Ordinateur infécté, besoin d'aide - Page 2

Précédent
  • 1
  • 2
  1. lilly
     
    Merci encore une foi!

    Alors j'ai supprimer PEV.exe mais impossible de trouver msupdte dans systeme32, j'ai cherché mais il n'a pas l'air d'être là :/

    le log apres avoir supprimer PEV.exe:

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Amélie at 2009-06-20 17:36:40
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 13 GB (23%) free of 57 GB
    Total RAM: 893 MB (37% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:37:06, on 20/06/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Windows\UMStor\Res.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\System32\p2phost.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Electronic Arts\EADM\Core.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    E:\Downloads\RSIT.exe
    C:\Program Files\trend micro\Amélie.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Windows\UMStor\Res.EXE
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
    O4 - Global Startup: SMCWUSB-G 802.11g Wireless USB Utility.lnk = C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
    O8 - Extra context menu item: Download linked FLV with GetFLV - C:\Program Files\GetFLV\iemenu\DownloadLinkFLV.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
    O9 - Extra 'Tools' menuitem: Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
    O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
    O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O13 - Gopher Prefix:
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate1c99ff79b931d10) (gupdate1c99ff79b931d10) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  2. Darkkiller Messages postés 2336 Statut Contributeur 67
     
    Re,

    Est-ce que tu as affiché les fichiers/dossiers cachés ?

    Sinon est-ce que tu peux me repasser un coup de combofix ?

    Merci

    Bonne soirée !
    0
  3. lilly
     
    Bonjour! Désolé pour le retard, voici le rapport combofix:

    ComboFix 09-06-20.03 - Amélie 21/06/2009 11:43.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.893.414 [GMT 2:00]
    Lancé depuis: c:\users\Amélie\Desktop\ComboFix.exe
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    * Un nouveau point de restauration a été créé
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-05-21 au 2009-06-21 ))))))))))))))))))))))))))))))))))))
    .

    2009-06-19 09:35 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-06-19 09:35 . 2009-06-19 09:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-06-19 09:35 . 2009-06-19 09:35 -------- d-----w- c:\programdata\Malwarebytes
    2009-06-19 09:35 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-06-19 07:46 . 2009-06-20 15:36 -------- d-----w- c:\program files\trend micro
    2009-06-19 07:46 . 2009-06-19 07:47 -------- d-----w- C:\rsit
    2009-06-18 20:21 . 2009-06-20 07:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2009-06-18 20:21 . 2009-06-18 20:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-06-18 19:31 . 2009-06-18 19:31 -------- d-----w- c:\windows\Sun
    2009-06-14 07:10 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
    2009-06-14 07:10 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2009-06-07 15:23 . 2009-06-07 15:23 -------- d-----w- c:\program files\GetFLV
    2009-06-07 15:23 . 2008-02-11 19:55 1462272 ----a-w- c:\windows\system32\vbsgf.dat
    2009-05-23 19:51 . 2009-05-23 19:51 -------- d-----w- c:\programdata\Electronic Arts
    2009-05-23 19:47 . 2009-05-23 19:47 -------- d-----w- c:\program files\Microsoft WSE
    2009-05-23 19:46 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
    2009-05-23 19:30 . 2009-05-23 19:48 -------- d-----w- c:\program files\Electronic Arts
    2009-05-22 15:37 . 2009-05-22 15:37 -------- d-----w- c:\windows\Applian FLV Player
    2009-05-22 15:37 . 2009-05-22 15:37 -------- d-----w- c:\program files\FLV Player

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-20 07:13 . 2008-02-22 10:31 -------- d-----w- c:\program files\Google
    2009-06-19 19:59 . 2008-01-21 08:40 37586 ----a-w- c:\windows\system32\perfh00C.dat
    2009-06-19 19:59 . 2008-01-21 08:40 13966 ----a-w- c:\windows\system32\perfc00C.dat
    2009-06-12 16:51 . 2008-11-17 20:08 -------- d-----w- c:\program files\Common Files\Real
    2009-06-12 16:45 . 2008-02-22 09:49 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-06-12 16:45 . 2008-02-22 10:02 -------- d-----w- c:\program files\TOSHIBA
    2009-06-12 08:13 . 2008-02-25 14:08 -------- d-----w- c:\program files\Microsoft Works
    2009-06-08 08:31 . 2008-02-22 10:14 -------- d-----w- c:\program files\Common Files\Ulead Systems
    2009-06-07 15:51 . 2008-02-22 10:14 -------- d-----w- c:\programdata\Ulead Systems
    2009-05-27 16:15 . 2008-05-20 12:07 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2009-05-19 14:57 . 2008-05-20 13:28 -------- d-----w- c:\program files\Messenger Plus! Live
    2009-05-14 11:48 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-05-09 07:55 . 2009-05-09 07:55 -------- d-----w- c:\program files\MediaCoder
    2009-05-09 07:38 . 2008-05-22 20:52 -------- d-----w- c:\program files\DivX
    2009-05-09 05:50 . 2009-06-11 07:15 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-05-09 05:34 . 2009-06-11 07:15 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-05-06 19:23 . 2009-05-06 19:16 -------- d-----w- c:\program files\Audacity
    2009-04-23 12:43 . 2009-06-11 07:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
    2009-04-23 12:42 . 2009-06-11 07:15 636928 ----a-w- c:\windows\system32\localspl.dll
    2009-04-21 11:55 . 2009-06-11 07:15 2033152 ----a-w- c:\windows\system32\win32k.sys
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-06-19_20.55.59 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-01-21 01:58 . 2009-06-21 07:23 55640 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2008-05-20 09:50 . 2009-06-19 20:48 17232 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-104656271-2589497128-2738001241-1000_UserData.bin
    + 2008-05-20 09:50 . 2009-06-21 07:23 17232 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-104656271-2589497128-2738001241-1000_UserData.bin
    + 2008-05-20 09:36 . 2009-06-20 15:09 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-05-20 09:36 . 2009-06-19 19:03 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-05-20 09:36 . 2009-06-19 19:03 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-05-20 09:36 . 2009-06-20 15:09 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-05-20 09:36 . 2009-06-20 15:09 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-05-20 09:36 . 2009-06-19 19:03 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-05-20 13:48 . 2009-06-20 21:58 4584 c:\windows\System32\WDI\ERCQueuedResolutions.dat
    - 2008-05-20 13:48 . 2009-06-19 09:45 4584 c:\windows\System32\WDI\ERCQueuedResolutions.dat
    + 2009-06-21 07:25 . 2009-06-21 07:25 9560 c:\windows\System32\networklist\icons\{AD76156F-29EE-459B-95FC-307476A1388E}_48.bin
    + 2009-06-21 07:25 . 2009-06-21 07:25 4280 c:\windows\System32\networklist\icons\{AD76156F-29EE-459B-95FC-307476A1388E}_32.bin
    + 2009-06-21 07:25 . 2009-06-21 07:25 2456 c:\windows\System32\networklist\icons\{AD76156F-29EE-459B-95FC-307476A1388E}_24.bin
    - 2009-06-19 20:47 . 2009-06-19 20:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2009-06-21 07:20 . 2009-06-21 07:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2009-06-21 07:20 . 2009-06-21 07:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-06-19 20:47 . 2009-06-19 20:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-05-24 09:11 . 2009-06-20 20:21 398684 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2006-11-02 13:05 . 2009-06-21 07:23 102576 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 12:47 . 2009-06-21 07:20 323616 c:\windows\System32\FNTCACHE.DAT
    - 2006-11-02 12:47 . 2009-06-13 07:14 323616 c:\windows\System32\FNTCACHE.DAT
    + 2009-05-08 09:19 . 2009-06-20 21:58 2178664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    - 2009-05-08 09:19 . 2009-06-19 20:46 2178664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-01-29 430080]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "CollaborationHost"="c:\windows\system32\p2phost.exe" [2008-01-21 192000]
    "Sidebar"="c:\program files\windows sidebar\sidebar.exe" [2008-01-21 1233920]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
    "topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-22 1836544]
    "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]
    "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
    "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
    "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
    "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
    "USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-14 65536]
    "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-29 4911104]
    "NDSTray.exe"="NDSTray.exe" [BU]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    SMCWUSB-G 802.11g Wireless USB Utility.lnk - c:\program files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe [2006-1-18 442368]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^Users^Amélie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Eurobarre.lnk]
    path=c:\users\Amélie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Eurobarre.lnk
    backup=c:\windows\pss\Eurobarre.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^Amélie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Notification de cadeaux MSN.lnk]
    path=c:\users\Amélie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Notification de cadeaux MSN.lnk
    backup=c:\windows\pss\Notification de cadeaux MSN.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{7B09F4FD-A2CA-4960-93FB-A4C37C6C6AC6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{285B7490-3CDA-42A9-848E-BB9CE68A3D4F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "TCP Query User{E47C92A4-8540-45C6-A72F-E5A3B07CDE9C}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
    "UDP Query User{B035C294-D395-4517-BCD9-6A322CB78CAE}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
    "TCP Query User{913B2CC2-83E6-420D-941F-77C508A0D74E}c:\\program files\\emule\\emule.exe"= Disabled:UDP:c:\program files\emule\emule.exe:eMule
    "UDP Query User{2DD3D649-9974-436E-BE6F-D755F1578204}c:\\program files\\emule\\emule.exe"= Disabled:TCP:c:\program files\emule\emule.exe:eMule
    "TCP Query User{C98960A6-5238-41ED-A603-A267B8AFD1B3}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
    "UDP Query User{47471F6A-A827-4043-A55E-1BD388D2BD94}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
    "TCP Query User{D2072365-6CEA-421A-8713-D85BC8A7C820}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{FFD06E6F-EE1A-481B-B74E-7BF00FF7BA76}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "TCP Query User{71D481D6-E826-4495-AB6A-C89F009925CE}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
    "UDP Query User{FDF254FE-E1BF-45C3-AC14-EF55C490CDDC}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
    "TCP Query User{70E40C8C-1CF9-4C0D-A71F-76115DA90ACA}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
    "UDP Query User{5D3BD69D-B2B5-4412-97F4-64BA7F9942C8}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
    "TCP Query User{572A75F4-BC2A-4F54-A0B5-93295CD36965}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
    "UDP Query User{EA7329C7-52D0-4B0B-B5B0-174101F5200F}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
    "TCP Query User{FECEBDD8-F3EB-4524-BC6C-A1C9A0C119A8}c:\\program files\\kazaa lite k++\\kazaalite.kpp"= UDP:c:\program files\kazaa lite k++\kazaalite.kpp:KazaaLite.kpp
    "UDP Query User{54070FC2-2736-424A-AC1D-DB145C1261E1}c:\\program files\\kazaa lite k++\\kazaalite.kpp"= TCP:c:\program files\kazaa lite k++\kazaalite.kpp:KazaaLite.kpp
    "TCP Query User{4A215786-EC9E-4BCB-A674-75D4F6ABD8E8}c:\\program files\\adsltv\\adsltv.exe"= UDP:c:\program files\adsltv\adsltv.exe:adsltv
    "UDP Query User{42B5B443-D7CE-4E8F-8602-E08585EC0717}c:\\program files\\adsltv\\adsltv.exe"= TCP:c:\program files\adsltv\adsltv.exe:adsltv
    "TCP Query User{64D47860-1172-49B9-A927-2E2824B570FC}c:\\program files\\shareaza\\shareaza.exe"= UDP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
    "UDP Query User{CBD1E9BC-3741-4B8A-A007-6E725EBCE1C9}c:\\program files\\shareaza\\shareaza.exe"= TCP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
    "{ACC9FE8F-E4F0-4B86-A6CD-46C19B18E505}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
    "{24AE12BC-C8C3-4E93-98C7-2795B5A77A81}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{D116D5A5-CFB7-442D-A674-2F14A5EDB84B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "TCP Query User{363F5896-00F6-49DF-9B6B-95981CAB2C24}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
    "UDP Query User{7F4F9411-8359-4500-968C-1FF7EDE06CCD}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
    "TCP Query User{DB261FCB-2DF8-4FE1-9510-7CC1C3AFF7E8}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
    "UDP Query User{EBB94DC9-1F22-405E-A011-6E32C0CF2DF0}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager

    R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [25/12/2007 14:07 40960]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [18/06/2009 22:21 1153368]
    R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [03/12/2007 17:03 126976]
    R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [22/02/2008 12:02 7168]
    R3 SMCWGU(SMC);SMCWUSB-G 802.11g Wireless USB 2.0 Adapter(SMC);c:\windows\System32\drivers\SMCWGU.sys [31/05/2008 12:02 408064]
    S2 gupdate1c99ff79b931d10;Google Update Service (gupdate1c99ff79b931d10);c:\program files\Google\Update\GoogleUpdate.exe [08/03/2009 16:10 133104]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
    c:\program files\PixiePack Codec Pack\InstallerHelper.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2009-06-21 c:\windows\Tasks\GoogleUpdateTaskMachine.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-08 14:09]

    2009-06-21 c:\windows\Tasks\User_Feed_Synchronization-{786E6FB2-E932-4B08-AC4D-A1265EE006CE}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-28 11:31]
    .
    .
    ------- Examen supplémentaire -------
    .
    mStart Page = hxxp://www.ustart.org
    IE: Download linked FLV with GetFLV - c:\program files\GetFLV\iemenu\DownloadLinkFLV.htm
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr
    IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21
    FF - ProfilePath - c:\users\Amélie\AppData\Roaming\Mozilla\Firefox\Profiles\4uf2awep.default\
    FF - prefs.js: browser.search.selectedEngine - Live Search
    FF - prefs.js: browser.startup.homepage - hxxp://google.com/
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIAWB1&q=
    FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
    FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-21 11:50
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????C?^%M????>???>???>?0 >?X

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-104656271-2589497128-2738001241-1000\Software\SecuROM\License information*]
    @Allowed: (Read) (RestrictedCode)

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:00000000
    .
    Heure de fin: 2009-06-21 11:53
    ComboFix-quarantined-files.txt 2009-06-21 09:53
    ComboFix2.txt 2009-06-19 20:58

    Avant-CF: 14 002 855 936 octets libres
    Après-CF: 13 449 621 504 octets libres

    239 --- E O F --- 2009-06-19 07:09

    Pour le fichier, oui même en affichant les dossier caché je ne le trouve pas :/
    0
  4. Darkkiller Messages postés 2336 Statut Contributeur 67
     
    Re,

    Toujours tes soucis, d'écran bleus ?
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. lilly
     
    Non je revis, plus d'ecran bleu et il est beaucoup plus fluide! Il reste des infections ou il est enfin guérie?
    0
  7. Darkkiller Messages postés 2336 Statut Contributeur 67
     
    Re,

    Repostes un RSIT stp :)
    0
  8. lilly
     
    le voici :

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Amélie at 2009-06-21 19:32:59
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 11 GB (20%) free of 57 GB
    Total RAM: 893 MB (38% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:33:36, on 21/06/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Windows\UMStor\Res.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\System32\p2phost.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Windows\system32\conime.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Electronic Arts\EADM\Core.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    E:\Downloads\RSIT.exe
    C:\Program Files\trend micro\Amélie.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Windows\UMStor\Res.EXE
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
    O4 - Global Startup: SMCWUSB-G 802.11g Wireless USB Utility.lnk = C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
    O8 - Extra context menu item: Download linked FLV with GetFLV - C:\Program Files\GetFLV\iemenu\DownloadLinkFLV.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
    O9 - Extra 'Tools' menuitem: Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
    O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
    O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O13 - Gopher Prefix:
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate1c99ff79b931d10) (gupdate1c99ff79b931d10) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  9. Darkkiller Messages postés 2336 Statut Contributeur 67
     
    Re,

    Sa persistes dis donc ;)

    Donc :

    Télécharges OTM : http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/

    Double-clique sur [b]OTMoveIt.exe[/b] pour le lancer.
    [*]Assure toi que la case "Unregister Dll's and Ocx's" [u][b]soit bien cochée !!![/u][/b]
    [*]Copie le texte qui se trouve dans l'encadré ci-dessous, et colle le dans le cadre de gauche de OTMoveIt nommé [b]Paste List of Files/Folders to be moved[/b].

    :files
    c:\windows\system32\msupdte.exe
    c:\windows\pev.exe


    [*]Clique sur [b]MoveIt![/b] pour lancer la suppression.
    [*]Si OTMoveIt propose de redémarrer ton PC, [b]accepte[/b].
    [*]Lorsque un résultat apparaît dans le cadre [b]Results[/b], clique sur [b]Exit[/b].

    [*]Dans ta future réponse, envoie le rapport de OTMoveIt situé dans ce dossier : C:\_OTMoveIt\[b]MovedFiles.txt\[/b]

    0
  10. lilly
     
    Bonjour!

    Apparement ça n'a pas très bien fonctionné :/ :

    ========== FILES ==========
    File/Folder c:\windows\system32\msupdte.exe not found.
    File move failed. c:\windows\PEV.exe scheduled to be moved on reboot.

    OTM by OldTimer - Version 2.1.0.1 log created on 06222009_163748

    Files moved on Reboot...
    File move failed. c:\windows\PEV.exe scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
    0
  11. Darkkiller Messages postés 2336 Statut Contributeur 67
     
    Re,

    Rends toi sur ce site :

    https://www.virustotal.com/gui/

    Clique sur parcourir et cherche ce fichier :

    c:\windows\PEV.exe

    Clique sur Send File.

    Un rapport va s'élaborer ligne à ligne.

    Attends la fin. Il doit comprendre la taille du fichier envoyé.

    Sauvegarde le rapport avec le bloc-note.

    Copie le dans ta réponse.

    Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant.
    0
  12. lilly
     
    voilà:

    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.5.0.18 2009.06.24 -
    AhnLab-V3 5.0.0.2 2009.06.24 -
    AntiVir 7.9.0.193 2009.06.24 -
    Antiy-AVL 2.0.3.1 2009.06.24 -
    Authentium 5.1.2.4 2009.06.24 -
    Avast 4.8.1335.0 2009.06.23 -
    AVG 8.5.0.339 2009.06.24 -
    BitDefender 7.2 2009.06.24 -
    CAT-QuickHeal 10.00 2009.06.22 (Suspicious) - DNAScan
    ClamAV 0.94.1 2009.06.24 -
    Comodo 1404 2009.06.24 -
    DrWeb 5.0.0.12182 2009.06.24 -
    eSafe 7.0.17.0 2009.06.24 Suspicious File
    eTrust-Vet 31.6.6577 2009.06.24 -
    F-Prot 4.4.4.56 2009.06.24 -
    F-Secure 8.0.14470.0 2009.06.24 -
    Fortinet 3.117.0.0 2009.06.24 -
    GData 19 2009.06.24 -
    Ikarus T3.1.1.59.0 2009.06.24 -
    Jiangmin 11.0.706 2009.06.24 -
    K7AntiVirus 7.10.768 2009.06.19 -
    Kaspersky 7.0.0.125 2009.06.24 -
    McAfee 5655 2009.06.23 -
    McAfee+Artemis 5655 2009.06.23 -
    McAfee-GW-Edition 6.7.6 2009.06.24 -
    Microsoft 1.4803 2009.06.24 -
    NOD32 4184 2009.06.24 -
    Norman 6.01.09 2009.06.23 -
    nProtect 2009.1.8.0 2009.06.24 -
    Panda 10.0.0.16 2009.06.24 -
    PCTools 4.4.2.0 2009.06.24 -
    Prevx 3.0 2009.06.24 -
    Rising 21.35.24.00 2009.06.24 -
    Sophos 4.42.0 2009.06.24 -
    Sunbelt 3.2.1858.2 2009.06.23 -
    Symantec 1.4.4.12 2009.06.24 -
    TheHacker 6.3.4.3.352 2009.06.24 -
    TrendMicro 8.950.0.1094 2009.06.24 -
    VBA32 3.12.10.7 2009.06.24 -
    ViRobot 2009.6.24.1802 2009.06.24 -
    VirusBuster 4.6.5.0 2009.06.24 -
    Information additionnelle
    File size: 155136 bytes
    MD5...: 915a05f3839497fa5ed64036b376f5bf
    SHA1..: 82c7b739aa6a25522280fa33e7cec351524fc95b
    SHA256: b56a43b98983ecd011a9611150af2cc9b2bf1f7e055531e1ffa32c1999e39492
    ssdeep: 3072:1GYiBZYdagItJ4CKW5bn+Rd2dnZnl3OjnlKrQnRjavBlkQ3OdbQfuOQf+ro
    3X112:1LiXYMg8b5roITnl3OjUr8pavBj3CGQx
    PEiD..: PECompact 2.xx --> BitSum Technologies
    TrID..: File type identification
    Win32 EXE PECompact compressed (v2.x) (48.9%)
    Win32 EXE PECompact compressed (generic) (34.4%)
    Win32 Executable Generic (7.0%)
    Win32 Dynamic Link Library (generic) (6.2%)
    Generic Win/DOS Executable (1.6%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x1000
    timedatestamp.....: 0x4a2c45b6 (Sun Jun 07 22:56:54 2009)
    machinetype.......: 0x14c (I386)

    ( 3 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x6c000 0x24800 8.00 3bf5f284e20099f47ffcaeca82d070a3
    .rsrc 0x6d000 0x1000 0x1000 7.57 7638b3b85f7429cdda8c642941448a53
    .reloc 0x6e000 0x200 0x200 0.22 f21d6126b0601aea8238b6e37f555939

    ( 1 imports )
    > kernel32.dll: LoadLibraryA, GetProcAddress, VirtualAlloc, VirtualFree

    ( 0 exports )
    PDFiD.: -
    RDS...: NSRL Reference Data Set
    -
    ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=915a05f3839497fa5ed64036b376f5bf' target='_blank'>https://www.symantec.com?md5=915a05f3839497fa5ed64036b376f5bf</a>
    packers (Kaspersky): PE_Patch.PECompact, PecBundle, PECompact
    packers (F-Prot): PecBundle, PECompact
    0
  13. Darkkiller Messages postés 2336 Statut Contributeur 67
     
    Re,

    Ok.
    As-tu d'autres soucis ?
    Si non, on peut passer au nettoyage final :)
    0
  14. lilly
     
    Non pas d'autre soucis...

    Quesque le nettoyage final? :)
    0
  15. Darkkiller Messages postés 2336 Statut Contributeur 67
     
    Salut,

    Le nettoyage final consiste a enlever tous les outils dont nous nous sommes utilisés, vider le cache internet explorer + firefox, puis refaire une dernier analyse :).

    Allons-y :) :

    Télécharge ToolsCleaner :

    http://pc-system.fr/

    MEts le fichier sur ton bureau, executes-le et cliques sur rechercher. Si il trouve quelque chose, clique simplement sur supprimer, et tu m'enverras le rapport :).

    Relance tools cleaner, cliques maintenant en bas dans options facultatives, sur "Vider la corbeille" et "Nettoyage de vos fichiers temp".

    Une derniere analyse :

    Fais un scan en ligne
    Kaspersky https://www.kaspersky.fr/downloads avec Internet Explorer :
    - Clique sur Démarrer Online-Scanner

    - Clique maintenant sur J'accepte.
    - Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
    - Patiente pendant l'installation des Mises à jour.
    - Choisis par la suite l'analyse du Poste de travail.
    - Sauvegarde puis colle le rapport généré en fin d'analyse.

    AIDE : Configurer le contrôle des ActiveX

    NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

    Voilà !
    0
Précédent
  • 1
  • 2