Gros soucis avec mon PC portable
Scorpion59
Messages postés
181
Statut
Membre
-
ep44 Messages postés 7432 Statut Contributeur -
ep44 Messages postés 7432 Statut Contributeur -
Bonjour,
Voila, j'ai acheté dernièrement un PC portable, jusque la tout va bien
Mon beau frère est allé sur ses sites de modélisme et depuis j'ai des gros soucis pour accéder à internet avec
Internet explorer m'ouvre des fenêtre d'alerte, impossible de faire des recherche accéder à des sites et plus je reste connecter plus ça rame...
Firefox ne répond plus à rien
Idem, le Pc rame
Donc la j'ai du me connecter depuis mon PC de Bureau mais le PC portable tourne sous Vista avec McAfee security center pré-installé
Voila, donc si quelqu'un pouvait m'aider car moi je n'ose pas trop trifouiller
Voila, j'ai acheté dernièrement un PC portable, jusque la tout va bien
Mon beau frère est allé sur ses sites de modélisme et depuis j'ai des gros soucis pour accéder à internet avec
Internet explorer m'ouvre des fenêtre d'alerte, impossible de faire des recherche accéder à des sites et plus je reste connecter plus ça rame...
Firefox ne répond plus à rien
Idem, le Pc rame
Donc la j'ai du me connecter depuis mon PC de Bureau mais le PC portable tourne sous Vista avec McAfee security center pré-installé
Voila, donc si quelqu'un pouvait m'aider car moi je n'ose pas trop trifouiller
A voir également:
- Gros soucis avec mon PC portable
- Réinitialiser pc portable - Guide
- Pc portable lent - Guide
- Activer pavé tactile pc portable - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Plus de son sur mon pc - Guide
9 réponses
Bonjour
qu'a tu comme protection sur ton pc ? Mise à part mcafee
qui d'ailleurs n'est ce qui à de mieux
tu peux commencer par le lancer en mode sans échec et passer ton antivirus ainsi que toutes tes protections et nettoyeur
Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.
Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
ensuite si ça va mieux
Télécharge sur le bureau
ftp://ftp.commentcamarche.com/download/HJTInstall.exe
= Double-clic dessus pour l'installer
= Clic Do a system scan and save the log
=coller le rapport
si problème voir l'aide
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
sinon sert toi de clé usb pour transférer d'un pc a l'autre
@+
qu'a tu comme protection sur ton pc ? Mise à part mcafee
qui d'ailleurs n'est ce qui à de mieux
tu peux commencer par le lancer en mode sans échec et passer ton antivirus ainsi que toutes tes protections et nettoyeur
Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.
Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
ensuite si ça va mieux
Télécharge sur le bureau
ftp://ftp.commentcamarche.com/download/HJTInstall.exe
= Double-clic dessus pour l'installer
= Clic Do a system scan and save the log
=coller le rapport
si problème voir l'aide
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
sinon sert toi de clé usb pour transférer d'un pc a l'autre
@+
Et voici :
-------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:51:03, on 09/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Fabilus\AppData\Local\Temp\ssqQgHyW.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Fabilus\AppData\Local\Temp\iifeccdA.dll,c
O4 - HKCU\..\Run: [BM751737a4] Rundll32.exe "C:\Users\Fabilus\AppData\Local\Temp\upjafmbp.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
-------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:51:03, on 09/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Fabilus\AppData\Local\Temp\ssqQgHyW.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Fabilus\AppData\Local\Temp\iifeccdA.dll,c
O4 - HKCU\..\Run: [BM751737a4] Rundll32.exe "C:\Users\Fabilus\AppData\Local\Temp\upjafmbp.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
très bien
pour commencer
* Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
=> Installe le
=> Ensuite va en mode sans echec
Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
=> Lance malwarebytes
=> Coche "Executer un examen complet"
=> Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
=> Clique sur Supprimer la sélection
=> Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
=> Fait copier coller et poste le rapport
--------------------------
ensuite
* Télécharge CCleaner
https://filehippo.com/download_ccleaner/
=> Aide toi de ce tuto pour l'utiliser
https://www.malekal.com/tutoriel-ccleaner/
--------------------------
Ensuite Télécharge Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
=> déconnecte toi d'internet et ferme toutes tes applications.
=> désactive tes protections (antivirus, parefeu,antispyware)
=> Double-clic sur combofix,
=> Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
=> Attends que combofix ait terminé, un rapport sera créé.
=> réactive ton parefeu, ton antivirus, la garde de ton antispyware
=> copie/colle le rapport C:\ComboFix.txt
@+
pour commencer
* Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
=> Installe le
=> Ensuite va en mode sans echec
Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
=> Lance malwarebytes
=> Coche "Executer un examen complet"
=> Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
=> Clique sur Supprimer la sélection
=> Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
=> Fait copier coller et poste le rapport
--------------------------
ensuite
* Télécharge CCleaner
https://filehippo.com/download_ccleaner/
=> Aide toi de ce tuto pour l'utiliser
https://www.malekal.com/tutoriel-ccleaner/
--------------------------
Ensuite Télécharge Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
=> déconnecte toi d'internet et ferme toutes tes applications.
=> désactive tes protections (antivirus, parefeu,antispyware)
=> Double-clic sur combofix,
=> Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
=> Attends que combofix ait terminé, un rapport sera créé.
=> réactive ton parefeu, ton antivirus, la garde de ton antispyware
=> copie/colle le rapport C:\ComboFix.txt
@+
Alors voici le rapport de malwarebytes :
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 736
Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 160710
Temps écoulé: 15 minute(s), 48 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM751737a4 (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Users\Fabilus\AppData\Local\Temp\iifeccdA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Fabilus\AppData\Local\Temp\awtULFwv.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Fabilus\AppData\Local\Temp\upjafmbp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
===============================================================
Et voici celui de ComboFix :
ComboFix 08-05-08.1 - Fabilus 2008-05-09 21:29:46.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.278 [GMT 2:00]
Endroit: D:\Virus\ComboFix.exe
* Resident AV is active
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-09 to 2008-05-09 ))))))))))))))))))))))))))))))))))))
.
2008-05-09 20:48 . 2008-05-09 20:48 <REP> d-------- C:\Program Files\Yahoo!
2008-05-09 20:48 . 2008-05-09 20:48 <REP> d-------- C:\Program Files\CCleaner
2008-05-09 19:49 . 2008-05-09 19:49 <REP> d-------- C:\Users\Fabilus\AppData\Roaming\Malwarebytes
2008-05-09 19:48 . 2008-05-09 19:48 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-05-09 19:48 . 2008-05-09 19:48 <REP> d-------- C:\ProgramData\Malwarebytes
2008-05-09 19:48 . 2008-05-09 19:49 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-09 19:48 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-05-09 19:48 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-05-09 14:50 . 2008-05-09 14:50 <REP> d-------- C:\Program Files\Trend Micro
2008-05-09 12:29 . 2008-05-09 12:30 <REP> d-------- C:\Users\All Users\Lavasoft
2008-05-09 12:29 . 2008-05-09 12:30 <REP> d-------- C:\ProgramData\Lavasoft
2008-05-09 12:29 . 2008-05-09 12:29 <REP> d-------- C:\Program Files\Lavasoft
2008-05-09 12:26 . 2008-05-09 12:26 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-18 20:14 . 2008-04-18 20:14 <REP> d-------- C:\Users\Fabilus\AppData\Roaming\PeerNetworking
2008-04-18 17:19 . 2008-04-18 17:19 <REP> d-------- C:\Users\All Users\Elaborate Bytes
2008-04-18 17:19 . 2008-04-18 17:19 <REP> d-------- C:\ProgramData\Elaborate Bytes
2008-04-18 12:57 . 2008-04-18 12:57 <REP> d-------- C:\Users\All Users\SlySoft
2008-04-18 12:57 . 2008-04-18 12:57 <REP> d-------- C:\ProgramData\SlySoft
2008-04-18 12:48 . 2008-04-18 12:48 <REP> d-------- C:\Program Files\SlySoft
2008-04-18 12:46 . 2008-04-27 15:46 83 ---hs---- C:\Users\All Users\.zreglib
2008-04-18 12:46 . 2008-04-27 15:46 83 ---hs---- C:\ProgramData\.zreglib
2008-04-18 12:41 . 2008-04-18 13:00 48 ---hs---- C:\Windows\SFCD55F51.tmp
2008-04-18 06:59 . 2008-04-18 06:59 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-04-17 23:41 . 2008-04-17 23:41 <REP> d-------- C:\Program Files\Elaborate Bytes
2008-04-17 23:31 . 2008-04-17 23:31 <REP> d-------- C:\Users\All Users\FLEXnet
2008-04-17 23:31 . 2008-04-17 23:31 <REP> d-------- C:\ProgramData\FLEXnet
2008-04-17 23:19 . 2008-04-17 23:22 <REP> d-------- C:\Users\Fabilus\AppData\Roaming\Skype
2008-04-17 23:11 . 2008-04-17 23:11 <REP> d-------- C:\Program Files\Bonjour
2008-04-17 23:01 . 2008-04-17 23:01 <REP> d-------- C:\Program Files\VirtualDJ
2008-04-17 22:59 . 2008-04-17 22:59 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-17 22:55 . 2008-04-17 22:55 <REP> d-------- C:\Users\All Users\Skype
2008-04-17 22:55 . 2008-04-17 22:55 <REP> d-------- C:\ProgramData\Skype
2008-04-17 22:55 . 2008-04-17 22:55 <REP> d-------- C:\Program Files\Skype
2008-04-17 22:55 . 2008-04-17 22:55 <REP> d-------- C:\Program Files\Common Files\Skype
2008-04-17 22:54 . 2008-04-20 18:22 <REP> d-------- C:\Users\Fabilus\AppData\Roaming\Hamachi
2008-04-17 22:52 . 2008-04-17 22:54 <REP> d-------- C:\Program Files\Hamachi
2008-04-17 22:52 . 2008-04-17 22:52 25,544 --a------ C:\Windows\System32\drivers\hamachi.sys
2008-04-17 22:49 . 2008-04-17 22:49 <REP> d-------- C:\Program Files\SLD Codec Pack
2008-04-17 22:48 . 2008-04-17 22:48 <REP> d-------- C:\Program Files\ffdshow
2008-04-17 22:48 . 2008-04-17 22:48 36,734 --a------ C:\Windows\System32\OggDSuninst.exe
2008-04-17 22:48 . 2008-04-17 22:48 33,533 --a------ C:\Windows\System32\CoreVorbis-uninstall.exe
2008-04-17 22:47 . 2008-04-17 22:47 <REP> d-------- C:\Program Files\XviD
2008-04-17 22:47 . 2008-04-17 22:47 <REP> d-------- C:\Program Files\Morgan
2008-04-17 22:47 . 2008-04-17 22:47 <REP> d-------- C:\Program Files\AC3Filter
2008-04-17 22:47 . 2003-08-19 09:20 180,224 --a------ C:\Windows\System32\ac3filter.cpl
2008-04-17 22:47 . 2002-11-18 17:02 40,960 --a------ C:\Windows\System32\MMAVILNG.exe
2008-04-17 22:46 . 2008-04-17 22:47 <REP> d-------- C:\Program Files\DivX
2008-04-17 22:46 . 2008-04-17 22:46 1,890 --ahs---- C:\Windows\System32\KGyGaAvL.sys
2008-04-17 22:46 . 2008-04-17 22:46 56 -r-hs---- C:\Windows\System32\6DB171F490.sys
2008-04-17 22:31 . 2008-04-17 22:31 <REP> d-------- C:\Users\Fabilus\dwhelper
2008-04-16 19:12 . 2008-04-16 19:12 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-16 07:25 . 2008-04-16 07:26 <REP> d-------- C:\Users\All Users\WinZip
2008-04-16 07:25 . 2008-04-16 07:26 <REP> d-------- C:\ProgramData\WinZip
2008-04-16 00:52 . 2008-04-16 00:52 <REP> d-------- C:\Users\Fabilus\AppData\Roaming\Nero
2008-04-16 00:49 . 2008-04-16 00:49 <REP> d-------- C:\Users\All Users\Nero
2008-04-16 00:49 . 2008-04-16 00:49 <REP> d-------- C:\ProgramData\Nero
2008-04-16 00:49 . 2008-04-16 00:49 <REP> d-------- C:\Program Files\Nero
2008-04-16 00:49 . 2008-04-16 00:50 <REP> d-------- C:\Program Files\Common Files\Nero
2008-04-16 00:06 . 2008-05-09 10:36 <REP> d-------- C:\Users\Fabilus\AppData\Roaming\uTorrent
2008-04-16 00:06 . 2008-04-16 00:11 <REP> d-------- C:\Program Files\uTorrent
2008-04-15 23:37 . 2008-04-15 23:52 <REP> d-------- C:\Program Files\Windows Live
2008-04-15 23:37 . 2008-04-15 23:52 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-15 23:36 . 2008-04-15 23:40 <REP> d-------- C:\Users\All Users\WLInstaller
2008-04-15 23:36 . 2008-04-15 23:40 <REP> d-------- C:\ProgramData\WLInstaller
2008-04-15 23:10 . 2008-04-16 00:00 <REP> d-------- C:\Users\Fabilus\AppData\Roaming\Azureus
2008-04-15 23:10 . 2008-04-15 23:10 <REP> d-------- C:\Users\All Users\Azureus
2008-04-15 23:10 . 2008-04-15 23:10 <REP> d-------- C:\ProgramData\Azureus
2008-04-15 20:41 . 2008-05-06 23:10 <REP> d-------- C:\Users\Fabilus\AppData\Roaming\Toshiba
2008-04-15 20:40 . 2008-02-29 08:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-15 20:36 . 2008-02-29 06:21 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-04-15 20:36 . 2008-02-22 06:57 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-04-15 20:25 . 2008-04-15 20:25 <REP> d-------- C:\Users\Fabilus\AppData\Roaming\ATI
2008-04-15 20:23 . 2008-04-15 20:23 <REP> dr------- C:\Users\Fabilus\Searches
2008-04-15 20:23 . 2008-04-27 20:24 <REP> dr------- C:\Users\Fabilus\Contacts
2008-04-15 20:23 . 2008-04-15 20:23 <REP> d--hs---- C:\$RECYCLE.BIN
2008-04-15 20:22 . 2006-07-05 06:45 1,069,056 --a------ C:\Windows\System32\libeay32.dll
2008-04-15 20:22 . 2008-01-15 10:03 364,544 --a------ C:\Windows\System32\RtlLib.dll
2008-04-15 20:22 . 2003-11-18 10:27 155,648 --a------ C:\Windows\System32\IpLib.dll
2008-04-15 20:22 . 2006-10-26 22:30 131,072 --a------ C:\Windows\System32\EnumDevLib.dll
2008-04-15 20:22 . 2007-04-23 10:50 25,896 --a------ C:\Windows\System32\drivers\RtlProt.sys
2008-04-15 20:21 . 2008-04-15 20:21 <REP> d-------- C:\Users\Fabilus\AppData\Roaming\InstallShield
2008-04-15 20:21 . 2008-04-15 20:21 <REP> d-------- C:\Program Files\REALTEK RTL8187B Wireless LAN Driver
2008-04-15 20:21 . 2008-04-15 20:21 <REP> d-------- C:\Program Files\ltmoh
2008-04-15 20:21 . 2006-12-26 16:40 491,520 --a------ C:\Windows\System32\cselect.exe
2008-04-15 20:21 . 2007-12-26 11:20 290,304 --a------ C:\Windows\System32\drivers\rtl8187B.sys
2008-04-15 20:21 . 2007-12-26 11:20 290,304 --a------ C:\Windows\system\rtl8187B.sys
2008-04-15 20:21 . 2003-02-25 15:42 128,113 --a------ C:\Windows\System32\csellang.ini
2008-04-15 20:21 . 2003-12-05 09:48 77,824 --a------ C:\Windows\System32\tosmreg.exe
2008-04-15 20:21 . 2003-11-01 03:59 45,056 --a------ C:\Windows\System32\csellang.dll
2008-04-15 20:21 . 2007-03-15 12:21 10,162 --a------ C:\Windows\System32\tosmreg.ini
2008-04-15 20:21 . 2003-02-25 16:01 7,671 --a------ C:\Windows\System32\cseltbl.ini
2008-04-15 20:20 . 2008-04-15 20:20 <REP> d-------- C:\Windows\Options
2008-04-15 20:19 . 2008-04-15 20:19 <REP> d-------- C:\Users\All Users\ToshibaEurope
2008-04-15 20:19 . 2008-04-15 20:19 <REP> d-------- C:\ProgramData\ToshibaEurope
2008-04-15 20:18 . 2008-04-20 19:34 <REP> dr------- C:\Users\Fabilus\Videos
2008-04-15 20:18 . 2008-04-15 20:23 <REP> dr------- C:\Users\Fabilus\Saved Games
2008-04-15 20:18 . 2008-04-15 20:23 <REP> dr------- C:\Users\Fabilus\Pictures
2008-04-15 20:18 . 2008-04-27 15:04 <REP> dr------- C:\Users\Fabilus\Music
2008-04-15 20:18 . 2008-05-06 21:09 <REP> dr------- C:\Users\Fabilus\Links
2008-04-15 20:18 . 2008-04-15 23:40 <REP> dr------- C:\Users\Fabilus\Downloads
2008-04-15 20:18 . 2008-05-07 21:15 <REP> dr------- C:\Users\Fabilus\Documents
2008-04-15 20:18 . 2006-11-02 14:37 <REP> d-------- C:\Users\Fabilus\AppData\Roaming\Media Center Programs
2008-04-15 20:18 . 2008-05-08 17:58 <REP> d--h----- C:\Users\Fabilus\AppData
2008-04-15 20:18 . 2008-04-17 22:31 <REP> d-------- C:\Users\Fabilus
2008-04-15 20:18 . 2008-04-15 20:25 524,288 --ahs---- C:\Users\Fabilus\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
2008-04-15 20:18 . 2008-05-09 20:56 524,288 --ahs---- C:\Users\Fabilus\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
2008-04-15 20:18 . 2008-05-09 21:37 262,144 --ah----- C:\Users\Fabilus\ntuser.dat.LOG1
2008-04-15 20:18 . 2008-05-09 20:56 65,536 --ahs---- C:\Users\Fabilus\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
2008-04-15 20:18 . 2008-04-15 20:18 0 --ah----- C:\Users\Fabilus\ntuser.dat.LOG2
2008-04-15 20:17 . 2008-04-15 20:17 <REP> dr------- C:\Windows\System32\config\systemprofile\Contacts
2008-04-15 20:05 . 2008-04-15 20:05 0 -rahs---- C:\Windows\System32\drivers\TOSHIBA_Satellite L300D_06547-FR_PSLC0E-00S01.MRK
2008-04-15 20:00 . 2008-04-15 20:00 <REP> d-------- C:\Windows\System32\en
2008-04-15 19:59 . 2008-04-15 20:00 <REP> d-------- C:\Program Files\Camera Assistant Software for Toshiba
2008-04-15 19:59 . 2007-12-17 11:45 18,432 --a------ C:\Windows\System32\drivers\UVCFTR_S.SYS
2008-04-11 16:14 . 2008-04-11 16:14 97,728 --a------ C:\Windows\System32\drivers\AnyDVD.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 08:39 --------- d-----w C:\Program Files\McAfee
2008-05-07 18:17 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-17 05:26 --------- d-----w C:\Program Files\Java
2008-04-15 22:27 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-15 21:00 --------- d-----w C:\Program Files\Google
2008-04-15 20:45 --------- d-----w C:\Program Files\Picasa2
2008-04-15 19:11 --------- d-----w C:\Program Files\Windows Mail
2008-04-15 18:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-15 18:22 --------- d-----w C:\Program Files\Realtek
2008-04-15 18:17 --------- d-sh--w C:\ProgramData\Modèles
2008-04-15 18:17 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-04-15 18:17 --------- d-sh--w C:\ProgramData\Favoris
2008-04-15 18:17 --------- d-sh--w C:\ProgramData\Bureau
2008-04-15 18:17 --------- d-sh--w C:\Program Files\Fichiers communs
2008-04-15 18:07 --------- d-----w C:\Program Files\TOSHIBA
2008-03-14 22:24 93,128 ----a-w C:\Windows\System32\ElbyCDIO.dll
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-22 09:50 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-02-22 09:49 315,392 ----a-w C:\Windows\HideWin.exe
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 04:23 1233920]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-01-29 17:00 430080]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 04:25 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 14:18 202024]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 04:25 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-21 04:23 1008184]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 19:51 4911104 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 19:12 1029416]
"NDSTray.exe"="NDSTray.exe" []
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 10:24 581632]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-22 12:33 1836544]
"Desktop SMS"="C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe" [2007-06-18 11:51 1507328]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 17:41 413696]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 16:27 431456]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 13:33 509816]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 14:25 712704]
"Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 12:05 571024]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51 1836328]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]
"DelayShred"="C:\Program Files\McAfee\MSHR\ShrCL.exe" [2007-07-25 16:10 111904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
"LoadAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E7396CC2-2D9F-4E77-B9FF-14A35DE6F25C}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{7B09F4FD-A2CA-4960-93FB-A4C37C6C6AC6}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{285B7490-3CDA-42A9-848E-BB9CE68A3D4F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{47DCA800-BF97-4041-89CF-C3BE51FB431C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{C528D1AE-7927-4E7A-966A-8A60E8EA895C}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{78DCB1CA-242C-444E-A0F1-04012CBF4689}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 11:23]
R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32.sys [2008-01-21 16:42]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-23 10:50]
R2 ConfigFree Service;ConfigFree Service;"C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" [2007-12-25 14:07]
R2 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-01-21 17:54]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;"c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe" [2007-12-03 17:03]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-27 23:36]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 15:11]
R3 RTL8187B;Adaptateur réseau USB 2.0 54Mbps, 802.11b/g sans fil Realtek RTL8187B;C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 11:20]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 12:50]
R3 UVCFTR;UVCFTR;C:\Windows\system32\Drivers\UVCFTR_S.SYS [2007-12-17 11:45]
S3 MBAMCatchMe;MBAMCatchMe;C:\Windows\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 04:23]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 04:23]
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-22 10:38:26 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-22 10:38:26 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 21:36:43
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????C?^%M????>???>???>?0 >?X
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-09 21:38:49
ComboFix-quarantined-files.txt 2008-05-09 19:38:31
Pre-Run: 27,936,354,304 octets libres
Post-Run: 27,987,111,936 octets libres
259 --- E O F --- 2008-04-18 05:00:00
=========================================================
Et voila, j'espère que tout à été enlevé ...
J'attend les instructions pour la suite ^^
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 736
Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 160710
Temps écoulé: 15 minute(s), 48 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM751737a4 (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Users\Fabilus\AppData\Local\Temp\iifeccdA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Fabilus\AppData\Local\Temp\awtULFwv.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Fabilus\AppData\Local\Temp\upjafmbp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
===============================================================
Et voici celui de ComboFix :
ComboFix 08-05-08.1 - Fabilus 2008-05-09 21:29:46.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.278 [GMT 2:00]
Endroit: D:\Virus\ComboFix.exe
* Resident AV is active
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-09 to 2008-05-09 ))))))))))))))))))))))))))))))))))))
.
2008-05-09 20:48 . 2008-05-09 20:48 <REP> d-------- C:\Program Files\Yahoo!
2008-05-09 20:48 . 2008-05-09 20:48 <REP> d-------- C:\Program Files\CCleaner
2008-05-09 19:49 . 2008-05-09 19:49 <REP> d-------- C:\Users\Fabilus\AppData\Roaming\Malwarebytes
2008-05-09 19:48 . 2008-05-09 19:48 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-05-09 19:48 . 2008-05-09 19:48 <REP> d-------- C:\ProgramData\Malwarebytes
2008-05-09 19:48 . 2008-05-09 19:49 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-09 19:48 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-05-09 19:48 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-05-09 14:50 . 2008-05-09 14:50 <REP> d-------- C:\Program Files\Trend Micro
2008-05-09 12:29 . 2008-05-09 12:30 <REP> d-------- C:\Users\All Users\Lavasoft
2008-05-09 12:29 . 2008-05-09 12:30 <REP> d-------- C:\ProgramData\Lavasoft
2008-05-09 12:29 . 2008-05-09 12:29 <REP> d-------- C:\Program Files\Lavasoft
2008-05-09 12:26 . 2008-05-09 12:26 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-18 20:14 . 2008-04-18 20:14 <REP> d-------- C:\Users\Fabilus\AppData\Roaming\PeerNetworking
2008-04-18 17:19 . 2008-04-18 17:19 <REP> d-------- C:\Users\All Users\Elaborate Bytes
2008-04-18 17:19 . 2008-04-18 17:19 <REP> d-------- C:\ProgramData\Elaborate Bytes
2008-04-18 12:57 . 2008-04-18 12:57 <REP> d-------- C:\Users\All Users\SlySoft
2008-04-18 12:57 . 2008-04-18 12:57 <REP> d-------- C:\ProgramData\SlySoft
2008-04-18 12:48 . 2008-04-18 12:48 <REP> d-------- C:\Program Files\SlySoft
2008-04-18 12:46 . 2008-04-27 15:46 83 ---hs---- C:\Users\All Users\.zreglib
2008-04-18 12:46 . 2008-04-27 15:46 83 ---hs---- C:\ProgramData\.zreglib
2008-04-18 12:41 . 2008-04-18 13:00 48 ---hs---- C:\Windows\SFCD55F51.tmp
2008-04-18 06:59 . 2008-04-18 06:59 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-04-17 23:41 . 2008-04-17 23:41 <REP> d-------- C:\Program Files\Elaborate Bytes
2008-04-17 23:31 . 2008-04-17 23:31 <REP> d-------- C:\Users\All Users\FLEXnet
2008-04-17 23:31 . 2008-04-17 23:31 <REP> d-------- C:\ProgramData\FLEXnet
2008-04-17 23:19 . 2008-04-17 23:22 <REP> d-------- C:\Users\Fabilus\AppData\Roaming\Skype
2008-04-17 23:11 . 2008-04-17 23:11 <REP> d-------- C:\Program Files\Bonjour
2008-04-17 23:01 . 2008-04-17 23:01 <REP> d-------- C:\Program Files\VirtualDJ
2008-04-17 22:59 . 2008-04-17 22:59 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-17 22:55 . 2008-04-17 22:55 <REP> d-------- C:\Users\All Users\Skype
2008-04-17 22:55 . 2008-04-17 22:55 <REP> d-------- C:\ProgramData\Skype
2008-04-17 22:55 . 2008-04-17 22:55 <REP> d-------- C:\Program Files\Skype
2008-04-17 22:55 . 2008-04-17 22:55 <REP> d-------- C:\Program Files\Common Files\Skype
2008-04-17 22:54 . 2008-04-20 18:22 <REP> d-------- C:\Users\Fabilus\AppData\Roaming\Hamachi
2008-04-17 22:52 . 2008-04-17 22:54 <REP> d-------- C:\Program Files\Hamachi
2008-04-17 22:52 . 2008-04-17 22:52 25,544 --a------ C:\Windows\System32\drivers\hamachi.sys
2008-04-17 22:49 . 2008-04-17 22:49 <REP> d-------- C:\Program Files\SLD Codec Pack
2008-04-17 22:48 . 2008-04-17 22:48 <REP> d-------- C:\Program Files\ffdshow
2008-04-17 22:48 . 2008-04-17 22:48 36,734 --a------ C:\Windows\System32\OggDSuninst.exe
2008-04-17 22:48 . 2008-04-17 22:48 33,533 --a------ C:\Windows\System32\CoreVorbis-uninstall.exe
2008-04-17 22:47 . 2008-04-17 22:47 <REP> d-------- C:\Program Files\XviD
2008-04-17 22:47 . 2008-04-17 22:47 <REP> d-------- C:\Program Files\Morgan
2008-04-17 22:47 . 2008-04-17 22:47 <REP> d-------- C:\Program Files\AC3Filter
2008-04-17 22:47 . 2003-08-19 09:20 180,224 --a------ C:\Windows\System32\ac3filter.cpl
2008-04-17 22:47 . 2002-11-18 17:02 40,960 --a------ C:\Windows\System32\MMAVILNG.exe
2008-04-17 22:46 . 2008-04-17 22:47 <REP> d-------- C:\Program Files\DivX
2008-04-17 22:46 . 2008-04-17 22:46 1,890 --ahs---- C:\Windows\System32\KGyGaAvL.sys
2008-04-17 22:46 . 2008-04-17 22:46 56 -r-hs---- C:\Windows\System32\6DB171F490.sys
2008-04-17 22:31 . 2008-04-17 22:31 <REP> d-------- C:\Users\Fabilus\dwhelper
2008-04-16 19:12 . 2008-04-16 19:12 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-16 07:25 . 2008-04-16 07:26 <REP> d-------- C:\Users\All Users\WinZip
2008-04-16 07:25 . 2008-04-16 07:26 <REP> d-------- C:\ProgramData\WinZip
2008-04-16 00:52 . 2008-04-16 00:52 <REP> d-------- C:\Users\Fabilus\AppData\Roaming\Nero
2008-04-16 00:49 . 2008-04-16 00:49 <REP> d-------- C:\Users\All Users\Nero
2008-04-16 00:49 . 2008-04-16 00:49 <REP> d-------- C:\ProgramData\Nero
2008-04-16 00:49 . 2008-04-16 00:49 <REP> d-------- C:\Program Files\Nero
2008-04-16 00:49 . 2008-04-16 00:50 <REP> d-------- C:\Program Files\Common Files\Nero
2008-04-16 00:06 . 2008-05-09 10:36 <REP> d-------- C:\Users\Fabilus\AppData\Roaming\uTorrent
2008-04-16 00:06 . 2008-04-16 00:11 <REP> d-------- C:\Program Files\uTorrent
2008-04-15 23:37 . 2008-04-15 23:52 <REP> d-------- C:\Program Files\Windows Live
2008-04-15 23:37 . 2008-04-15 23:52 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-15 23:36 . 2008-04-15 23:40 <REP> d-------- C:\Users\All Users\WLInstaller
2008-04-15 23:36 . 2008-04-15 23:40 <REP> d-------- C:\ProgramData\WLInstaller
2008-04-15 23:10 . 2008-04-16 00:00 <REP> d-------- C:\Users\Fabilus\AppData\Roaming\Azureus
2008-04-15 23:10 . 2008-04-15 23:10 <REP> d-------- C:\Users\All Users\Azureus
2008-04-15 23:10 . 2008-04-15 23:10 <REP> d-------- C:\ProgramData\Azureus
2008-04-15 20:41 . 2008-05-06 23:10 <REP> d-------- C:\Users\Fabilus\AppData\Roaming\Toshiba
2008-04-15 20:40 . 2008-02-29 08:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-15 20:36 . 2008-02-29 06:21 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-04-15 20:36 . 2008-02-22 06:57 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-04-15 20:25 . 2008-04-15 20:25 <REP> d-------- C:\Users\Fabilus\AppData\Roaming\ATI
2008-04-15 20:23 . 2008-04-15 20:23 <REP> dr------- C:\Users\Fabilus\Searches
2008-04-15 20:23 . 2008-04-27 20:24 <REP> dr------- C:\Users\Fabilus\Contacts
2008-04-15 20:23 . 2008-04-15 20:23 <REP> d--hs---- C:\$RECYCLE.BIN
2008-04-15 20:22 . 2006-07-05 06:45 1,069,056 --a------ C:\Windows\System32\libeay32.dll
2008-04-15 20:22 . 2008-01-15 10:03 364,544 --a------ C:\Windows\System32\RtlLib.dll
2008-04-15 20:22 . 2003-11-18 10:27 155,648 --a------ C:\Windows\System32\IpLib.dll
2008-04-15 20:22 . 2006-10-26 22:30 131,072 --a------ C:\Windows\System32\EnumDevLib.dll
2008-04-15 20:22 . 2007-04-23 10:50 25,896 --a------ C:\Windows\System32\drivers\RtlProt.sys
2008-04-15 20:21 . 2008-04-15 20:21 <REP> d-------- C:\Users\Fabilus\AppData\Roaming\InstallShield
2008-04-15 20:21 . 2008-04-15 20:21 <REP> d-------- C:\Program Files\REALTEK RTL8187B Wireless LAN Driver
2008-04-15 20:21 . 2008-04-15 20:21 <REP> d-------- C:\Program Files\ltmoh
2008-04-15 20:21 . 2006-12-26 16:40 491,520 --a------ C:\Windows\System32\cselect.exe
2008-04-15 20:21 . 2007-12-26 11:20 290,304 --a------ C:\Windows\System32\drivers\rtl8187B.sys
2008-04-15 20:21 . 2007-12-26 11:20 290,304 --a------ C:\Windows\system\rtl8187B.sys
2008-04-15 20:21 . 2003-02-25 15:42 128,113 --a------ C:\Windows\System32\csellang.ini
2008-04-15 20:21 . 2003-12-05 09:48 77,824 --a------ C:\Windows\System32\tosmreg.exe
2008-04-15 20:21 . 2003-11-01 03:59 45,056 --a------ C:\Windows\System32\csellang.dll
2008-04-15 20:21 . 2007-03-15 12:21 10,162 --a------ C:\Windows\System32\tosmreg.ini
2008-04-15 20:21 . 2003-02-25 16:01 7,671 --a------ C:\Windows\System32\cseltbl.ini
2008-04-15 20:20 . 2008-04-15 20:20 <REP> d-------- C:\Windows\Options
2008-04-15 20:19 . 2008-04-15 20:19 <REP> d-------- C:\Users\All Users\ToshibaEurope
2008-04-15 20:19 . 2008-04-15 20:19 <REP> d-------- C:\ProgramData\ToshibaEurope
2008-04-15 20:18 . 2008-04-20 19:34 <REP> dr------- C:\Users\Fabilus\Videos
2008-04-15 20:18 . 2008-04-15 20:23 <REP> dr------- C:\Users\Fabilus\Saved Games
2008-04-15 20:18 . 2008-04-15 20:23 <REP> dr------- C:\Users\Fabilus\Pictures
2008-04-15 20:18 . 2008-04-27 15:04 <REP> dr------- C:\Users\Fabilus\Music
2008-04-15 20:18 . 2008-05-06 21:09 <REP> dr------- C:\Users\Fabilus\Links
2008-04-15 20:18 . 2008-04-15 23:40 <REP> dr------- C:\Users\Fabilus\Downloads
2008-04-15 20:18 . 2008-05-07 21:15 <REP> dr------- C:\Users\Fabilus\Documents
2008-04-15 20:18 . 2006-11-02 14:37 <REP> d-------- C:\Users\Fabilus\AppData\Roaming\Media Center Programs
2008-04-15 20:18 . 2008-05-08 17:58 <REP> d--h----- C:\Users\Fabilus\AppData
2008-04-15 20:18 . 2008-04-17 22:31 <REP> d-------- C:\Users\Fabilus
2008-04-15 20:18 . 2008-04-15 20:25 524,288 --ahs---- C:\Users\Fabilus\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
2008-04-15 20:18 . 2008-05-09 20:56 524,288 --ahs---- C:\Users\Fabilus\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
2008-04-15 20:18 . 2008-05-09 21:37 262,144 --ah----- C:\Users\Fabilus\ntuser.dat.LOG1
2008-04-15 20:18 . 2008-05-09 20:56 65,536 --ahs---- C:\Users\Fabilus\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
2008-04-15 20:18 . 2008-04-15 20:18 0 --ah----- C:\Users\Fabilus\ntuser.dat.LOG2
2008-04-15 20:17 . 2008-04-15 20:17 <REP> dr------- C:\Windows\System32\config\systemprofile\Contacts
2008-04-15 20:05 . 2008-04-15 20:05 0 -rahs---- C:\Windows\System32\drivers\TOSHIBA_Satellite L300D_06547-FR_PSLC0E-00S01.MRK
2008-04-15 20:00 . 2008-04-15 20:00 <REP> d-------- C:\Windows\System32\en
2008-04-15 19:59 . 2008-04-15 20:00 <REP> d-------- C:\Program Files\Camera Assistant Software for Toshiba
2008-04-15 19:59 . 2007-12-17 11:45 18,432 --a------ C:\Windows\System32\drivers\UVCFTR_S.SYS
2008-04-11 16:14 . 2008-04-11 16:14 97,728 --a------ C:\Windows\System32\drivers\AnyDVD.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 08:39 --------- d-----w C:\Program Files\McAfee
2008-05-07 18:17 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-17 05:26 --------- d-----w C:\Program Files\Java
2008-04-15 22:27 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-15 21:00 --------- d-----w C:\Program Files\Google
2008-04-15 20:45 --------- d-----w C:\Program Files\Picasa2
2008-04-15 19:11 --------- d-----w C:\Program Files\Windows Mail
2008-04-15 18:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-15 18:22 --------- d-----w C:\Program Files\Realtek
2008-04-15 18:17 --------- d-sh--w C:\ProgramData\Modèles
2008-04-15 18:17 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-04-15 18:17 --------- d-sh--w C:\ProgramData\Favoris
2008-04-15 18:17 --------- d-sh--w C:\ProgramData\Bureau
2008-04-15 18:17 --------- d-sh--w C:\Program Files\Fichiers communs
2008-04-15 18:07 --------- d-----w C:\Program Files\TOSHIBA
2008-03-14 22:24 93,128 ----a-w C:\Windows\System32\ElbyCDIO.dll
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-22 09:50 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-02-22 09:49 315,392 ----a-w C:\Windows\HideWin.exe
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 04:23 1233920]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-01-29 17:00 430080]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 04:25 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 14:18 202024]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 04:25 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-21 04:23 1008184]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 19:51 4911104 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 19:12 1029416]
"NDSTray.exe"="NDSTray.exe" []
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 10:24 581632]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-22 12:33 1836544]
"Desktop SMS"="C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe" [2007-06-18 11:51 1507328]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 17:41 413696]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 16:27 431456]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 13:33 509816]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 14:25 712704]
"Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 12:05 571024]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51 1836328]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]
"DelayShred"="C:\Program Files\McAfee\MSHR\ShrCL.exe" [2007-07-25 16:10 111904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
"LoadAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E7396CC2-2D9F-4E77-B9FF-14A35DE6F25C}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{7B09F4FD-A2CA-4960-93FB-A4C37C6C6AC6}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{285B7490-3CDA-42A9-848E-BB9CE68A3D4F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{47DCA800-BF97-4041-89CF-C3BE51FB431C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{C528D1AE-7927-4E7A-966A-8A60E8EA895C}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{78DCB1CA-242C-444E-A0F1-04012CBF4689}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 11:23]
R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32.sys [2008-01-21 16:42]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-23 10:50]
R2 ConfigFree Service;ConfigFree Service;"C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" [2007-12-25 14:07]
R2 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-01-21 17:54]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;"c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe" [2007-12-03 17:03]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-27 23:36]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 15:11]
R3 RTL8187B;Adaptateur réseau USB 2.0 54Mbps, 802.11b/g sans fil Realtek RTL8187B;C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 11:20]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 12:50]
R3 UVCFTR;UVCFTR;C:\Windows\system32\Drivers\UVCFTR_S.SYS [2007-12-17 11:45]
S3 MBAMCatchMe;MBAMCatchMe;C:\Windows\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 04:23]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 04:23]
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-22 10:38:26 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-22 10:38:26 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 21:36:43
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????C?^%M????>???>???>?0 >?X
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-09 21:38:49
ComboFix-quarantined-files.txt 2008-05-09 19:38:31
Pre-Run: 27,936,354,304 octets libres
Post-Run: 27,987,111,936 octets libres
259 --- E O F --- 2008-04-18 05:00:00
=========================================================
Et voila, j'espère que tout à été enlevé ...
J'attend les instructions pour la suite ^^
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:00:07, on 09/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode
Running processes:
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee Phishing Filter - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Scan saved at 23:00:07, on 09/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode
Running processes:
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee Phishing Filter - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
il y à du mieux
relance hijack et coche ceci
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
ensuite tu clique sur fix checked
ensuite fait un scan en ligne
avec bitdefender et colle le rapport
https://www.bitdefender.com/toolbox/
Scan à faire sous Internet Explorer
un tuto
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
@+
relance hijack et coche ceci
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
ensuite tu clique sur fix checked
ensuite fait un scan en ligne
avec bitdefender et colle le rapport
https://www.bitdefender.com/toolbox/
Scan à faire sous Internet Explorer
un tuto
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
@+
Impossible de faire le scan avec bitdefender, il faut que je télécharge le logiciel ?
Donc j'ai fais exécuter le controle ActivX et compagnie mais il me marque "scan failed"
Donc j'ai fais exécuter le controle ActivX et compagnie mais il me marque "scan failed"
Bonjour
Fais un scan en ligne avec Panda :
http://pandasoftware.fr .
Et poste le rapport qu'il t'affichera à la fin, pour cela, assure toi que IE est correctement configuré pour le scan en ligne comme indiqué ici : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId898809 .
Si tu n'y arrives pas, le tuto est : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId237368
@+
Fais un scan en ligne avec Panda :
http://pandasoftware.fr .
Et poste le rapport qu'il t'affichera à la fin, pour cela, assure toi que IE est correctement configuré pour le scan en ligne comme indiqué ici : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId898809 .
Si tu n'y arrives pas, le tuto est : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId237368
@+
