Sujet Précédent Sujet Suivant

Virus Win 32 : rapport de highjackthis ..HELP

Fermé
Ceessou - 10 sept. 2011 à 16:51
heraultais34600 Messages postés 761 Date d'inscription dimanche 21 août 2011 Statut Membre Dernière intervention 2 octobre 2021 - 13 sept. 2011 à 07:47
Bonjour !




Quelqu'un est -il suffisamment compétent pour comprendre le log de Highjackthis que je poste ici ?
Apparemment dans mon disque C dans programme data, j'ai un p*** de virus qui fait que mon pc bloque régulièrement et je ne peux plus rien faire ( et je travaille sur mon pc donc je suis bloquée!! ) :(:(

S'il vous plait, help me !!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:46:32, on 10/09/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Brownie\BrStsWnd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Cécile\Desktop\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 91.203.36.25:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: BittorrentBar_FR Toolbar - {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files\BittorrentBar_FR\tbBitt.dll
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\Windows\system32\Userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: BittorrentBar_FR Toolbar - {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files\BittorrentBar_FR\tbBitt.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BittorrentBar_FR Toolbar - {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files\BittorrentBar_FR\tbBitt.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Regedit32] C:\Windows\system32\regedit.exe
O4 - HKCU\..\Run: [Xvid] C:\Users\Cécile\Desktop\CheckUpdate.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: Samsung Auto Backup Guage.lnk = ?
O4 - Startup: Samsung Auto Backup Real-Time Daemon.lnk = ?
O4 - Startup: Samsung Auto Backup Scheduler.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/redirect-home?tag=Toshibafrbholink-21&site=home (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (file missing)
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O15 - Trusted Zone: *.legal.regn.net
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} (F5 Networks Dynamic Application Tunnel Control) - https://portail.lexisnexis.fr/vdesk/terminal/f5tunsrv.cab#version=6031,2009,1010,310
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://portail.lexisnexis.fr/vdesk/terminal/InstallerControl.cab
O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} (F5 Virtual Sandbox Class) - https://portail.lexisnexis.fr/vdesk/terminal/vdeskctrl.cab#version=6031,2009,1010,0309
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://portail.lexisnexis.fr/vdesk/terminal/urxshost.cab#version=6031,2009,1010,308
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://portail.lexisnexis.fr/vdesk/terminal/urxhost.cab#version=6031,2009,1010,304
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: MIT_KFW - C:\Windows\
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service Google Update (gupdate1ca0ffee1272ee3) (gupdate1ca0ffee1272ee3) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
A voir également:

3 réponses

Réponse 1 / 3
heraultais34600 Messages postés 761 Date d'inscription dimanche 21 août 2011 Statut Membre Dernière intervention 2 octobre 2021 97
Modifié par heraultais34600 le 10/09/2011 à 18:35
Bonsoir,

Ton pc est infecté.

Etape 1:
Je vois que tu as pu lancer Hijackthis, essaye donc de lancer ton antivirus et transmets le rapport sur ce site
Si tu ne peux pas démarrer ton ordinateur, essaye de le démarrer en mode sans échec avec prise en charge réseau.

Etape 2:
Hijackthis est quelque peu dépassé aussi je te conseille ceci:

* Télécharge OTL (de OldTimer) sur ton Bureau
* Ferme tous tes programmes puis lance-le (puisque tu es sous Windows vista, fais un clic-droit dessus et choisis "exécuter en temps qu'administrateur")
* Coche la case "tous les utilisateurs" puis clique sur le bouton "Analyse"
* Patiente pendant l'analyse jusqu'à l'apparition des deux rapports OTL.txt et Extras.txt
* Héberge les rapports sur ce site, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

Bonne soirée.
0
Ceessou
12 sept. 2011 à 12:46
Bonjour et merci pour vos réponses,

OTL se met à analyser et rapidement, il bloque ( "ne répond plus").... Je ne peux donc pas poster son rapport...:(
0
Ceessou
12 sept. 2011 à 13:12
aaaah! j'ai réussi, il a fini par aller au bout de l'analyse après plusieurs tentatives ( je sens une lutte au sommet ;)!)
Bref voici les liens demandés :
http://www.cijoint.fr/cjlink.php?file=cj201109/cijlJKAlkr.txt
http://www.cijoint.fr/cjlink.php?file=cj201109/cijs96ErrA.txt
Quelle est la prochaine étape ?

Merci encore de votre aide. :)
0
Réponse 2 / 3
heraultais34600 Messages postés 761 Date d'inscription dimanche 21 août 2011 Statut Membre Dernière intervention 2 octobre 2021 97
Modifié par heraultais34600 le 12/09/2011 à 21:30
Bonsoir ceessou,

Bonjour ceessou,

Après analyse de tes rapports, je constate que ton pc est effectivement bien infecté. Je vais te donner une première procédure à suivre:

Etape 1:

- Relance OTL de la manière suivante (fais un clic droit sur l'exécutable OTL et sélectionne "Exécuter en tant qu'adminstrateur")
- Coche "Tous les utilisateurs"
- Sous l'emplacement Personnalisation copie/colle le contenu du script ci-dessous en gras
- Clique sur le bouton Correction
- Une fois terminé, le rapport de suppression est sauvegardé sur ton disque dur C:\_OTL\ sous la forme date_heure.txt.
- Poste le contenu du rapport ICI

:OTL
PRC - [2011/03/13 16:53:20 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe
PRC - [2010/03/15 17:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 17:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010/03/09 14:40:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/01/22 15:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
MOD - [2011/08/15 22:49:26 | 000,077,312 | ---- | M] () -- C:\Users\Cécile\AppData\Roaming\Mozilla\Firefox\Profiles\j63dxe4g.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\components\RadioWMPCoreGecko6.dll
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.01men.com/' target='_blank' rel='nofollow'>http://www.01net.com/http://www.01men.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.01men.com/' target='_blank' rel='nofollow'>http://www.01net.com/http://www.01men.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
IE - HKLM\..\URLSearchHook: {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files\BittorrentBar_FR\tbBitt.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1183030686-2702789871-2610124224-1000\..\URLSearchHook: {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files\BittorrentBar_FR\tbBitt.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..extensions.enabledItems: {ef79f67a-6ad7-4715-a0f8-932fca442023}:3.3.3.2
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: development@add-art.org:0.8.55
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..network.proxy.http: "200.195.156.234 "
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files\ClickPotatoLite\bin\10.0.625.0\firefox\extensions
[2009/09/14 22:45:37 | 000,002,137 | ---- | M] () -- C:\Users\Cécile\AppData\Roaming\Mozilla\Firefox\Profiles\j63dxe4g.default\searchplugins\MyStart Search.xml
[2011/08/19 23:18:30 | 000,003,910 | ---- | M] () -- C:\Users\Cécile\AppData\Roaming\Mozilla\Firefox\Profiles\j63dxe4g.default\searchplugins\sweetim.xml
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BittorrentBar_FR Toolbar) - {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files\BittorrentBar_FR\tbBitt.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (BittorrentBar_FR Toolbar) - {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files\BittorrentBar_FR\tbBitt.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1183030686-2702789871-2610124224-1000\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-1183030686-2702789871-2610124224-1000\..\Toolbar\WebBrowser: (BittorrentBar_FR Toolbar) - {EF79F67A-6AD7-4715-A0F8-932FCA442023} - C:\Program Files\BittorrentBar_FR\tbBitt.dll (Conduit Ltd.)
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKU\S-1-5-19\..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20\..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1183030686-2702789871-2610124224-1000\..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
[2011/08/19 23:18:04 | 000,000,000 | ---D | C] -- C:\Users\Cécile\AppData\Roaming\PCtuto
[2011/08/19 23:17:46 | 000,000,000 | ---D | C] -- C:\Program Files\PCTuto
[2011/08/19 23:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Cécile\Documents\*.tmp files -> C:\Users\Cécile\Documents\*.tmp -> ]
[2011/09/02 17:50:32 | 000,001,681 | ---- | C] () -- C:\Users\Cécile\Desktop\Ad-Remover.lnk
[2010/04/26 05:45:34 | 000,012,298 | -HS- | C] () -- C:\Users\Cécile\AppData\Local\E3y82RGaVk47
[2010/04/26 05:45:34 | 000,012,298 | -HS- | C] () -- C:\ProgramData\E3y82RGaVk47
[2010/04/25 03:54:20 | 000,000,120 | ---- | C] () -- C:\Users\Cécile\AppData\Local\Bbasipiqowal.dat
[2010/04/25 03:54:20 | 000,000,000 | ---- | C] () -- C:\Users\Cécile\AppData\Local\Kfonapon.bin
[2010/04/25 03:52:28 | 000,011,030 | -HS- | C] () -- C:\Users\Cécile\AppData\Local\I6vNTV7g2h23
[2010/04/25 03:52:28 | 000,011,030 | -HS- | C] () -- C:\ProgramData\I6vNTV7g2h23
[2010/04/25 03:52:22 | 000,000,020 | ---- | C] () -- C:\Users\Cécile\AppData\Roaming\kcmdte.dat
[2009/11/30 21:08:17 | 000,211,467 | ---- | C] () -- C:\Windows\jgzr.dat
:Commands
[emptytemp]


Etape 2:

* Télécharge AdwCleaner (d'Xplode) sur ton bureau.
* Lance le,
* Clique sur [Recherche] puis patiente le temps du scan. Une fois le scan fini, un rapport s'ouvrira.
* Ouvre le Bloc-notes,
* Copie/colle ce texte dans le bloc-notes et enregistre le sous un nom de fichier (scanadw par exempel)
* Envoie ce fichier ICI
* Poste moi le lien qui te sera fourni dans ta prochaine réponse.

J'attends tes rapports avant de procéder à la suite.

PS: je m'absente pendant 48h donc ne t'inquiète pas si je ne te réponds dans ce laps de temps. Je te reprendrai dès mon retour.

Bonne soirée.
0
Ceessou
12 sept. 2011 à 22:14
Bonsoir,

Avant d'avoir eu ce dernier message j'ai téléchargé "Combo fix" supposé nettoyer mon PC et voilà le rapport :


ComboFix 11-09-12.02 - Cécile 12/09/2011 21:21:57.1.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2908.1360 [GMT 2:00]
Lancé depuis: c:\users\CÚcile\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-08-12 au 2011-09-12 ))))))))))))))))))))))))))))))))))))
.
.
2011-09-12 19:52 . 2011-09-12 19:52 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2011-09-12 19:52 . 2011-09-12 19:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-12 10:47 . 2011-09-12 10:47 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{47D3E0C9-CE0B-43A8-881F-2693B3820637}\MpKsl38f220cd.sys
2011-09-12 10:46 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{47D3E0C9-CE0B-43A8-881F-2693B3820637}\mpengine.dll
2011-09-10 14:23 . 2011-09-10 14:23 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{355DD72D-3244-4756-AA81-A1ABFC94D943}\MpKslaebe8b01.sys
2011-09-09 18:08 . 2011-09-09 18:08 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{355DD72D-3244-4756-AA81-A1ABFC94D943}\MpKsl6ec9adbe.sys
2011-09-09 18:06 . 2011-08-12 02:44 7152464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{355DD72D-3244-4756-AA81-A1ABFC94D943}\mpengine.dll
2011-09-08 12:16 . 2010-11-30 09:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{94B41EFF-194B-4649-9BD3-1CA35CEA8B68}\gapaengine.dll
2011-09-02 15:50 . 2011-09-02 16:48 -------- d-----w- c:\program files\Ad-Remover
2011-08-31 13:25 . 2011-08-31 13:39 -------- d-----w- c:\users\Cécile\AppData\Roaming\U3
2011-08-24 10:21 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-21 08:00 . 2011-08-21 08:00 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-08-19 21:18 . 2011-08-19 21:18 -------- d-----w- c:\users\Cécile\AppData\Roaming\PCtuto
2011-08-19 21:17 . 2011-09-02 15:47 -------- d-----w- c:\program files\PCTuto
2011-08-19 21:17 . 2011-08-19 21:17 -------- d-----w- c:\program files\SweetIM
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-30 16:29 . 2011-06-27 20:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-12 02:44 . 2011-07-16 11:56 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-12 09:20 . 2011-07-12 09:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 09:20 . 2011-07-12 09:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-10 21:01 . 2010-11-05 14:49 14744 ----a-w- c:\users\Cécile\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2011-07-10 21:01 . 2010-11-05 14:49 14744 ----a-w- c:\users\Cécile\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2011-07-06 15:31 . 2011-08-12 10:49 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-20 08:54 . 2011-08-12 10:46 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-20 08:54 . 2011-08-12 10:46 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-19 10:17 . 2011-06-19 10:17 161792 ----a-w- c:\windows\system32\msls31.dll
2011-06-19 10:17 . 2011-06-19 10:17 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-19 10:17 . 2011-06-19 10:17 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-19 10:17 . 2011-06-19 10:17 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-19 10:17 . 2011-06-19 10:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-19 10:17 . 2011-06-19 10:17 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-06-19 10:17 . 2011-06-19 10:17 367104 ----a-w- c:\windows\system32\html.iec
2011-06-19 10:17 . 2011-06-19 10:17 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-06-19 10:17 . 2011-06-19 10:17 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-19 10:17 . 2011-06-19 10:17 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-19 10:17 . 2011-06-19 10:17 152064 ----a-w- c:\windows\system32\wextract.exe
2011-06-19 10:17 . 2011-06-19 10:17 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-06-19 10:17 . 2011-06-19 10:17 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-06-19 10:17 . 2011-06-19 10:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-06-19 10:17 . 2011-06-19 10:17 11776 ----a-w- c:\windows\system32\mshta.exe
2011-06-19 10:17 . 2011-06-19 10:17 101888 ----a-w- c:\windows\system32\admparse.dll
2011-06-19 10:17 . 2011-06-19 10:17 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-06-19 10:17 . 2011-06-19 10:17 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-06-19 10:09 . 2011-06-19 10:09 4096 ----a-w- c:\windows\system32\drivers\fr-FR\dxgkrnl.sys.mui
2011-06-19 10:09 . 2011-06-19 10:09 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-06-19 10:09 . 2011-06-19 10:09 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-06-19 10:09 . 2011-06-19 10:09 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-06-19 10:09 . 2011-06-19 10:09 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-06-19 10:09 . 2011-06-19 10:09 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-06-19 10:09 . 2011-06-19 10:09 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-06-19 10:09 . 2011-06-19 10:09 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-06-17 20:13 . 2011-08-12 10:43 913296 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-17 16:03 . 2011-08-12 10:49 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-06-17 13:31 . 2011-08-12 10:43 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-09-07 21:48 . 2011-05-13 14:59 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-31 02:50 . 2009-11-25 05:09 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ef79f67a-6ad7-4715-a0f8-932fca442023}"= "c:\program files\BittorrentBar_FR\tbBitt.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{ef79f67a-6ad7-4715-a0f8-932fca442023}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ef79f67a-6ad7-4715-a0f8-932fca442023}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\BittorrentBar_FR\tbBitt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ef79f67a-6ad7-4715-a0f8-932fca442023}"= "c:\program files\BittorrentBar_FR\tbBitt.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{ef79f67a-6ad7-4715-a0f8-932fca442023}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EF79F67A-6AD7-4715-A0F8-932FCA442023}"= "c:\program files\BittorrentBar_FR\tbBitt.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{ef79f67a-6ad7-4715-a0f8-932fca442023}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-18 39408]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-08-23 107000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"NDSTray.exe"="NDSTray.exe" [BU]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-06-01 115560]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-09-18 880640]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-31 30192]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-03-09 1286608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-03-13 114992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
c:\users\C'cile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung Auto Backup Guage.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFGuage.exe [2011-7-19 823296]
Samsung Auto Backup Real-Time Daemon.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2011-7-19 65536]
Samsung Auto Backup Scheduler.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFTimerD.exe [2011-7-19 102400]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\G:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Cécile^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
path=c:\users\Cécile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-31 02:50 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl0ee9ec2d;MpKsl0ee9ec2d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F4B7F16-F432-41D0-83A7-225EEF525072}\MpKsl0ee9ec2d.sys [x]
R1 MpKsl0fc9bf3b;MpKsl0fc9bf3b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{14AFC72E-B5BF-4E7F-AD2C-C915D0085325}\MpKsl0fc9bf3b.sys [x]
R1 MpKsl1471d51f;MpKsl1471d51f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EE36CC11-F337-4B0B-B21A-99CA7A99F1AA}\MpKsl1471d51f.sys [x]
R1 MpKsl15c66b1e;MpKsl15c66b1e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50C481A6-838A-4958-BF2A-C085BC7281CA}\MpKsl15c66b1e.sys [x]
R1 MpKsl5a878ebe;MpKsl5a878ebe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3887E9D8-3A61-4CA6-95AF-F26F2C39D2A7}\MpKsl5a878ebe.sys [x]
R1 MpKsl5b21e54a;MpKsl5b21e54a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{14AFC72E-B5BF-4E7F-AD2C-C915D0085325}\MpKsl5b21e54a.sys [x]
R1 MpKsl5e6174d5;MpKsl5e6174d5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{92DD4B0E-6B24-41C9-BB64-E9C4372C3F9E}\MpKsl5e6174d5.sys [x]
R1 MpKsl7cfa6023;MpKsl7cfa6023;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4029B017-0867-4B53-BB0B-0BFF92253830}\MpKsl7cfa6023.sys [x]
R1 MpKsla588ba3d;MpKsla588ba3d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{92DD4B0E-6B24-41C9-BB64-E9C4372C3F9E}\MpKsla588ba3d.sys [x]
R1 MpKslc64779dc;MpKslc64779dc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EE36CC11-F337-4B0B-B21A-99CA7A99F1AA}\MpKslc64779dc.sys [x]
R1 MpKslcbbd1247;MpKslcbbd1247;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{92DD4B0E-6B24-41C9-BB64-E9C4372C3F9E}\MpKslcbbd1247.sys [x]
R1 MpKsld474bf24;MpKsld474bf24;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{977BC1EE-53C6-4119-BA24-6B1F6187917E}\MpKsld474bf24.sys [x]
R1 MpKsle325bb74;MpKsle325bb74;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BC57AE6E-FBF5-4DA9-AB9E-929F68874AB9}\MpKsle325bb74.sys [x]
R1 MpKslf619b67d;MpKslf619b67d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50C481A6-838A-4958-BF2A-C085BC7281CA}\MpKslf619b67d.sys [x]
R1 MpKslfd38eb55;MpKslfd38eb55;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3887E9D8-3A61-4CA6-95AF-F26F2C39D2A7}\MpKslfd38eb55.sys [x]
R2 gupdate1ca0ffee1272ee3;Service Google Update (gupdate1ca0ffee1272ee3);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 133104]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2009-06-01 23888]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-31 30192]
R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 133104]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-09-01 234864]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\DRIVERS\swnc8u80.sys [2008-08-20 168192]
R3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\DRIVERS\swumx80.sys [2008-08-20 142976]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-29 218592]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-08-21 53816]
S1 MpKsl38f220cd;MpKsl38f220cd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{47D3E0C9-CE0B-43A8-881F-2693B3820637}\MpKsl38f220cd.sys [2011-09-12 28752]
S1 MpKsl399db0ba;MpKsl399db0ba;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFF40861-94F0-4B75-B472-0318F84E163A}\MpKsl399db0ba.sys [x]
S1 MpKsl54579496;MpKsl54579496;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFF40861-94F0-4B75-B472-0318F84E163A}\MpKsl54579496.sys [x]
S1 MpKsl5721f8a8;MpKsl5721f8a8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFF40861-94F0-4B75-B472-0318F84E163A}\MpKsl5721f8a8.sys [x]
S1 MpKsl6ec9adbe;MpKsl6ec9adbe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{355DD72D-3244-4756-AA81-A1ABFC94D943}\MpKsl6ec9adbe.sys [2011-09-09 28752]
S1 MpKslaebe8b01;MpKslaebe8b01;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{355DD72D-3244-4756-AA81-A1ABFC94D943}\MpKslaebe8b01.sys [2011-09-10 28752]
S1 RapportCerberus_29574;RapportCerberus_29574;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys [2011-08-09 216912]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-08-21 66360]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-08-21 158904]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-08-21 870200]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-16 105592]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-20 112128]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
S3 NisSrv;Inspection réseau Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-04-15 51160]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2007-04-09 8192]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - MPKSL38F220CD
*NewlyCreated* - MPKSLAEBE8B01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 03:44]
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 03:44]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = local;*.local
uInternet Settings,ProxyServer = 91.203.36.25:3128
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Barre RoboForm - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Enregistrer le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Personnaliser le menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Remplir le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: lexisnexis.fr\portail
Trusted Zone: regn.net\*.legal
TCP: DhcpNameServer = 192.168.0.254
FF - ProfilePath - c:\users\Cécile\AppData\Roaming\Mozilla\Firefox\Profiles\j63dxe4g.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
FF - prefs.js: network.proxy.http - 200.195.156.234
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKCU-Run-Regedit32 - c:\windows\system32\regedit.exe
HKCU-Run-Xvid - c:\users\Cécile\Desktop\CheckUpdate.exe
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
HKLM-Run-PCTuto - (no file)
Notify-MIT_KFW - (no file)
SafeBoot-Symantec Antvirus
MSConfigStartUp-clipacls - c:\users\CCILE~1\AppData\Local\Temp\Logoshta.dll
AddRemove-Xvid Video Codec 1.3.1 - c:\users\Cécile\Desktop\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-12 21:53
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2011-09-12 22:09:26
ComboFix-quarantined-files.txt 2011-09-12 20:09
.
Avant-CF: 1 241 690 112 octets libres
Après-CF: 1 175 076 864 octets libres
.
Current=1 Default=1 Failed=0 LastKnownGood=59 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59
- - End Of File - - 5361E016FC3082E8807F844F927058AA
0
Réponse 3 / 3
heraultais34600 Messages postés 761 Date d'inscription dimanche 21 août 2011 Statut Membre Dernière intervention 2 octobre 2021 97
Modifié par heraultais34600 le 13/09/2011 à 07:48
Bonjour ceessou,

Abandonne pour le moment tout ce qui a été dit auparavant.
Mefis-toi de ComboFix qui est un outil très puissant: il peut commettre des dégâts sur ton ordinateur lorsqu'il n'est pas utilisé à bon escient.
Avant de lancer l'artillerie lourde telle que ComboFix, nous allons faire ceci:

Etape1:

- Relance OTL de la manière suivante (fais un clic droit sur l'exécutable OTL et sélectionne "Exécuter en tant qu'administrateur")
- Coche "Tous les utilisateurs"
- Sous l'emplacement Personnalisation copie/colle le contenu du script ci-dessous en gras
- Clique sur le bouton Correction
- Une fois terminé, le rapport de suppression est sauvegardé sur ton disque dur C:\_OTL\ sous la forme date_heure.txt.
- Poste le contenu du rapport ICI

:OTL
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files\ClickPotatoLite\bin\10.0.625.0\firefox\extensions
[2009/09/14 22:45:37 | 000,002,137 | ---- | M] () -- C:\Users\Cécile\AppData\Roaming\Mozilla\Firefox\Profiles\j63dxe4g.default\searchplugins\MyStart Search.xml
[2011/08/19 23:18:04 | 000,000,000 | ---D | C] -- C:\Users\Cécile\AppData\Roaming\PCtuto
[2011/08/19 23:17:46 | 000,000,000 | ---D | C] -- C:\Program Files\PCTuto
PRC - [2011/03/13 16:53:20 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe
PRC - [2010/03/15 17:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 17:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010/03/09 14:40:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/01/22 15:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-1183030686-2702789871-2610124224-1000\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
MOD - [2011/08/15 22:49:26 | 000,077,312 | ---- | M] () -- C:\Users\Cécile\AppData\Roaming\Mozilla\Firefox\Profiles\j63dxe4g.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}\components\RadioWMPCoreGecko6.dll
IE - HKLM\..\URLSearchHook: {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files\BittorrentBar_FR\tbBitt.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1183030686-2702789871-2610124224-1000\..\URLSearchHook: {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files\BittorrentBar_FR\tbBitt.dll (Conduit Ltd.)
FF - prefs.js..extensions.enabledItems: {ef79f67a-6ad7-4715-a0f8-932fca442023}:3.3.3.2
[2011/08/16 11:27:10 | 000,000,000 | ---D | M] (BittorrentBar_FR Community Toolbar) -- C:\Users\Cécile\AppData\Roaming\mozilla\Firefox\Profiles\j63dxe4g.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}
[2011/08/19 23:18:30 | 000,003,910 | ---- | M] () -- C:\Users\Cécile\AppData\Roaming\Mozilla\Firefox\Profiles\j63dxe4g.default\searchplugins\sweetim.xml
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BittorrentBar_FR Toolbar) - {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files\BittorrentBar_FR\tbBitt.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BittorrentBar_FR Toolbar) - {ef79f67a-6ad7-4715-a0f8-932fca442023} - C:\Program Files\BittorrentBar_FR\tbBitt.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1183030686-2702789871-2610124224-1000\..\Toolbar\WebBrowser: (BittorrentBar_FR Toolbar) - {EF79F67A-6AD7-4715-A0F8-932FCA442023} - C:\Program Files\BittorrentBar_FR\tbBitt.dll (Conduit Ltd.)
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
[2011/08/19 23:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
:Commands
[emptytemp]

Etape 2:

Désinstalle pctools spyware doctor
Tu as plusieurs antivirus sur ton ordinateur. Alors fais un choix et conserves-en qu'un seul. Plusieurs antivirus = conflits système

Etape 3:

* Télécharge AdwCleaner (d'Xplode) sur ton bureau.
* Lance le,
* Clique sur [Recherche] puis patiente le temps du scan. Une fois le scan fini, un rapport s'ouvrira.
* Ouvre le Bloc-notes,
* Copie/colle ce texte dans le bloc-notes et enregistre le sous un nom de fichier (scanadw par exemple)
* Envoie ce fichier ICI
* Poste moi le lien qui te sera fourni dans ta prochaine réponse.

J'attends tes rapports avant de procéder à la suite.

PS: je m'absente pendant 48h donc ne t'inquiète pas si je ne te réponds dans ce laps de temps. Je te reprendrai dès mon retour.

Bonne journée.
0

Discussions similaires

Voxbone ? qui est-ce ?
fanfan54 -
djakool4 -

158 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
svp 32Gb est il egal a 32Go??
William Fernand -
nemrod18 -

3 réponses