service Name: Acquisition d'image Windows (WIA) [Running], 
Path: C:\Windows\system32\svchost.exe -k imgsvc
Service Name: Agent de protection d’accès réseau [Stopped], 
Path: C:\Windows\System32\svchost.exe -k NetworkService
Service Name: Agent de stratégie IPsec [Running], 
Path: C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
Service Name: Appel de procédure distante (RPC) [Running], 
Path: C:\Windows\system32\svchost.exe -k rpcss
Service Name: Apple Mobile Device [Running], 
Path: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Service Name: Application système COM+ [Stopped], 
Path: C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Service Name: Assistance IP [Running], 
Path: C:\Windows\System32\svchost.exe -k NetSvcs
Service Name: Assistance NetBIOS sur TCP/IP [Running], 
Path: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Service Name: Ati External Event Utility [Running], 
Path: C:\Windows\system32\Ati2evxx.exe
Service Name: Audio Windows [Running], 
Path: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Service Name: avast! Antivirus [Running], 
Path: "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
Service Name: avast! iAVS4 Control Service [Running], 
Path: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
Service Name: avast! Mail Scanner [Running], 
Path: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
Service Name: avast! Web Scanner [Running], 
Path: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
Service Name: Cache de police de Windows Presentation Foundation 3.0.0.0 [Running], 
Path: C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
Service Name: Carte à puce [Stopped], 
Path: C:\Windows\system32\svchost.exe -k LocalService
Service Name: Carte de performance WMI [Stopped], 
Path: C:\Windows\system32\wbem\WmiApSrv.exe
Service Name: Centre de sécurité [Running], 
Path: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Service Name: Cliché instantané de volume [Stopped], 
Path: C:\Windows\system32\vssvc.exe
Service Name: Client de stratégie de groupe [Running], 
Path: C:\Windows\system32\svchost.exe -k netsvcs
Service Name: Client de suivi de lien distribué [Running], 
Path: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Service Name: Client DHCP [Running], 
Path: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Service Name: Client DNS [Running], 
Path: C:\Windows\system32\svchost.exe -k NetworkService
Service Name: Collecteur d'événements de Windows [Stopped], 
Path: C:\Windows\system32\svchost.exe -k NetworkService
Service Name: ConfigFree Service [Running], 
Path: "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe"
Service Name: Configuration automatique de réseau câblé [Stopped], 
Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Service Name: Configuration des services Terminal Server [Stopped], 
Path: C:\Windows\System32\svchost.exe -k netsvcs
Service Name: Connaissance des emplacements réseau [Running], 
Path: C:\Windows\System32\svchost.exe -k NetworkService
Service Name: Connexions réseau [Running], 
Path: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Service Name: Contrôle parental [Stopped], 
Path: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Service Name: Coordinateur de transactions distribuées [Stopped], 
Path: C:\Windows\System32\msdtc.exe
Service Name: Découverte SSDP [Running], 
Path: C:\Windows\system32\svchost.exe -k LocalService
Service Name: Détection de services interactifs [Stopped], 
Path: C:\Windows\system32\UI0Detect.exe
Service Name: Détection matériel noyau [Running], 
Path: C:\Windows\System32\svchost.exe -k netsvcs
Service Name: Disque virtuel [Stopped], 
Path: C:\Windows\System32\vds.exe
Service Name: Emplacement protégé [Stopped], 
Path: C:\Windows\system32\lsass.exe
Service Name: Énumérateur de bus IP PnP-X [Stopped], 
Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Service Name: Expérience audio-vidéo haute qualité Windows [Stopped], 
Path: C:\Windows\system32\svchost.exe -k LocalService
Service Name: Expérience d’application [Running], 
Path: C:\Windows\system32\svchost.exe -k netsvcs
Service Name: Explorateur d'ordinateurs [Stopped], 
Path: C:\Windows\System32\svchost.exe -k netsvcs
Service Name: Fournisseur de cliché instantané de logiciel Microsoft [Stopped], 
Path: C:\Windows\System32\svchost.exe -k swprv
Service Name: Générateur de points de terminaison du service Audio Windows [Running], 
Path: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Service Name: Gestion à distance de Windows (Gestion WSM) [Stopped], 
Path: C:\Windows\System32\svchost.exe -k NetworkService
Service Name: Gestion des clés et des certificats d'intégrité [Stopped], 
Path: C:\Windows\System32\svchost.exe -k netsvcs
Service Name: Gestionnaire de comptes de sécurité [Running], 
Path: C:\Windows\system32\lsass.exe
Service Name: Gestionnaire de connexion automatique d'accès distant [Stopped], 
Path: C:\Windows\system32\svchost.exe -k netsvcs
Service Name: Gestionnaire de connexions d'accès distant [Running], 
Path: C:\Windows\system32\svchost.exe -k netsvcs
Service Name: Gestionnaire de sessions du Gestionnaire de fenêtrage [Running], 
Path: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Service Name: Gestionnaire d'identité réseau homologue [Stopped], 
Path: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Service Name: Google Desktop Manager 5.7.802.22438 [Stopped], 
Path: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"
Service Name: Google Updater Service [Stopped], 
Path: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
Service Name: Groupement de mise en réseau de pairs [Stopped], 
Path: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Service Name: Horloge Windows [Running], 
Path: C:\Windows\system32\svchost.exe -k LocalService
Service Name: Hôte de périphérique UPnP [Running], 
Path: C:\Windows\system32\svchost.exe -k LocalService
Service Name: Hôte du fournisseur de découverte de fonctions [Stopped], 
Path: C:\Windows\system32\svchost.exe -k LocalService
Service Name: Hôte système de diagnostics [Running], 
Path: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Service Name: Informations d'application [Stopped], 
Path: C:\Windows\system32\svchost.exe -k netsvcs
Service Name: Infrastructure de gestion Windows [Running], 
Path: C:\Windows\system32\svchost.exe -k netsvcs
Service Name: InstallDriver Table Manager [Stopped], 
Path: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
Service Name: Interruption SNMP [Stopped], 
Path: C:\Windows\System32\snmptrap.exe
Service Name: Isolation de clé CNG [Running], 
Path: C:\Windows\system32\lsass.exe
Service Name: Journal d’événements Windows [Running], 
Path: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Service Name: Journaux & alertes de performance [Stopped], 
Path: C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
Service Name: Lanceur de processus serveur DCOM [Running], 
Path: C:\Windows\system32\svchost.exe -k DcomLaunch
Service Name: Lanceur des services Windows Media Center [Stopped], 
Path: C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Service Name: Licence du logiciel [Running], 
Path: C:\Windows\system32\SLsvc.exe
Service Name: Localisateur d'appels de procédure distante (RPC) [Stopped], 
Path: C:\Windows\system32\locator.exe
Service Name: Mappage de découverte de topologie de la couche de liaison [Stopped], 
Path: C:\Windows\System32\svchost.exe -k LocalService
Service Name: Microsoft .NET Framework NGEN v2.0.50727_X86 [Stopped], 
Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Service Name: Modules de génération de clés IKE et AuthIP [Running], 
Path: C:\Windows\system32\svchost.exe -k netsvcs
Service Name: Moteur de filtrage de base [Running], 
Path: C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Service Name: Netlogon [Stopped], 
Path: C:\Windows\system32\lsass.exe
Service Name: NMSAccessU [Running], 
Path: C:\Program Files\CDBurnerXP\NMSAccessU.exe
Service Name: Notebook Performance Tuning Service  [Running], 
Path: "C:\Program Files\Toshiba TEMPRO\TempoSVC.exe"
Service Name: O2Micro Flash Memory Card Service [Running], 
Path: "C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe"
Service Name: Ouverture de session secondaire [Running], 
Path: C:\Windows\system32\svchost.exe -k netsvcs
Service Name: Pare-feu Windows [Running], 
Path: C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Service Name: Partage de connexion Internet (ICS) [Stopped], 
Path: C:\Windows\System32\svchost.exe -k netsvcs
Service Name: Planificateur de classes multimédias [Running], 
Path: C:\Windows\system32\svchost.exe -k netsvcs
Service Name: Planificateur de tâches [Running], 
Path: C:\Windows\system32\svchost.exe -k netsvcs
Service Name: Plug-and-Play [Running], 
Path: C:\Windows\system32\svchost.exe -k DcomLaunch
Service Name: Prise en charge de l’application Rapports et solutions aux problèmes du Panneau de configuration [Stopped], 
Path: C:\Windows\System32\svchost.exe -k netsvcs
Service Name: Programme d’installation de modules Windows [Stopped], 
Path: C:\Windows\servicing\TrustedInstaller.exe
Service Name: Propagation du certificat [Stopped], 
Path: C:\Windows\system32\svchost.exe -k netsvcs
Service Name: Protocole de résolution de noms d'homologues [Stopped], 
Path: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Service Name: Protocole EAP (Extensible Authentication Protocol) [Running], 
Path: C:\Windows\System32\svchost.exe -k netsvcs
Service Name: Publication des ressources de découverte de fonctions [Running], 
Path: C:\Windows\system32\svchost.exe -k LocalService
Service Name: Registre à distance [Stopped], 
Path: C:\Windows\system32\svchost.exe -k regsvc
Service Name: Réplication DFS [Stopped], 
Path: C:\Windows\system32\DFSR.exe
Service Name: Routage et accès distant [Stopped], 
Path: C:\Windows\system32\svchost.exe -k netsvcs
Service Name: Sauvegarde Windows [Stopped], 
Path: C:\Windows\system32\svchost.exe -k SDRSVC
Service Name: Serveur [Running], 
Path: C:\Windows\system32\svchost.exe -k netsvcs
Service Name: Serveur de priorités des threads [Stopped], 
Path: C:\Windows\system32\svchost.exe -k LocalService
Service Name: Service Bonjour [Running], 
Path: "C:\Program Files\Bonjour\mDNSResponder.exe"
Service Name: Service de configuration automatique WLAN [Running], 
Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Service Name: Service de découverte automatique de Proxy Web pour les services HTTP Windows [Stopped], 
Path: C:\Windows\system32\svchost.exe -k LocalService
Service Name: Service de l’Assistant Compatibilité des programmes [Running], 
Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Service Name: Service de l’iPod [Running], 
Path: "C:\Program Files\iPod\bin\iPodService.exe"
Service Name: Service de la passerelle de la couche Application [Stopped], 
Path: C:\Windows\System32\alg.exe
Service Name: Service de notification d’événements système [Running], 
Path: C:\Windows\system32\svchost.exe -k netsvcs
Service Name: Service de notification de l’interface utilisateur SL [Stopped], 
Path: C:\Windows\system32\svchost.exe -k LocalService
Service Name: Service de partage de ports Net.Tcp [Stopped], 
Path: "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
Service Name: Service de planification Windows Media Center [Stopped], 
Path: C:\Windows\ehome\ehsched.exe
Service Name: Service de profil utilisateur [Running], 
Path: C:\Windows\system32\svchost.exe -k netsvcs
Service Name: Service de publication des noms d’ordinateurs PNRP [Stopped], 
Path: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Service Name: Service de rapport d'erreurs Windows [Running], 
Path: C:\Windows\System32\svchost.exe -k WerSvcGroup
Service Name: Service de réception Windows Media Center [Stopped], 
Path: C:\Windows\ehome\ehRecvr.exe
Service Name: Service de stratégie de diagnostic [Running], 
Path: C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
Service Name: Service de transfert intelligent en arrière-plan [Running], 
Path: C:\Windows\System32\svchost.exe -k netsvcs
Service Name: Service Énumérateur d’appareil mobile [Running], 
Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Service Name: Service hôte WDIServiceHost [Stopped], 
Path: C:\Windows\System32\svchost.exe -k wdisvc
Service Name: Service Initiateur iSCSI de Microsoft [Stopped], 
Path: C:\Windows\system32\svchost.exe -k netsvcs
Service Name: Service Interface du magasin réseau [Running], 
Path: C:\Windows\system32\svchost.exe -k LocalService
Service Name: Service KtmRm pour Distributed Transaction Coordinator [Running], 
Path: C:\Windows\System32\svchost.exe -k NetworkService
Service Name: Service Liste des réseaux [Running], 
Path: C:\Windows\System32\svchost.exe -k LocalService
Service Name: Service Panneau de saisie Tablet PC [Running], 
Path: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Service Name: Service Partage réseau du Lecteur Windows Media [Stopped], 
Path: "C:\Program Files\Windows Media Player\wmpnetwk.exe"
Service Name: Service ReadyBoost [Running], 
Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Service Name: Service Windows Media Center Extender [Stopped], 
Path: C:\Windows\system32\svchost.exe -k LocalService
Service Name: Service SSTP (Secure Socket Tunneling Protocol) [Running], 
Path: C:\Windows\system32\svchost.exe -k LocalService
Service Name: Services de base de module de plateforme sécurisée [Stopped], 
Path: C:\Windows\System32\svchost.exe -k LocalService
Service Name: Services de chiffrement [Running], 
Path: C:\Windows\system32\svchost.exe -k NetworkService
Service Name: Services Terminal Server [Running], 
Path: C:\Windows\System32\svchost.exe -k NetworkService
Service Name: SmartFaceVWatchSrv [Running], 
Path: "C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe"
Service Name: Spouleur d'impression [Running], 
Path: C:\Windows\System32\spoolsv.exe
Service Name: StarWind AE Service [Running], 
Path: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
Service Name: Station de travail [Running], 
Path: C:\Windows\System32\svchost.exe -k LocalService
Service Name: Stratégie de retrait de la carte à puce [Stopped], 
Path: C:\Windows\system32\svchost.exe -k netsvcs
Service Name: Superfetch [Running], 
Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Service Name: Système de couleurs Windows [Stopped], 
Path: C:\Windows\system32\svchost.exe -k wcssvc
Service Name: Système d'événement COM+ [Running], 
Path: C:\Windows\system32\svchost.exe -k LocalService
Service Name: Téléphonie [Running], 
Path: C:\Windows\System32\svchost.exe -k NetworkService
Service Name: Thèmes [Running], 
Path: C:\Windows\System32\svchost.exe -k netsvcs
Service Name: TOSHIBA Bluetooth Service [Running], 
Path: c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
Service Name: TOSHIBA Navi Support Service [Running], 
Path: C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
Service Name: TOSHIBA Optical Disc Drive Service [Running], 
Path: C:\Windows\system32\TODDSrv.exe
Service Name: TOSHIBA Power Saver [Running], 
Path: "C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe"
Service Name: TOSHIBA SMART Log Service [Running], 
Path: "C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe"
Service Name: Ulead Burning Helper [Running], 
Path: C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Service Name: User Privilege Service [Stopped], 
Path: C:\Windows\System32\svchost.exe -k netsvcs
Service Name: WebClient [Running], 
Path: C:\Windows\system32\svchost.exe -k LocalService
Service Name: Windows CardSpace [Stopped], 
Path: "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
Service Name: Windows Connect Now - Registre de configuration [Stopped], 
Path: C:\Windows\System32\svchost.exe -k LocalService
Service Name: Windows Defender [Running], 
Path: C:\Windows\System32\svchost.exe -k secsvcs
Service Name: Windows Driver Foundation - Infrastructure de pilote mode-utilisateur [Running], 
Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Service Name: Windows Installer [Stopped], 
Path: C:\Windows\system32\msiexec /V
Service Name: Windows Search [Running], 
Path: C:\Windows\system32\SearchIndexer.exe /Embedding
Service Name: Windows Update [Running], 
Path: C:\Windows\system32\svchost.exe -k netsvcs
Service Name: XAudioService [Running], 
Path: C:\Windows\system32\DRIVERS\xaudio.exe
Finished...

pimprenelle27 · Answer

tu peux mettre mes virus en quarantaine et les supprimer, ensuite un nouveau scan panda. Merci.

Dark66 · Answer

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-03-14 21:42:17
PROTECTIONS: 4
MALWARE: 1
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description                                  Version                       Active    Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1229 [VPS 081124-0]     4.8.1229                      Yes       Yes
Windows Defender                             1.1.1505.0                    No        Yes
SUPERAntiSpyware                             4, 25, 0, 1014                No        Yes
avast! antivirus 4.8.1229 [VPS 081124-0]     4.8.1229                      No        Yes
;===================================================================================================================================================================================
MALWARE
Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
;===================================================================================================================================================================================
00185663  HackTool/NetCat.A                  HackTools           No        0         Yes            No           C:\Users\Mika\Documents\CryptLoadouter\FRITZ!Box
c.exe
;===================================================================================================================================================================================
SUSPECTS
Sent      Location                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              &#65533;p>&#65533;&#65533;&#65533;I
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id        Severity   Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                &#65533;p>&#65533;&#65533;&#65533;I
;===================================================================================================================================================================================
;===================================================================================================================================================================================

pimprenelle27 · Answer

ça tu connais : CryptLoadouter\FRITZ!Box
c.exe ?

Dark66 · Answer

Voui, comme j'en avais plus besoin, je viens de le supprimer

pimprenelle27 · Answer

un dernier hijackthis.

Dark66 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:27:31, on 14/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Voyage Century Online\voyage\Core.exe
C:\Windows\system32\conime.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Voyage Century Online\voyage\Core.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Voyage Century Online\voyage\Core.exe
C:\Users\Mika\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lessoiffards.roxorgamers.com/index.php?file=Links&op=description&link_id=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information	opi.exe -startup
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: Download with Rapget - C:\Users\Mika\Documents\Tripperapget.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Notebook Performance Tuning Service  (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

pimprenelle27 · Answer

Tu relance hijackthis, mais là tu clique juste sur faire un scan, ensuite tu sélectionne les lignes puis,

( important pour que certaines modifs faites avec hijakthis soient prises en compte )
C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe

Tu cliques en bas sur le bouton FIX CHECKED et valides .



2- Redémarres l'ordi .

Dark66 · Answer

Je ne trouve pas où enlever C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe

pimprenelle27 · Answer

A demain.

Dark66 · Answer

J'ai tout enlevé a part C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe

pimprenelle27 · Answer

ok maintenant ceci 

Télécharge Toolscleaner sur ton Bureau :

* Double-clique sur ToolsCleaner2.exe et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse

Puis ceci pour voir si ton pc est à jour : 

pour voir si ton pc est à jour :

http://www.filehippo.com/updatechecker/UpdateChecker.exe (attention certain logiciels mis en lien pour les mises à jour peuvent être en anglais, rechercher à ce moment là celui en français)

Dark66 · Answer

[ Rapport ToolsCleaner version 2.3.2 (par A.Rothstein & dj QUIOU) ]

-->- Recherche: 

C:\Users\Mika\AppData\Local\Temp\MSNFix-1\MsnFix: trouvé !
C:\Users\Mika\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: trouvé !
C:\Users\Mika\Desktop\Msnfix.zip: trouvé !
C:\Users\Mika\Desktop\HijackThis.exe: trouvé !
C:\Users\Mika\Desktop\hijackthis.log: trouvé !
C:\Users\Mika\Desktop\MsnFix: trouvé !
C:\Windows\msnfix.txt: trouvé !

---------------------------------
-->- Suppression: 

C:\Users\Mika\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: supprimé !
C:\Users\Mika\Desktop\Msnfix.zip: supprimé !
C:\Users\Mika\Desktop\HijackThis.exe: supprimé !
C:\Users\Mika\Desktop\hijackthis.log: supprimé !
C:\Windows\msnfix.txt: supprimé !
C:\Users\Mika\AppData\Local\Temp\MSNFix-1\MsnFix: supprimé !
C:\Users\Mika\Desktop\MsnFix: supprimé !

pimprenelle27 · Answer

et la mise à jour du pc ça donne quoi?

Ton pc va-t-il mieux?

Dark66 · Answer

Toutes les mises à jour sont faites, je vais tester MSN pour voir si j'ai toujours ce truc.

Dark66 · Answer

Voilà, il n'y a plus l'air d'avoir le problème. Je te remercie vraiment beaucoup pour tout le temps que tu as pris pour m'aider et surtout de l'efficacité. ^^  

MERCI !

pimprenelle27 · Answer

merci pour tout le temps que tu as pris pour m'aider et surtout de l'efficacité. Comme je veux en faire mon métier, c'est très bien ce que tu me dit ça me conforte de mon idée.

Virus msn... encore et toujours...

46 réponses

Votre réponse

Discussions similaires

Newsletters