Sujet Précédent Sujet Suivant

Ordinateur infécté, besoin d'aide

lilly -  
Darkkiller Messages postés 2336 Statut Contributeur -
Bonjour à vous

Quand j'ai allumé mon pc j'ai était bombardé d'alerte d'antivir, j'ai tout mis en quarentaine mais ça revient à chaque foi! Le plus gros problème c'est qu'un ecran bleu apparait au bout de quelques minutes, je n'ai pas le temps de lire ce qu'il y a d'ecrit que l'ordinateur s'eteint!
J'ai essayé le mode sans echec mais pareil l'ordi s'eteint avant que je n'ai le temps de scanner mon systeme! ( pas d'ecran bleu en mode sans echec)
Je suis perdu, j'ai besoin de vous!
A voir également:

34 réponses

Précédent
  • 1
  • 2
Réponse 21 / 34
lilly
 
Merci encore une foi!

Alors j'ai supprimer PEV.exe mais impossible de trouver msupdte dans systeme32, j'ai cherché mais il n'a pas l'air d'être là :/

le log apres avoir supprimer PEV.exe:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Amélie at 2009-06-20 17:36:40
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 13 GB (23%) free of 57 GB
Total RAM: 893 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:37:06, on 20/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\UMStor\Res.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\conime.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Downloads\RSIT.exe
C:\Program Files\trend micro\Amélie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Windows\UMStor\Res.EXE
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Global Startup: SMCWUSB-G 802.11g Wireless USB Utility.lnk = C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
O8 - Extra context menu item: Download linked FLV with GetFLV - C:\Program Files\GetFLV\iemenu\DownloadLinkFLV.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O9 - Extra 'Tools' menuitem: Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c99ff79b931d10) (gupdate1c99ff79b931d10) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 22 / 34
Darkkiller Messages postés 2336 Statut Contributeur 67
 
Re,

Est-ce que tu as affiché les fichiers/dossiers cachés ?

Sinon est-ce que tu peux me repasser un coup de combofix ?

Merci

Bonne soirée !
0
Réponse 23 / 34
lilly
 
Bonjour! Désolé pour le retard, voici le rapport combofix:

ComboFix 09-06-20.03 - Amélie 21/06/2009 11:43.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.893.414 [GMT 2:00]
Lancé depuis: c:\users\Amélie\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-05-21 au 2009-06-21 ))))))))))))))))))))))))))))))))))))
.

2009-06-19 09:35 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-19 09:35 . 2009-06-19 09:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-19 09:35 . 2009-06-19 09:35 -------- d-----w- c:\programdata\Malwarebytes
2009-06-19 09:35 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-19 07:46 . 2009-06-20 15:36 -------- d-----w- c:\program files\trend micro
2009-06-19 07:46 . 2009-06-19 07:47 -------- d-----w- C:\rsit
2009-06-18 20:21 . 2009-06-20 07:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-18 20:21 . 2009-06-18 20:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-18 19:31 . 2009-06-18 19:31 -------- d-----w- c:\windows\Sun
2009-06-14 07:10 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-14 07:10 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-07 15:23 . 2009-06-07 15:23 -------- d-----w- c:\program files\GetFLV
2009-06-07 15:23 . 2008-02-11 19:55 1462272 ----a-w- c:\windows\system32\vbsgf.dat
2009-05-23 19:51 . 2009-05-23 19:51 -------- d-----w- c:\programdata\Electronic Arts
2009-05-23 19:47 . 2009-05-23 19:47 -------- d-----w- c:\program files\Microsoft WSE
2009-05-23 19:46 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-05-23 19:30 . 2009-05-23 19:48 -------- d-----w- c:\program files\Electronic Arts
2009-05-22 15:37 . 2009-05-22 15:37 -------- d-----w- c:\windows\Applian FLV Player
2009-05-22 15:37 . 2009-05-22 15:37 -------- d-----w- c:\program files\FLV Player

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-20 07:13 . 2008-02-22 10:31 -------- d-----w- c:\program files\Google
2009-06-19 19:59 . 2008-01-21 08:40 37586 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-19 19:59 . 2008-01-21 08:40 13966 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-12 16:51 . 2008-11-17 20:08 -------- d-----w- c:\program files\Common Files\Real
2009-06-12 16:45 . 2008-02-22 09:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-12 16:45 . 2008-02-22 10:02 -------- d-----w- c:\program files\TOSHIBA
2009-06-12 08:13 . 2008-02-25 14:08 -------- d-----w- c:\program files\Microsoft Works
2009-06-08 08:31 . 2008-02-22 10:14 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-06-07 15:51 . 2008-02-22 10:14 -------- d-----w- c:\programdata\Ulead Systems
2009-05-27 16:15 . 2008-05-20 12:07 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-19 14:57 . 2008-05-20 13:28 -------- d-----w- c:\program files\Messenger Plus! Live
2009-05-14 11:48 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-09 07:55 . 2009-05-09 07:55 -------- d-----w- c:\program files\MediaCoder
2009-05-09 07:38 . 2008-05-22 20:52 -------- d-----w- c:\program files\DivX
2009-05-09 05:50 . 2009-06-11 07:15 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-11 07:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-06 19:23 . 2009-05-06 19:16 -------- d-----w- c:\program files\Audacity
2009-04-23 12:43 . 2009-06-11 07:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-11 07:15 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-11 07:15 2033152 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-06-19_20.55.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-06-21 07:23 55640 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-05-20 09:50 . 2009-06-19 20:48 17232 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-104656271-2589497128-2738001241-1000_UserData.bin
+ 2008-05-20 09:50 . 2009-06-21 07:23 17232 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-104656271-2589497128-2738001241-1000_UserData.bin
+ 2008-05-20 09:36 . 2009-06-20 15:09 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-20 09:36 . 2009-06-19 19:03 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-20 09:36 . 2009-06-19 19:03 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-20 09:36 . 2009-06-20 15:09 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-20 09:36 . 2009-06-20 15:09 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-20 09:36 . 2009-06-19 19:03 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-20 13:48 . 2009-06-20 21:58 4584 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-05-20 13:48 . 2009-06-19 09:45 4584 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-06-21 07:25 . 2009-06-21 07:25 9560 c:\windows\System32\networklist\icons\{AD76156F-29EE-459B-95FC-307476A1388E}_48.bin
+ 2009-06-21 07:25 . 2009-06-21 07:25 4280 c:\windows\System32\networklist\icons\{AD76156F-29EE-459B-95FC-307476A1388E}_32.bin
+ 2009-06-21 07:25 . 2009-06-21 07:25 2456 c:\windows\System32\networklist\icons\{AD76156F-29EE-459B-95FC-307476A1388E}_24.bin
- 2009-06-19 20:47 . 2009-06-19 20:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-21 07:20 . 2009-06-21 07:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-21 07:20 . 2009-06-21 07:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-06-19 20:47 . 2009-06-19 20:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-24 09:11 . 2009-06-20 20:21 398684 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 13:05 . 2009-06-21 07:23 102576 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 12:47 . 2009-06-21 07:20 323616 c:\windows\System32\FNTCACHE.DAT
- 2006-11-02 12:47 . 2009-06-13 07:14 323616 c:\windows\System32\FNTCACHE.DAT
+ 2009-05-08 09:19 . 2009-06-20 21:58 2178664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-05-08 09:19 . 2009-06-19 20:46 2178664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-01-29 430080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"CollaborationHost"="c:\windows\system32\p2phost.exe" [2008-01-21 192000]
"Sidebar"="c:\program files\windows sidebar\sidebar.exe" [2008-01-21 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-22 1836544]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-14 65536]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-29 4911104]
"NDSTray.exe"="NDSTray.exe" [BU]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SMCWUSB-G 802.11g Wireless USB Utility.lnk - c:\program files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe [2006-1-18 442368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Amélie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Eurobarre.lnk]
path=c:\users\Amélie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Eurobarre.lnk
backup=c:\windows\pss\Eurobarre.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Amélie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Notification de cadeaux MSN.lnk]
path=c:\users\Amélie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Notification de cadeaux MSN.lnk
backup=c:\windows\pss\Notification de cadeaux MSN.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7B09F4FD-A2CA-4960-93FB-A4C37C6C6AC6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{285B7490-3CDA-42A9-848E-BB9CE68A3D4F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{E47C92A4-8540-45C6-A72F-E5A3B07CDE9C}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{B035C294-D395-4517-BCD9-6A322CB78CAE}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{913B2CC2-83E6-420D-941F-77C508A0D74E}c:\\program files\\emule\\emule.exe"= Disabled:UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{2DD3D649-9974-436E-BE6F-D755F1578204}c:\\program files\\emule\\emule.exe"= Disabled:TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{C98960A6-5238-41ED-A603-A267B8AFD1B3}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{47471F6A-A827-4043-A55E-1BD388D2BD94}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{D2072365-6CEA-421A-8713-D85BC8A7C820}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{FFD06E6F-EE1A-481B-B74E-7BF00FF7BA76}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{71D481D6-E826-4495-AB6A-C89F009925CE}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{FDF254FE-E1BF-45C3-AC14-EF55C490CDDC}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{70E40C8C-1CF9-4C0D-A71F-76115DA90ACA}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{5D3BD69D-B2B5-4412-97F4-64BA7F9942C8}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{572A75F4-BC2A-4F54-A0B5-93295CD36965}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{EA7329C7-52D0-4B0B-B5B0-174101F5200F}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{FECEBDD8-F3EB-4524-BC6C-A1C9A0C119A8}c:\\program files\\kazaa lite k++\\kazaalite.kpp"= UDP:c:\program files\kazaa lite k++\kazaalite.kpp:KazaaLite.kpp
"UDP Query User{54070FC2-2736-424A-AC1D-DB145C1261E1}c:\\program files\\kazaa lite k++\\kazaalite.kpp"= TCP:c:\program files\kazaa lite k++\kazaalite.kpp:KazaaLite.kpp
"TCP Query User{4A215786-EC9E-4BCB-A674-75D4F6ABD8E8}c:\\program files\\adsltv\\adsltv.exe"= UDP:c:\program files\adsltv\adsltv.exe:adsltv
"UDP Query User{42B5B443-D7CE-4E8F-8602-E08585EC0717}c:\\program files\\adsltv\\adsltv.exe"= TCP:c:\program files\adsltv\adsltv.exe:adsltv
"TCP Query User{64D47860-1172-49B9-A927-2E2824B570FC}c:\\program files\\shareaza\\shareaza.exe"= UDP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"UDP Query User{CBD1E9BC-3741-4B8A-A007-6E725EBCE1C9}c:\\program files\\shareaza\\shareaza.exe"= TCP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"{ACC9FE8F-E4F0-4B86-A6CD-46C19B18E505}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{24AE12BC-C8C3-4E93-98C7-2795B5A77A81}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D116D5A5-CFB7-442D-A674-2F14A5EDB84B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{363F5896-00F6-49DF-9B6B-95981CAB2C24}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{7F4F9411-8359-4500-968C-1FF7EDE06CCD}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{DB261FCB-2DF8-4FE1-9510-7CC1C3AFF7E8}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{EBB94DC9-1F22-405E-A011-6E32C0CF2DF0}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager

R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [25/12/2007 14:07 40960]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [18/06/2009 22:21 1153368]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [03/12/2007 17:03 126976]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [22/02/2008 12:02 7168]
R3 SMCWGU(SMC);SMCWUSB-G 802.11g Wireless USB 2.0 Adapter(SMC);c:\windows\System32\drivers\SMCWGU.sys [31/05/2008 12:02 408064]
S2 gupdate1c99ff79b931d10;Google Update Service (gupdate1c99ff79b931d10);c:\program files\Google\Update\GoogleUpdate.exe [08/03/2009 16:10 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contenu du dossier 'Tâches planifiées'

2009-06-21 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-08 14:09]

2009-06-21 c:\windows\Tasks\User_Feed_Synchronization-{786E6FB2-E932-4B08-AC4D-A1265EE006CE}.job
- c:\windows\system32\msfeedssync.exe [2009-03-28 11:31]
.
.
------- Examen supplémentaire -------
.
mStart Page = hxxp://www.ustart.org
IE: Download linked FLV with GetFLV - c:\program files\GetFLV\iemenu\DownloadLinkFLV.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21
FF - ProfilePath - c:\users\Amélie\AppData\Roaming\Mozilla\Firefox\Profiles\4uf2awep.default\
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIAWB1&q=
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-21 11:50
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????C?^%M????>???>???>?0 >?X

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-104656271-2589497128-2738001241-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
Heure de fin: 2009-06-21 11:53
ComboFix-quarantined-files.txt 2009-06-21 09:53
ComboFix2.txt 2009-06-19 20:58

Avant-CF: 14 002 855 936 octets libres
Après-CF: 13 449 621 504 octets libres

239 --- E O F --- 2009-06-19 07:09

Pour le fichier, oui même en affichant les dossier caché je ne le trouve pas :/
0
Réponse 24 / 34
Darkkiller Messages postés 2336 Statut Contributeur 67
 
Re,

Toujours tes soucis, d'écran bleus ?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 34
lilly
 
Non je revis, plus d'ecran bleu et il est beaucoup plus fluide! Il reste des infections ou il est enfin guérie?
0
Réponse 26 / 34
Darkkiller Messages postés 2336 Statut Contributeur 67
 
Re,

Repostes un RSIT stp :)
0
Réponse 27 / 34
lilly
 
le voici :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Amélie at 2009-06-21 19:32:59
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 11 GB (20%) free of 57 GB
Total RAM: 893 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:33:36, on 21/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\UMStor\Res.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Downloads\RSIT.exe
C:\Program Files\trend micro\Amélie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Windows\UMStor\Res.EXE
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\windows sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Global Startup: SMCWUSB-G 802.11g Wireless USB Utility.lnk = C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
O8 - Extra context menu item: Download linked FLV with GetFLV - C:\Program Files\GetFLV\iemenu\DownloadLinkFLV.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O9 - Extra 'Tools' menuitem: Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c99ff79b931d10) (gupdate1c99ff79b931d10) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 28 / 34
Darkkiller Messages postés 2336 Statut Contributeur 67
 
Re,

Sa persistes dis donc ;)

Donc :

Télécharges OTM : http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/

Double-clique sur [b]OTMoveIt.exe[/b] pour le lancer.
[*]Assure toi que la case "Unregister Dll's and Ocx's" [u][b]soit bien cochée !!![/u][/b]
[*]Copie le texte qui se trouve dans l'encadré ci-dessous, et colle le dans le cadre de gauche de OTMoveIt nommé [b]Paste List of Files/Folders to be moved[/b].

:files
c:\windows\system32\msupdte.exe
c:\windows\pev.exe

[*]Clique sur [b]MoveIt![/b] pour lancer la suppression.
[*]Si OTMoveIt propose de redémarrer ton PC, [b]accepte[/b].
[*]Lorsque un résultat apparaît dans le cadre [b]Results[/b], clique sur [b]Exit[/b].

[*]Dans ta future réponse, envoie le rapport de OTMoveIt situé dans ce dossier : C:\_OTMoveIt\[b]MovedFiles.txt\[/b]

0
Réponse 29 / 34
lilly
 
Bonjour!

Apparement ça n'a pas très bien fonctionné :/ :

========== FILES ==========
File/Folder c:\windows\system32\msupdte.exe not found.
File move failed. c:\windows\PEV.exe scheduled to be moved on reboot.

OTM by OldTimer - Version 2.1.0.1 log created on 06222009_163748

Files moved on Reboot...
File move failed. c:\windows\PEV.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...
0
Réponse 30 / 34
Darkkiller Messages postés 2336 Statut Contributeur 67
 
Re,

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier :

c:\windows\PEV.exe

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant.
0
Réponse 31 / 34
lilly
 
voilà:

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.18 2009.06.24 -
AhnLab-V3 5.0.0.2 2009.06.24 -
AntiVir 7.9.0.193 2009.06.24 -
Antiy-AVL 2.0.3.1 2009.06.24 -
Authentium 5.1.2.4 2009.06.24 -
Avast 4.8.1335.0 2009.06.23 -
AVG 8.5.0.339 2009.06.24 -
BitDefender 7.2 2009.06.24 -
CAT-QuickHeal 10.00 2009.06.22 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.06.24 -
Comodo 1404 2009.06.24 -
DrWeb 5.0.0.12182 2009.06.24 -
eSafe 7.0.17.0 2009.06.24 Suspicious File
eTrust-Vet 31.6.6577 2009.06.24 -
F-Prot 4.4.4.56 2009.06.24 -
F-Secure 8.0.14470.0 2009.06.24 -
Fortinet 3.117.0.0 2009.06.24 -
GData 19 2009.06.24 -
Ikarus T3.1.1.59.0 2009.06.24 -
Jiangmin 11.0.706 2009.06.24 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.24 -
McAfee 5655 2009.06.23 -
McAfee+Artemis 5655 2009.06.23 -
McAfee-GW-Edition 6.7.6 2009.06.24 -
Microsoft 1.4803 2009.06.24 -
NOD32 4184 2009.06.24 -
Norman 6.01.09 2009.06.23 -
nProtect 2009.1.8.0 2009.06.24 -
Panda 10.0.0.16 2009.06.24 -
PCTools 4.4.2.0 2009.06.24 -
Prevx 3.0 2009.06.24 -
Rising 21.35.24.00 2009.06.24 -
Sophos 4.42.0 2009.06.24 -
Sunbelt 3.2.1858.2 2009.06.23 -
Symantec 1.4.4.12 2009.06.24 -
TheHacker 6.3.4.3.352 2009.06.24 -
TrendMicro 8.950.0.1094 2009.06.24 -
VBA32 3.12.10.7 2009.06.24 -
ViRobot 2009.6.24.1802 2009.06.24 -
VirusBuster 4.6.5.0 2009.06.24 -
Information additionnelle
File size: 155136 bytes
MD5...: 915a05f3839497fa5ed64036b376f5bf
SHA1..: 82c7b739aa6a25522280fa33e7cec351524fc95b
SHA256: b56a43b98983ecd011a9611150af2cc9b2bf1f7e055531e1ffa32c1999e39492
ssdeep: 3072:1GYiBZYdagItJ4CKW5bn+Rd2dnZnl3OjnlKrQnRjavBlkQ3OdbQfuOQf+ro
3X112:1LiXYMg8b5roITnl3OjUr8pavBj3CGQx
PEiD..: PECompact 2.xx --> BitSum Technologies
TrID..: File type identification
Win32 EXE PECompact compressed (v2.x) (48.9%)
Win32 EXE PECompact compressed (generic) (34.4%)
Win32 Executable Generic (7.0%)
Win32 Dynamic Link Library (generic) (6.2%)
Generic Win/DOS Executable (1.6%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x4a2c45b6 (Sun Jun 07 22:56:54 2009)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6c000 0x24800 8.00 3bf5f284e20099f47ffcaeca82d070a3
.rsrc 0x6d000 0x1000 0x1000 7.57 7638b3b85f7429cdda8c642941448a53
.reloc 0x6e000 0x200 0x200 0.22 f21d6126b0601aea8238b6e37f555939

( 1 imports )
> kernel32.dll: LoadLibraryA, GetProcAddress, VirtualAlloc, VirtualFree

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=915a05f3839497fa5ed64036b376f5bf' target='_blank'>https://www.symantec.com?md5=915a05f3839497fa5ed64036b376f5bf</a>
packers (Kaspersky): PE_Patch.PECompact, PecBundle, PECompact
packers (F-Prot): PecBundle, PECompact
0
Réponse 32 / 34
Darkkiller Messages postés 2336 Statut Contributeur 67
 
Re,

Ok.
As-tu d'autres soucis ?
Si non, on peut passer au nettoyage final :)
0
Réponse 33 / 34
lilly
 
Non pas d'autre soucis...

Quesque le nettoyage final? :)
0
Réponse 34 / 34
Darkkiller Messages postés 2336 Statut Contributeur 67
 
Salut,

Le nettoyage final consiste a enlever tous les outils dont nous nous sommes utilisés, vider le cache internet explorer + firefox, puis refaire une dernier analyse :).

Allons-y :) :

Télécharge ToolsCleaner :

http://pc-system.fr/

MEts le fichier sur ton bureau, executes-le et cliques sur rechercher. Si il trouve quelque chose, clique simplement sur supprimer, et tu m'enverras le rapport :).

Relance tools cleaner, cliques maintenant en bas dans options facultatives, sur "Vider la corbeille" et "Nettoyage de vos fichiers temp".

Une derniere analyse :

Fais un scan en ligne
Kaspersky https://www.kaspersky.fr/downloads avec Internet Explorer :
- Clique sur Démarrer Online-Scanner

- Clique maintenant sur J'accepte.
- Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
- Patiente pendant l'installation des Mises à jour.
- Choisis par la suite l'analyse du Poste de travail.
- Sauvegarde puis colle le rapport généré en fin d'analyse.

AIDE : Configurer le contrôle des ActiveX

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

Voilà !
0