A voir également:
- Problème de connexion à certains sites
- Gmail connexion - Guide
- Meilleurs sites de téléchargement - Accueil - Outils
- Sites de vente d'occasion - Guide
- Site inaccessible n'autorise pas la connexion - Guide
- Hotmail connexion - Guide
11 réponses
Utilisateur anonyme
27 mai 2008 à 18:50
27 mai 2008 à 18:50
Re,
Essaye en le desactivant et je te dirai par la suite ...
Essaye en le desactivant et je te dirai par la suite ...
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Powax
Messages postés
544
Date d'inscription
jeudi 31 janvier 2008
Statut
Membre
Dernière intervention
17 avril 2009
92
30 mai 2008 à 14:17
30 mai 2008 à 14:17
Bonjour,
si j'ai bien suivi, c'est l'ordi de ton fils.
* Peux-tu poster un rapport HiJackThis de ce pc stp ?
* Le soucis de connexion à certains sites est apparu suite au nettoyage de ce qui provoquait l'affichage de fenêtres publicitaires ? Comment as-tu fais ce nettoyage ? Les fenêtres ont disparues toutes seules ?
si j'ai bien suivi, c'est l'ordi de ton fils.
* Peux-tu poster un rapport HiJackThis de ce pc stp ?
* Le soucis de connexion à certains sites est apparu suite au nettoyage de ce qui provoquait l'affichage de fenêtres publicitaires ? Comment as-tu fais ce nettoyage ? Les fenêtres ont disparues toutes seules ?
Bonjour,
Je posterais un rapport Hijack ce soir et, pour le reste, je demanderais à mon fils, je sais qu'il a fait un scan avec Avast.
Pour info, mon PC ne fonctionne plus. J'ai un message qui m'informe que Windows n'est pas activé et qu'en plus, c'est une copie or j'ai acheté le tout avec l'ordintateur. J'ai appelé Windows qui me demande de passer par mon revendeur ce que j'ai fait et j'attends leur réponse.
Je posterais un rapport Hijack ce soir et, pour le reste, je demanderais à mon fils, je sais qu'il a fait un scan avec Avast.
Pour info, mon PC ne fonctionne plus. J'ai un message qui m'informe que Windows n'est pas activé et qu'en plus, c'est une copie or j'ai acheté le tout avec l'ordintateur. J'ai appelé Windows qui me demande de passer par mon revendeur ce que j'ai fait et j'attends leur réponse.
Bonjour,
Voici le rapport hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:24:40, on 04/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Voobys\Voobys.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\Gaetan\Desktop\Scan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Host Process] C:\Users\Gaetan\svchost.exe
O4 - HKCU\..\Run: [LSA Shellu] C:\Users\Gaetan\lsass.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BMd1ee5d25] Rundll32.exe "C:\Users\Gaetan\AppData\Local\Temp\kvbevnob.dll",s
O4 - Startup: Voobys.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Voici le rapport hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:24:40, on 04/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Voobys\Voobys.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\Gaetan\Desktop\Scan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Host Process] C:\Users\Gaetan\svchost.exe
O4 - HKCU\..\Run: [LSA Shellu] C:\Users\Gaetan\lsass.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BMd1ee5d25] Rundll32.exe "C:\Users\Gaetan\AppData\Local\Temp\kvbevnob.dll",s
O4 - Startup: Voobys.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Powax
Messages postés
544
Date d'inscription
jeudi 31 janvier 2008
Statut
Membre
Dernière intervention
17 avril 2009
92
11 juin 2008 à 14:44
11 juin 2008 à 14:44
Bonjour Nefertiti !
Désolé, j'étais parti en déplacement ...
1) Pour commencer, télécharge Combofix.exe sur ton Bureau: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Déconnecte-toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement
* Double clique sur Combofix.exe
* Mets le en langue française F
* Tape sur la touche 1 (Yes) pour démarrer le scan
* Lorsque le scan sera terminé, un rapport apparaîtra
* Poste le rapport sauvegardé: C:\Combofix.txt
2) Poste un nouveau rapport HiJackThis stp
Désolé, j'étais parti en déplacement ...
1) Pour commencer, télécharge Combofix.exe sur ton Bureau: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Déconnecte-toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement
* Double clique sur Combofix.exe
* Mets le en langue française F
* Tape sur la touche 1 (Yes) pour démarrer le scan
* Lorsque le scan sera terminé, un rapport apparaîtra
* Poste le rapport sauvegardé: C:\Combofix.txt
2) Poste un nouveau rapport HiJackThis stp
Powax
Messages postés
544
Date d'inscription
jeudi 31 janvier 2008
Statut
Membre
Dernière intervention
17 avril 2009
92
>
Nefertiti
20 juin 2008 à 11:17
20 juin 2008 à 11:17
Bonjour
ce sera trop tard, je pars 2 semaines à la Réunion ce soir pour le taff :o)
A dans 15 jours si tu es toujours là !
ce sera trop tard, je pars 2 semaines à la Réunion ce soir pour le taff :o)
A dans 15 jours si tu es toujours là !
Nefertiti
>
Powax
Messages postés
544
Date d'inscription
jeudi 31 janvier 2008
Statut
Membre
Dernière intervention
17 avril 2009
28 juin 2008 à 14:43
28 juin 2008 à 14:43
Bonjour,
J'espère que tu as profité du soleil au moins. Voici les deux rapports :
ComboFix 08-06-12.2 - Gaetan 2008-06-23 20:59:35.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.911 [GMT 1:00]
Endroit: C:\Users\Gaetan\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-23 to 2008-06-23 ))))))))))))))))))))))))))))))))))))
.
2008-06-20 12:54 . 2008-06-20 12:54 <REP> d-------- C:\Users\Gaetan\AppData\Roaming\Leadertech
2008-06-16 21:19 . 2007-11-30 08:45 644,400 --a------ C:\Windows\System32\MSCOMCT2.OCX
2008-06-14 18:11 . 2008-06-14 18:14 <REP> d-------- C:\Program Files\PhotoFiltre
2008-06-14 11:09 . 2008-06-14 11:16 <REP> d-------- C:\Users\All Users\FLEXnet
2008-06-14 11:09 . 2008-06-14 11:16 <REP> d-------- C:\ProgramData\FLEXnet
2008-06-14 11:02 . 2008-04-23 05:27 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-06-14 11:02 . 2008-04-23 05:27 428,032 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 11:02 . 2008-04-23 05:27 292,352 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 11:02 . 2008-04-23 05:26 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 11:02 . 2008-04-23 05:26 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-06-14 11:02 . 2008-04-23 05:26 68,608 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-06-14 11:02 . 2008-04-23 05:26 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-14 10:25 . 2008-06-14 10:25 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-13 19:36 . 2008-06-13 19:36 <REP> d-------- C:\Windows\drivers
2008-06-13 19:36 . 2005-02-14 11:15 10,112 --a------ C:\Windows\System32\drivers\o1394b.sys
2008-06-10 23:27 . 2008-04-26 09:02 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-06-10 21:34 . 2008-05-10 02:21 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-10 21:34 . 2008-05-10 04:30 14,848 --a------ C:\Windows\System32\wshrm.dll
2008-06-10 21:24 . 2008-06-12 15:12 <REP> d-------- C:\Users\Gaetan\AppData\Roaming\Momindum Studio
2008-06-10 21:15 . 2008-06-10 21:15 <REP> d-------- C:\Users\All Users\Momindum Studio
2008-06-10 21:15 . 2008-06-10 21:15 <REP> d-------- C:\ProgramData\Momindum Studio
2008-06-10 21:13 . 2007-12-10 09:44 733,184 --a------ C:\Windows\System32\Jwmp.dll
2008-06-10 21:13 . 2007-12-10 09:44 290,816 --a------ C:\Windows\System32\EZJcomLib18.dll
2008-06-10 21:13 . 2007-12-10 09:44 28,672 --a------ C:\Windows\System32\EZJcomMTALib.dll
2008-06-10 21:10 . 2008-06-10 21:15 <REP> d-------- C:\Program Files\Momindum Studio
2008-06-03 18:31 . 2008-06-03 18:31 54,156 --ah----- C:\Windows\QTFont.qfn
2008-06-03 18:31 . 2008-06-03 18:31 1,409 --a------ C:\Windows\QTFont.for
2008-06-03 18:30 . 2008-06-03 18:30 <REP> d-------- C:\Program Files\iPod
2008-06-03 18:29 . 2008-06-03 18:30 <REP> d-------- C:\Program Files\iTunes
2008-06-03 18:26 . 2008-06-03 18:27 <REP> d-------- C:\Program Files\QuickTime
2008-06-03 18:03 . 2008-06-03 18:03 <REP> d-------- C:\Program Files\Apple Software Update
2008-06-01 20:54 . 2008-06-01 20:54 376 --a------ C:\Windows\ODBC.INI
2008-06-01 20:47 . 2008-06-01 20:47 <REP> d-------- C:\Users\Gaetan\AppData\Roaming\Microsoft Web Folders
2008-05-29 17:39 . 2008-03-08 01:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-29 17:39 . 2008-03-08 05:30 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-05-28 19:29 . 2008-05-28 19:29 <REP> d-------- C:\Program Files\Mio Technology
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-22 09:09 --------- d-----w C:\Users\Gaetan\AppData\Roaming\Toshiba
2008-06-22 08:47 --------- d-----w C:\Program Files\Camera Assistant Software for Toshiba
2008-06-21 13:16 --------- d-----w C:\Users\Gaetan\AppData\Roaming\LimeWire
2008-06-18 22:02 --------- d-----w C:\Users\Gaetan\AppData\Roaming\dvdcss
2008-06-17 20:42 --------- d-----w C:\Program Files\LimeWire
2008-06-16 20:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-16 20:17 --------- d-----w C:\Program Files\Google
2008-06-15 13:40 --------- d-----w C:\Program Files\eMule
2008-06-14 09:42 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-12 02:01 --------- d-----w C:\Program Files\Windows Mail
2008-06-03 17:29 --------- d-----w C:\ProgramData\Apple Computer
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-15 19:26 --------- d-----w C:\ProgramData\Messenger Plus!
2008-04-30 19:50 9,730,075 ----a-w C:\Users\Gaetan\vlc-0.8.6f-win32.exe
2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-18 21:02 58,158,742 ----a-w C:\Users\Gaetan\photo.exe
2008-04-13 18:59 22 ----a-w C:\Users\Gaetan\1ral11.zip
2008-04-13 12:05 174 --sha-w C:\Program Files\desktop.ini
2008-04-13 11:52 88,576 ----a-w C:\Windows\System32\avifil32.dll
2008-04-12 22:05 637,926 ----a-w C:\Users\Gaetan\a.zip
2008-04-12 21:26 362,745,541 ----a-w C:\Users\Gaetan\BMW_M3_Challenge.zip
2008-04-10 02:30 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-04-10 02:30 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-04-10 02:29 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-04-10 02:29 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-04-10 02:29 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-04-10 02:29 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-04-10 02:29 299,008 ----a-w C:\Windows\System32\wlansec.dll
2008-04-10 02:29 289,280 ----a-w C:\Windows\System32\wlanmsm.dll
2008-04-10 02:29 2,923,520 ----a-w C:\Windows\explorer.exe
2008-04-10 02:29 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-04-10 02:26 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-04-10 02:26 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-04-10 02:26 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-04-10 02:26 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-04-10 02:25 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-04-10 02:25 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-04-10 02:23 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-04-10 02:23 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-04-10 02:23 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-04-10 02:21 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-04-10 02:19 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-04-10 02:18 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-04-10 02:18 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-04-10 02:18 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-04-10 02:18 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-04-10 02:16 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-04-10 02:16 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-04-10 02:14 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-04-10 02:11 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-04-10 02:11 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-04-10 02:10 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-04-10 02:04 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-04-10 02:03 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-04-09 01:48 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-04-09 01:48 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-04-09 01:48 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-04-09 01:48 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-04-09 01:47 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-04-09 01:47 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-04-09 01:47 33,624 ----a-w C:\Windows\System32\wups.dll
2008-04-09 01:47 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-04-09 01:47 163,000 ----a-w C:\Windows\System32\wuwebv.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-15_15.55.39,09 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-15 08:47:01 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-23 09:56:50 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-06-13 17:22:10 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-06-22 08:47:26 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-06-13 17:22:10 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-06-22 08:47:26 86,016 ----a-w C:\Windows\inf\infstrng.dat
- 2008-06-14 21:59:57 844,440 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-06-22 09:32:24 1,042,880 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-06-15 08:47:27 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-23 09:56:53 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-06-15 08:47:27 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-06-23 09:56:53 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-06-15 13:51:33 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-06-23 12:51:25 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-06-23 12:51:25 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-15 08:49:49 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-06-23 10:07:14 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-06-23 10:07:14 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-15 14:46:52 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-23 18:09:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-15 14:46:52 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-23 18:09:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-15 14:46:52 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-23 18:09:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-15 13:53:13 112,116 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-06-23 12:52:19 112,116 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-15 13:53:13 122,020 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-06-23 12:52:19 122,020 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-06-15 13:53:13 618,470 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-06-23 12:52:19 618,470 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-15 13:53:14 700,222 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-06-23 12:52:19 700,222 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-06-15 08:51:52 7,634 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3328126963-982804792-3875398468-1000_UserData.bin
+ 2008-06-23 10:11:25 7,698 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3328126963-982804792-3875398468-1000_UserData.bin
- 2008-06-15 08:51:50 76,302 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-23 10:11:23 76,476 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-13 08:59:13 45,056 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-22 11:08:27 45,056 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-10 03:14 1232896]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 12:01 413696]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Host Process"="C:\Users\Gaetan\svchost.exe" [ ]
"LSA Shellu"="C:\Users\Gaetan\lsass.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-13 21:57 171448]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 16:14 34352]
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 20:42 438272]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"IS CfgWiz"="C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2007-01-12 19:28 431752]
"HWSetup"="\HWSetup.exe" [ ]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 11:39 4702208 C:\Windows\RtHDVCpl.exe]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 09:39 411192]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 15:49 55416]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-04-03 15:52 509496]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 15:32 538744]
"NDSTray.exe"="NDSTray.exe" []
"Desktop SMS"="C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe" [2007-06-18 09:51 1507328]
"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 08:24 581632]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 16:40 413696]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 08:00 204800]
"Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 15:00 571024]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 13:37 174872]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 20:33 57344]
"EoEngine"="" []
"ItsTV"="C:\Program Files\ItsLabel\ItsTV.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 00:19 79224]
"MioStudio.exe"="" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F2412E14-C4F5-495B-A0C9-CD6F1BEEB153}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{E2073873-318C-4060-82E9-82A24CF2A0DD}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{85E32FD2-9ED6-4E1D-B7DC-259C2AF76743}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{59C274BE-AC58-498A-B48B-F99213C300F9}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{AB7CA0F4-3CA1-41A7-BC21-3B7F45F0B1A9}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{C500CC8B-F781-4CD1-A1E9-E0BE7A2AE70F}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{B9EDA2E2-34D3-4CF9-AB68-CFD622E7CBFC}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{B3370DC6-9FA6-42CC-9379-6809F4108147}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{9586944E-11DA-47E6-8EA1-D8350EF46910}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 LPCFilter;LPC Lower Filter Driver;C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 15:25]
R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-07-26 16:18]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 00:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 00:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 00:18]
R2 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-09-19 11:01]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-20 17:56]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 11:50]
R3 UVCFTR;UVCFTR;C:\Windows\system32\Drivers\UVCFTR_S.SYS [2007-04-16 10:19]
S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe []
S3 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [2006-12-27 23:48]
S4 CplIR;Embedded IR Driver;C:\Windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14:01]
S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2007-01-18 15:40]
S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2007-01-18 15:47]
S4 tosrfec;Bluetooth ACPI;C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 15:32]
*Newly Created Service* - COMHOST
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 21:02:21
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????p_8S?A??8???`????????????
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\IDM\Desktop SMS\oehook.dll
-> ?:\Windows\system32\iertutil.dll
.
Temps d'accomplissement: 2008-06-23 21:03:45
ComboFix-quarantined-files.txt 2008-06-23 20:03:32
ComboFix2.txt 2008-06-15 14:56:16
Pre-Run: 14,325,538,816 octets libres
Post-Run: 14,410,264,576 octets libres
256 --- E O F --- 2008-06-20 11:49:24
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:01:19, on 15/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Voobys\Voobys.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\Gaetan\Desktop\Scan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Host Process] C:\Users\Gaetan\svchost.exe
O4 - HKCU\..\Run: [LSA Shellu] C:\Users\Gaetan\lsass.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Startup: Voobys.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
J'espère que tu as profité du soleil au moins. Voici les deux rapports :
ComboFix 08-06-12.2 - Gaetan 2008-06-23 20:59:35.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.911 [GMT 1:00]
Endroit: C:\Users\Gaetan\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-23 to 2008-06-23 ))))))))))))))))))))))))))))))))))))
.
2008-06-20 12:54 . 2008-06-20 12:54 <REP> d-------- C:\Users\Gaetan\AppData\Roaming\Leadertech
2008-06-16 21:19 . 2007-11-30 08:45 644,400 --a------ C:\Windows\System32\MSCOMCT2.OCX
2008-06-14 18:11 . 2008-06-14 18:14 <REP> d-------- C:\Program Files\PhotoFiltre
2008-06-14 11:09 . 2008-06-14 11:16 <REP> d-------- C:\Users\All Users\FLEXnet
2008-06-14 11:09 . 2008-06-14 11:16 <REP> d-------- C:\ProgramData\FLEXnet
2008-06-14 11:02 . 2008-04-23 05:27 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-06-14 11:02 . 2008-04-23 05:27 428,032 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 11:02 . 2008-04-23 05:27 292,352 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 11:02 . 2008-04-23 05:26 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 11:02 . 2008-04-23 05:26 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-06-14 11:02 . 2008-04-23 05:26 68,608 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-06-14 11:02 . 2008-04-23 05:26 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-14 10:25 . 2008-06-14 10:25 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-13 19:36 . 2008-06-13 19:36 <REP> d-------- C:\Windows\drivers
2008-06-13 19:36 . 2005-02-14 11:15 10,112 --a------ C:\Windows\System32\drivers\o1394b.sys
2008-06-10 23:27 . 2008-04-26 09:02 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-06-10 21:34 . 2008-05-10 02:21 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-10 21:34 . 2008-05-10 04:30 14,848 --a------ C:\Windows\System32\wshrm.dll
2008-06-10 21:24 . 2008-06-12 15:12 <REP> d-------- C:\Users\Gaetan\AppData\Roaming\Momindum Studio
2008-06-10 21:15 . 2008-06-10 21:15 <REP> d-------- C:\Users\All Users\Momindum Studio
2008-06-10 21:15 . 2008-06-10 21:15 <REP> d-------- C:\ProgramData\Momindum Studio
2008-06-10 21:13 . 2007-12-10 09:44 733,184 --a------ C:\Windows\System32\Jwmp.dll
2008-06-10 21:13 . 2007-12-10 09:44 290,816 --a------ C:\Windows\System32\EZJcomLib18.dll
2008-06-10 21:13 . 2007-12-10 09:44 28,672 --a------ C:\Windows\System32\EZJcomMTALib.dll
2008-06-10 21:10 . 2008-06-10 21:15 <REP> d-------- C:\Program Files\Momindum Studio
2008-06-03 18:31 . 2008-06-03 18:31 54,156 --ah----- C:\Windows\QTFont.qfn
2008-06-03 18:31 . 2008-06-03 18:31 1,409 --a------ C:\Windows\QTFont.for
2008-06-03 18:30 . 2008-06-03 18:30 <REP> d-------- C:\Program Files\iPod
2008-06-03 18:29 . 2008-06-03 18:30 <REP> d-------- C:\Program Files\iTunes
2008-06-03 18:26 . 2008-06-03 18:27 <REP> d-------- C:\Program Files\QuickTime
2008-06-03 18:03 . 2008-06-03 18:03 <REP> d-------- C:\Program Files\Apple Software Update
2008-06-01 20:54 . 2008-06-01 20:54 376 --a------ C:\Windows\ODBC.INI
2008-06-01 20:47 . 2008-06-01 20:47 <REP> d-------- C:\Users\Gaetan\AppData\Roaming\Microsoft Web Folders
2008-05-29 17:39 . 2008-03-08 01:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-29 17:39 . 2008-03-08 05:30 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-05-28 19:29 . 2008-05-28 19:29 <REP> d-------- C:\Program Files\Mio Technology
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-22 09:09 --------- d-----w C:\Users\Gaetan\AppData\Roaming\Toshiba
2008-06-22 08:47 --------- d-----w C:\Program Files\Camera Assistant Software for Toshiba
2008-06-21 13:16 --------- d-----w C:\Users\Gaetan\AppData\Roaming\LimeWire
2008-06-18 22:02 --------- d-----w C:\Users\Gaetan\AppData\Roaming\dvdcss
2008-06-17 20:42 --------- d-----w C:\Program Files\LimeWire
2008-06-16 20:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-16 20:17 --------- d-----w C:\Program Files\Google
2008-06-15 13:40 --------- d-----w C:\Program Files\eMule
2008-06-14 09:42 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-12 02:01 --------- d-----w C:\Program Files\Windows Mail
2008-06-03 17:29 --------- d-----w C:\ProgramData\Apple Computer
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-15 19:26 --------- d-----w C:\ProgramData\Messenger Plus!
2008-04-30 19:50 9,730,075 ----a-w C:\Users\Gaetan\vlc-0.8.6f-win32.exe
2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-18 21:02 58,158,742 ----a-w C:\Users\Gaetan\photo.exe
2008-04-13 18:59 22 ----a-w C:\Users\Gaetan\1ral11.zip
2008-04-13 12:05 174 --sha-w C:\Program Files\desktop.ini
2008-04-13 11:52 88,576 ----a-w C:\Windows\System32\avifil32.dll
2008-04-12 22:05 637,926 ----a-w C:\Users\Gaetan\a.zip
2008-04-12 21:26 362,745,541 ----a-w C:\Users\Gaetan\BMW_M3_Challenge.zip
2008-04-10 02:30 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-04-10 02:30 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-04-10 02:29 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-04-10 02:29 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-04-10 02:29 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-04-10 02:29 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-04-10 02:29 299,008 ----a-w C:\Windows\System32\wlansec.dll
2008-04-10 02:29 289,280 ----a-w C:\Windows\System32\wlanmsm.dll
2008-04-10 02:29 2,923,520 ----a-w C:\Windows\explorer.exe
2008-04-10 02:29 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-04-10 02:26 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-04-10 02:26 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-04-10 02:26 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-04-10 02:26 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-04-10 02:25 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-04-10 02:25 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-04-10 02:23 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-04-10 02:23 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-04-10 02:23 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-04-10 02:21 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-04-10 02:19 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-04-10 02:18 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-04-10 02:18 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-04-10 02:18 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-04-10 02:18 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-04-10 02:16 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-04-10 02:16 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-04-10 02:14 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-04-10 02:11 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-04-10 02:11 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-04-10 02:10 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-04-10 02:04 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-04-10 02:03 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-04-09 01:48 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-04-09 01:48 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-04-09 01:48 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-04-09 01:48 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-04-09 01:47 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-04-09 01:47 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-04-09 01:47 33,624 ----a-w C:\Windows\System32\wups.dll
2008-04-09 01:47 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-04-09 01:47 163,000 ----a-w C:\Windows\System32\wuwebv.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-15_15.55.39,09 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-15 08:47:01 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-23 09:56:50 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-06-13 17:22:10 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-06-22 08:47:26 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-06-13 17:22:10 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-06-22 08:47:26 86,016 ----a-w C:\Windows\inf\infstrng.dat
- 2008-06-14 21:59:57 844,440 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-06-22 09:32:24 1,042,880 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-06-15 08:47:27 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-23 09:56:53 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-06-15 08:47:27 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-06-23 09:56:53 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-06-15 13:51:33 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-06-23 12:51:25 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-06-23 12:51:25 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-15 08:49:49 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-06-23 10:07:14 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-06-23 10:07:14 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-15 14:46:52 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-23 18:09:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-15 14:46:52 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-23 18:09:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-15 14:46:52 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-23 18:09:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-15 13:53:13 112,116 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-06-23 12:52:19 112,116 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-15 13:53:13 122,020 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-06-23 12:52:19 122,020 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-06-15 13:53:13 618,470 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-06-23 12:52:19 618,470 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-15 13:53:14 700,222 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-06-23 12:52:19 700,222 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-06-15 08:51:52 7,634 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3328126963-982804792-3875398468-1000_UserData.bin
+ 2008-06-23 10:11:25 7,698 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3328126963-982804792-3875398468-1000_UserData.bin
- 2008-06-15 08:51:50 76,302 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-23 10:11:23 76,476 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-13 08:59:13 45,056 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-22 11:08:27 45,056 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-10 03:14 1232896]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 12:01 413696]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Host Process"="C:\Users\Gaetan\svchost.exe" [ ]
"LSA Shellu"="C:\Users\Gaetan\lsass.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-13 21:57 171448]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 16:14 34352]
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 20:42 438272]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"IS CfgWiz"="C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2007-01-12 19:28 431752]
"HWSetup"="\HWSetup.exe" [ ]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 11:39 4702208 C:\Windows\RtHDVCpl.exe]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 09:39 411192]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 15:49 55416]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-04-03 15:52 509496]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 15:32 538744]
"NDSTray.exe"="NDSTray.exe" []
"Desktop SMS"="C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe" [2007-06-18 09:51 1507328]
"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 08:24 581632]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 16:40 413696]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 08:00 204800]
"Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 15:00 571024]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 13:37 174872]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 20:33 57344]
"EoEngine"="" []
"ItsTV"="C:\Program Files\ItsLabel\ItsTV.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 00:19 79224]
"MioStudio.exe"="" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F2412E14-C4F5-495B-A0C9-CD6F1BEEB153}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{E2073873-318C-4060-82E9-82A24CF2A0DD}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{85E32FD2-9ED6-4E1D-B7DC-259C2AF76743}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{59C274BE-AC58-498A-B48B-F99213C300F9}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{AB7CA0F4-3CA1-41A7-BC21-3B7F45F0B1A9}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{C500CC8B-F781-4CD1-A1E9-E0BE7A2AE70F}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{B9EDA2E2-34D3-4CF9-AB68-CFD622E7CBFC}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{B3370DC6-9FA6-42CC-9379-6809F4108147}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{9586944E-11DA-47E6-8EA1-D8350EF46910}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 LPCFilter;LPC Lower Filter Driver;C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 15:25]
R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-07-26 16:18]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 00:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 00:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 00:18]
R2 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-09-19 11:01]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-20 17:56]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 11:50]
R3 UVCFTR;UVCFTR;C:\Windows\system32\Drivers\UVCFTR_S.SYS [2007-04-16 10:19]
S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe []
S3 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [2006-12-27 23:48]
S4 CplIR;Embedded IR Driver;C:\Windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14:01]
S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2007-01-18 15:40]
S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2007-01-18 15:47]
S4 tosrfec;Bluetooth ACPI;C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 15:32]
*Newly Created Service* - COMHOST
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 21:02:21
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????p_8S?A??8???`????????????
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\IDM\Desktop SMS\oehook.dll
-> ?:\Windows\system32\iertutil.dll
.
Temps d'accomplissement: 2008-06-23 21:03:45
ComboFix-quarantined-files.txt 2008-06-23 20:03:32
ComboFix2.txt 2008-06-15 14:56:16
Pre-Run: 14,325,538,816 octets libres
Post-Run: 14,410,264,576 octets libres
256 --- E O F --- 2008-06-20 11:49:24
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:01:19, on 15/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Voobys\Voobys.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\Gaetan\Desktop\Scan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Host Process] C:\Users\Gaetan\svchost.exe
O4 - HKCU\..\Run: [LSA Shellu] C:\Users\Gaetan\lsass.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Startup: Voobys.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Powax
Messages postés
544
Date d'inscription
jeudi 31 janvier 2008
Statut
Membre
Dernière intervention
17 avril 2009
92
6 juil. 2008 à 12:40
6 juil. 2008 à 12:40
Hello !
Pas trop profité du soleil, j'installais un logiciel de telecom coloré la semaine ... En tout cas, la Réunion, c'est le Paradis !
Peux-tu poster un nouveau rapport HiJack stp ?
++ :)
Pas trop profité du soleil, j'installais un logiciel de telecom coloré la semaine ... En tout cas, la Réunion, c'est le Paradis !
Peux-tu poster un nouveau rapport HiJack stp ?
++ :)