Winspyware protect (encore un ...)

Question

Bonjour,
voilà, je suis la n-ième personne ici à être infencté par winspyware protect, j'aurais pu me baser sur les autres posts mais vu ce qui est conseillé sur le site de Navilog1 (de ne jamais se lancer dans une désinfectation de ce genre sans l'avis de quelqu'un qui s'y connait), je prefferre poster ici. Voici mon scan HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:19:32, on 24/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
C:\Program Files\Common Files\Real\Update_OBealsched.exe
C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\scroling\Program Files\DNA\btdna.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\cmd.exe
C:\Program Files\Navilog1\catchme.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net	bfree.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet	ools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net	bfree.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net	bfree.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information	opi.exe -startup
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NetAnalyse] C:\Program Files\NetAnalyse\NetAnalyse.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [adiras] C:\Windows\adiras.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\scroling\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WinSpywareProtect] "C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\winspywareprotect.exe" /autorun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet	ools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O13 - Gopher Prefix: 
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcappcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Notebook Performance Tuning Service  (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - Unknown owner - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (file missing)
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Utilisateur anonyme · Answer

Salut

navilog n a rien trouvé

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection): 

- Vas dans "Démarrer" puis Panneau de configuration. 
- Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs. 
- Clique sur Continuer. 
- Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur. 
- Valide par OK et redémarre. 

ensuite :

Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 


-> Double clique combofix.exe. 
-> Tape sur la touche 1 (Yes) pour démarrer le scan. 
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt 

Avant d'utiliser ComboFix : 

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours. 

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil. 

Une fois fait, sur ton bureau double-clic sur Combofix.exe. 

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc. 

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes. 

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire. 

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt) 

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. 

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message. 

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

DeadLugosi · Answer

Voila le rapport :

ComboFix 08-06-20.4 - scroling 2008-06-24 23:49:22.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1230 [GMT 2:00]
Endroit: C:\Users\scroling\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2008-05-24 to 2008-06-24 ))))))))))))))))))))))))))))))))))))
.

2008-06-24 23:18 . 2008-06-24 23:18 <REP> d-------- C:\Program Files\Trend Micro
2008-06-24 23:08 . 2008-06-24 23:27 <REP> d-------- C:\Program Files\Navilog1
2008-06-24 23:04 . 2008-06-24 23:04 <REP> d-------- C:\Program Files\RogueRemover FREE
2008-06-24 22:53 . 2008-06-24 22:53 <REP> d-------- C:\Program Files\Enigma Software Group
2008-06-23 21:35 . 2008-06-23 21:37 <REP> d-------- C:\Users\All Users\Lavasoft
2008-06-23 21:35 . 2008-06-23 21:37 <REP> d-------- C:\ProgramData\Lavasoft
2008-06-23 21:35 . 2008-06-23 21:35 <REP> d-------- C:\Program Files\Lavasoft
2008-06-23 20:01 . 2008-06-23 20:01 <REP> d-------- C:\Users\scroling\AppData\Roaming\EarMaster
2008-06-23 19:29 . 2008-06-23 19:29 <REP> d-------- C:\Users\All Users\ADSL Software Ltd
2008-06-23 19:29 . 2008-06-23 19:29 <REP> d-------- C:\ProgramData\ADSL Software Ltd
2008-06-23 16:24 . 2008-06-23 16:24 <REP> d-------- C:\Users\scroling\AppData\Roaming\XnView
2008-06-23 13:00 . 2008-06-23 13:55 <REP> d-------- C:\Users\scroling\Program Files
2008-06-22 18:56 . 2008-06-24 20:22 <REP> d-------- C:\Users\scroling\AppData\Roaming\BitTorrent
2008-06-22 18:55 . 2008-06-24 23:49 <REP> d-------- C:\Users\scroling\AppData\Roaming\DNA
2008-06-22 18:55 . 2008-06-22 18:55 <REP> d-------- C:\Program Files\DNA
2008-06-22 18:55 . 2008-06-22 18:56 <REP> d-------- C:\Program Files\BitTorrent
2008-06-21 00:17 . 2008-06-21 00:17 <REP> d-------- C:\Program Files\TERMINAL Studio
2008-06-20 23:51 . 2008-06-20 23:51 263 --a------ C:\ftetris.cfg
2008-06-14 19:24 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 19:24 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 19:24 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 19:24 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-14 10:09 . 2008-04-26 10:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-14 10:09 . 2008-04-25 06:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-14 10:09 . 2008-05-10 03:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-14 10:08 . 2008-04-25 04:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-04 15:00 . 2008-06-19 12:18 215,550,218 --a------ C:\Windows\MEMORY.DMP
2008-06-04 10:47 . 2008-06-04 10:47 <REP> d-------- C:\Users\Carine\TaoUSign
2008-06-01 21:46 . 2008-06-01 21:46 <REP> d-------- C:\Users\All Users\EarMaster
2008-06-01 21:46 . 2008-06-01 21:46 <REP> d-------- C:\ProgramData\EarMaster
2008-06-01 21:46 . 2008-06-23 20:10 <REP> d-------- C:\Program Files\EarMaster Pro 5
2008-05-31 20:29 . 2008-06-23 17:33 <REP> d-------- C:\Users\scroling\AppData\Roaming\.easytag
2008-05-31 20:29 . 2008-05-31 20:29 <REP> d-------- C:\Program Files\EasyTAG
2008-05-31 20:28 . 2008-05-31 20:28 <REP> d-------- C:\Program Files\Common Files\GTK
2008-05-31 20:23 . 2008-05-31 20:23 <REP> d-------- C:\Program Files\MediaMonkey
2008-05-27 20:01 . 2008-05-27 21:42 <REP> d-------- C:\Users\scroling\AppData\Roaming\GNU Solfege
2008-05-27 19:37 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-27 19:37 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-27 17:21 . 2008-05-27 17:22 <REP> d-------- C:\Temp\ext18866
2008-05-26 20:54 . 2008-06-23 17:12 <REP> d-------- C:\Downloads
2008-05-26 20:53 . 2008-05-26 20:53 <REP> d-------- C:\Program Files\BitComet
2008-05-24 13:34 . 2008-05-24 13:34 <REP> d-------- C:\Users\scroling\AppData\Roaming\Songbird1
2008-05-24 13:30 . 2008-05-24 14:47 <REP> d-------- C:\Users\All Users\SongbirdVLC
2008-05-24 13:30 . 2008-05-24 14:47 <REP> d-------- C:\ProgramData\SongbirdVLC
2008-05-24 13:30 . 2008-05-24 13:34 <REP> d-------- C:\Program Files\Songbird

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-24 21:37 --------- d-----w C:\Users\scroling\AppData\Roaming\foobar2000
2008-06-23 19:34 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-23 15:24 --------- d-----w C:\Program Files\Safari
2008-06-20 21:30 --------- d-----w C:\Program Files\VstPlugins
2008-06-20 20:03 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3
2008-06-16 15:46 --------- d-----w C:\Program Files\Opera
2008-06-15 09:56 --------- d-----w C:\Program Files\Windows Mail
2008-06-06 21:56 --------- d-----w C:\ProgramData\UniversalisV12
2008-06-04 15:03 --------- d-----w C:\Program Files\Last.fm
2008-05-27 15:22 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-24 11:14 --------- d-----w C:\Users\scroling\AppData\Roaming\Audacity
2008-05-23 20:36 --------- d-----w C:\Users\scroling\AppData\Roaming\data
2008-05-21 12:29 --------- d-----w C:\Program Files\Architecte 3D Platinium Demo
2008-05-21 11:57 --------- d-----w C:\ProgramData\BOONTY
2008-05-21 11:57 --------- d-----w C:\Program Files\Common Files\BOONTY Shared
2008-05-18 12:14 511,352 ----a-w C:\Windows\System32\SpoonUninstall.exe
2008-05-18 12:11 --------- d-----w C:\Program Files\WinPcap
2008-05-18 12:03 --------- d-----w C:\Program Files\Secunia
2008-05-17 13:49 --------- d-----w C:\Program Files\Universalis
2008-05-16 09:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-05-15 07:54 --------- d-----w C:\ProgramData\Toshiba
2008-05-15 07:54 --------- d-----w C:\Program Files\Common Files\Toshiba Shared
2008-05-15 07:50 --------- d-----w C:\Program Files\Atheros
2008-05-15 07:48 --------- d-----w C:\Program Files\Cisco
2008-05-15 07:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-15 07:45 --------- d-----w C:\ProgramData\Atheros
2008-05-14 01:02 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-13 04:26 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-11 15:10 --------- d-----w C:\Users\scroling\AppData\Roaming\Universalis V12
2008-05-11 15:10 --------- d-----w C:\ProgramData\Link Data Security
2008-05-11 14:56 --------- d-----w C:\Program Files\free-downloads.net
2008-05-11 14:56 --------- d-----w C:\Program Files\Conduit
2008-05-11 14:56 --------- d-----w C:\Program Files\Alcohol Soft
2008-05-11 14:23 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-05-10 15:16 --------- d-----w C:\Program Files\pd
2008-05-09 08:58 --------- d-----w C:\ProgramData\Symantec
2008-05-09 08:58 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-09 08:53 --------- d-----w C:\ProgramData\CheckPoint
2008-05-09 08:47 --------- d-----w C:\ProgramData\ESET
2008-05-09 08:47 --------- d-----w C:\Program Files\ESET
2008-05-09 08:13 --------- d-----w C:\Program Files\Symantec
2008-05-07 21:04 174 --sha-w C:\Program Files\desktop.ini
2008-05-07 20:51 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-07 20:51 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-07 20:51 --------- d-----w C:\Program Files\Windows Journal
2008-05-07 20:51 --------- d-----w C:\Program Files\Windows Defender
2008-05-07 20:51 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-07 20:51 --------- d-----w C:\Program Files\Windows Calendar
2008-05-07 19:26 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-07 19:26 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-07 18:30 --------- d-----w C:\ProgramData\Apple Computer
2008-05-07 18:30 --------- d-----w C:\Program Files\iTunes
2008-05-07 18:30 --------- d-----w C:\Program Files\iPod
2008-05-04 19:31 --------- d-----w C:\Users\scroling\AppData\Roaming\ESTsoft
2008-05-04 19:31 --------- d-----w C:\ProgramData\ESTsoft
2008-04-30 12:11 32 ----a-w C:\Windows\system32\drivers\adidsl.cfg
2008-04-30 12:08 --------- d-----w C:\Program Files\SAGEM
2008-04-29 13:57 --------- d-----w C:\Users\Carine\AppData\Roaming\foobar2000
2008-04-29 09:20 15,648 ----a-w C:\Windows\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\Windows\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\Windows\system32\drivers\Awrtpd.sys
2008-04-25 12:45 81,920 ----a-w C:\Windows\System32\W32N50.dll
2008-04-25 12:45 274,432 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
2008-04-25 12:45 17,134 ----a-w C:\Windows\System32\PCANDIS5.sys
2008-04-03 08:50 110,592 ----a-w C:\Windows\System32\SynTPCo4.dll
2008-04-03 08:14 151,552 ----a-w C:\Windows\System32\SynTPAPI.dll
2008-04-03 08:02 196,608 ----a-w C:\Windows\System32\SynCtrl.dll
2008-04-03 08:01 163,840 ----a-w C:\Windows\System32\SynCOM.dll
2008-03-24 07:23 21,840 ----atw C:\Windows\System32\SIntfNT.dll
2008-03-24 07:23 17,212 ----atw C:\Windows\System32\SIntf32.dll
2008-03-24 07:23 12,067 ----atw C:\Windows\System32\SIntf16.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 14:54 1555480 --a------ C:\Program Files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-02-14 14:54 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= C:\Program Files\free-downloads.net\tbfree.dll [2008-02-14 14:54 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 13:01 413696]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-03-20 18:39 216520]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-22 18:55 289088]
"WinSpywareProtect"="C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\winspywareprotect.exe" [2008-06-23 19:29 1160192]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 11:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 11:14 4444160 C:\Windows\RtHDVCpl.exe]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 10:39 411192]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 16:49 55416]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-05-23 15:57 509496]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 16:32 538744]
"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 17:14 34352]
"HWSetup"="\HWSetup.exe" [ ]
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 20:42 438272]
"NDSTray.exe"="NDSTray.exe" []
"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 12:48 577536]
"Desktop SMS"="C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe" [2007-01-19 13:25 1507328]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 17:40 413696]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-03 10:51 1045800]
"Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 13:05 571024]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-31 22:24 185896]
"Toshiba TEMPO"="C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe" [2007-10-29 17:22 103824]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"NetAnalyse"="C:\Program Files\NetAnalyse\NetAnalyse.exe" [ ]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 06:00 204800]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"adiras"="C:\Windows\adiras.exe" [2007-01-10 15:34 188416]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-04-30 14:09:13 1214032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4A8D236F-55DA-4571-9350-5D6BF4EA89E6}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{36595F6E-4254-4535-A4D6-2E518BBA6A0E}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{454FED6B-1B56-44A7-BA29-197D0722BED0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0B990B40-21D0-43AA-BDFB-F85B8D614AFA}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{48B7255F-16EB-4186-81D9-7ED4F56F144C}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{F8307870-9EAB-4E6F-B460-009A3AB0ECEF}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7E0EC894-5A01-47B3-9489-A9835270AD48}"= Disabled:UDP:C:\Program Files\devolo\informer\devinf.exe:MicroLink Informer
"{D56CEF82-EC89-462F-AB36-598BD3403AF9}"= Disabled:TCP:C:\Program Files\devolo\informer\devinf.exe:MicroLink Informer
"{CDA2C4FC-A9C3-40AC-BF15-D4828B88FD64}"= Disabled:UDP:C:\Program Files\devolo\easyshare\easyshare.exe:MicroLink EasyShare
"{FD8EE34F-AD4B-4AC8-81AC-77E53A9B18E9}"= Disabled:TCP:C:\Program Files\devolo\easyshare\easyshare.exe:MicroLink EasyShare
"{B6C82080-583D-4501-B031-0D818B0D9EAC}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{FB5A1340-056E-4BF7-96CC-A130D87BB18C}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{618E2857-DBFA-4175-A1D0-8B11865B8B5B}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{5BAC6A8E-720B-47A5-B998-98B1F8760D2E}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{DC8168A4-FD12-4218-8C2D-2BCDEBDE5495}C:\\windows\\system32\\electricsheep.scr"= UDP:C:\windows\system32\electricsheep.scr:ElectricSheep
"UDP Query User{C87EF501-9A8B-43DD-9C44-8343278FB413}C:\\windows\\system32\\electricsheep.scr"= TCP:C:\windows\system32\electricsheep.scr:ElectricSheep
"TCP Query User{5C2AE538-6EDA-4B05-B194-6D4E37306DEB}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{684A0DCA-EFE6-4BAD-8F61-535D7082042A}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{2B6E061A-748C-43E6-BE6E-B7CA18593348}C:\\program files\\pd\\bin\\pd.exe"= UDP:C:\program files\pd\bin\pd.exe:pd
"UDP Query User{97489448-1368-42EE-A4DE-880A54BD973C}C:\\program files\\pd\\bin\\pd.exe"= TCP:C:\program files\pd\bin\pd.exe:pd
"TCP Query User{BD302B19-EEB5-4493-ACA7-FAC581989DEB}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{DED4E7F7-ED51-4A6E-8C93-C11B533E08BF}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{75E1AC33-BAB6-42BB-9A7B-9B58EBA204B1}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{623340E9-0576-4F6B-9668-B96D7AE755CA}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{07DCB6BE-6935-48BE-88D6-1B07F3428ECC}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{42F3ECB8-C30F-4CF4-9A69-3E9255CFB22D}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{740DBBF3-594D-4C45-A457-44692F90EE7C}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{BBF6D04E-1DC4-4E14-856A-75940B3468EE}"= TCP:C:\Program Files\DNA\btdna.exe:DNA

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;C:\Windows\system32\plcndis5.sys [2004-05-17 12:21]
R2 TempoMonitoringService;Notebook Performance Tuning Service ;"C:\Program Files\Toshiba TEMPO\TempoSVC.exe" [2007-10-29 17:21]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-16 01:16]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\Windows\system32\Drivers\e4ldr.sys [2007-01-04 13:47]
S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2008-05-21 13:57]
S3 e4usbaw;USB ADSL2 WAN Adapter;C:\Windows\system32\DRIVERS\e4usbaw.sys [2007-01-04 13:48]
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2007-11-06 22:22]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys [2008-02-19 10:24]
S3 tapvpn;TAP VPN Adapter;C:\Windows\system32\DRIVERS\tapvpn.sys [2008-03-13 04:38]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-24 21:50:00 C:\Windows\Tasks\User_Feed_Synchronization-{CA3E6470-DE20-462E-9E98-7E43DA69E60E}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 23:51:24
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????????-?!??8???`????????????

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\IDM\Desktop SMS\oehook.dll
.
Temps d'accomplissement: 2008-06-24 23:53:11
ComboFix-quarantined-files.txt 2008-06-24 21:52:35

Pre-Run: 23,972,548,608 octets libres
Post-Run: 24,455,376,896 octets libres

264 --- E O F --- 2008-06-20 19:33:58

Utilisateur anonyme · Answer

Copie le texte ci-dessous : 


File:: 
C:\Program Files\NetAnalyse\NetAnalyse.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\System32\SpoonUninstall.exe 
C:\Windows\System32\lsdelete.exe 
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\winspywareprotect.exe

Folder:: 
C:\Program Files\Navilog1 
C:\Program Files\Common Files\BOONTY Shared 
C:\ProgramData\ADSL Software Ltd
C:\Program Files\DNA
C:\Program Files\NetAnalyse
C:\ProgramData\BOONTY 

Registry:: 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"BitTorrent DNA"=-
"WinSpywareProtect"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
 "NetAnalyse"=-

Driver::
Boonty Games




Ouvre le Bloc-Notes puis colle le texte copié. 
(Démarrer\Tous les programmes\Accessoires\Bloc notes.) 
Sauvegarde ce fichier sous le nom de CFScript.txt. 

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous : 

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif 

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. 

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal! 

Ne touche à rien tant que le scan n'est pas terminé. 

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis. 

S'il n'y a pas de rédémarrage, poste quand même les rapports.

DeadLugosi · Answer

Voilà le rapport (note : à cause du redémarrage, combofix à du faire sa dernière étape au milieu des programmes de démarrage et surtout avec la protection antivirus en marche -elle se réactive automatiquement au démarrage-, enfin, comme il s'agissait juste de générer le rapport, je suppose que ce n'est pas si grave) :

ComboFix 08-06-20.4 - scroling 2008-06-25 0:13:47.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1103 [GMT 2:00]
Endroit: C:\Users\scroling\Desktop\ComboFix.exe
Command switches used :: C:\Users\scroling\Desktop\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\Program Files\DNA\btdna.exe
C:\Program Files\NetAnalyse\NetAnalyse.exe
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\winspywareprotect.exe
C:\Windows\System32\lsdelete.exe
C:\Windows\System32\SpoonUninstall.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\BOONTY Shared
C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
C:\Program Files\DNA
C:\Program Files\DNA\btdna.exe
C:\Program Files\DNA\DNAcpl.cpl
C:\Program Files\DNA\plugins\npbtdna.dll
C:\Program Files\Navilog1
C:\Program Files\Navilog1\catchme.exe
C:\Program Files\Navilog1\GetPaths.exe
C:\Program Files\Navilog1\gnc.exe
C:\Program Files\Navilog1\navilog1.bat
C:\Program Files\Navilog1\navreb.bat
C:\Program Files\Navilog1\oem2ansi.exe
C:\Program Files\Navilog1\Process.exe
C:\Program Files\Navilog1\reboot.exe
C:\Program Files\Navilog1\recherok.txt
C:\Program Files\Navilog1\reg.exe
C:\Program Files\Navilog1\regnavi.reg
C:\Program Files\Navilog1\traite.bat
C:\Program Files\Navilog1\traite2.bat
C:\Program Files\Navilog1\traite3.bat
C:\Program Files\Navilog1\unins000.dat
C:\Program Files\Navilog1\unins000.exe
C:\ProgramData\ADSL Software Ltd
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\LOG\20080623202912236.log
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\LOG\20080624090834592.log
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\LOG\20080624105829529.log
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\LOG\20080624225006478.log
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\LOG\20080624233955510.log
C:\ProgramData\ADSL Software Ltd\WinSpywareProtect\winspywareprotect.exe
C:\ProgramData\BOONTY
C:\ProgramData\BOONTY\Licenses\B4AED000.dat
C:\ProgramData\BOONTY\Licenses\B4F5C000.dat
C:\Windows\System32\lsdelete.exe
C:\Windows\System32\SpoonUninstall.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Boonty Games

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-24 to 2008-06-24 ))))))))))))))))))))))))))))))))))))
.

2008-06-24 23:18 . 2008-06-24 23:18 <REP> d-------- C:\Program Files\Trend Micro
2008-06-24 23:04 . 2008-06-24 23:04 <REP> d-------- C:\Program Files\RogueRemover FREE
2008-06-24 22:53 . 2008-06-24 22:53 <REP> d-------- C:\Program Files\Enigma Software Group
2008-06-23 21:35 . 2008-06-23 21:37 <REP> d-------- C:\Users\All Users\Lavasoft
2008-06-23 21:35 . 2008-06-23 21:37 <REP> d-------- C:\ProgramData\Lavasoft
2008-06-23 21:35 . 2008-06-23 21:35 <REP> d-------- C:\Program Files\Lavasoft
2008-06-23 20:01 . 2008-06-23 20:01 <REP> d-------- C:\Users\scroling\AppData\Roaming\EarMaster
2008-06-23 16:24 . 2008-06-23 16:24 <REP> d-------- C:\Users\scroling\AppData\Roaming\XnView
2008-06-23 13:00 . 2008-06-23 13:55 <REP> d-------- C:\Users\scroling\Program Files
2008-06-22 18:56 . 2008-06-24 20:22 <REP> d-------- C:\Users\scroling\AppData\Roaming\BitTorrent
2008-06-22 18:55 . 2008-06-25 00:09 <REP> d-------- C:\Users\scroling\AppData\Roaming\DNA
2008-06-22 18:55 . 2008-06-22 18:56 <REP> d-------- C:\Program Files\BitTorrent
2008-06-21 00:17 . 2008-06-21 00:17 <REP> d-------- C:\Program Files\TERMINAL Studio
2008-06-20 23:51 . 2008-06-20 23:51 263 --a------ C:\ftetris.cfg
2008-06-14 19:24 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 19:24 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 19:24 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 19:24 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-14 10:09 . 2008-04-26 10:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-14 10:09 . 2008-04-25 06:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-14 10:09 . 2008-05-10 03:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-14 10:08 . 2008-04-25 04:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-04 15:00 . 2008-06-19 12:18 215,550,218 --a------ C:\Windows\MEMORY.DMP
2008-06-04 10:47 . 2008-06-04 10:47 <REP> d-------- C:\Users\Carine\TaoUSign
2008-06-01 21:46 . 2008-06-01 21:46 <REP> d-------- C:\Users\All Users\EarMaster
2008-06-01 21:46 . 2008-06-01 21:46 <REP> d-------- C:\ProgramData\EarMaster
2008-06-01 21:46 . 2008-06-23 20:10 <REP> d-------- C:\Program Files\EarMaster Pro 5
2008-05-31 20:29 . 2008-06-23 17:33 <REP> d-------- C:\Users\scroling\AppData\Roaming\.easytag
2008-05-31 20:29 . 2008-05-31 20:29 <REP> d-------- C:\Program Files\EasyTAG
2008-05-31 20:28 . 2008-05-31 20:28 <REP> d-------- C:\Program Files\Common Files\GTK
2008-05-31 20:23 . 2008-05-31 20:23 <REP> d-------- C:\Program Files\MediaMonkey
2008-05-27 20:01 . 2008-05-27 21:42 <REP> d-------- C:\Users\scroling\AppData\Roaming\GNU Solfege
2008-05-27 19:37 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-27 19:37 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-27 17:21 . 2008-05-27 17:22 <REP> d-------- C:\Temp\ext18866
2008-05-26 20:54 . 2008-06-23 17:12 <REP> d-------- C:\Downloads
2008-05-26 20:53 . 2008-05-26 20:53 <REP> d-------- C:\Program Files\BitComet
2008-05-24 13:34 . 2008-05-24 13:34 <REP> d-------- C:\Users\scroling\AppData\Roaming\Songbird1
2008-05-24 13:30 . 2008-05-24 14:47 <REP> d-------- C:\Users\All Users\SongbirdVLC
2008-05-24 13:30 . 2008-05-24 14:47 <REP> d-------- C:\ProgramData\SongbirdVLC
2008-05-24 13:30 . 2008-05-24 13:34 <REP> d-------- C:\Program Files\Songbird

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-24 21:37 --------- d-----w C:\Users\scroling\AppData\Roaming\foobar2000
2008-06-23 19:34 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-23 15:24 --------- d-----w C:\Program Files\Safari
2008-06-20 21:30 --------- d-----w C:\Program Files\VstPlugins
2008-06-20 20:03 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3
2008-06-16 15:46 --------- d-----w C:\Program Files\Opera
2008-06-15 09:56 --------- d-----w C:\Program Files\Windows Mail
2008-06-06 21:56 --------- d-----w C:\ProgramData\UniversalisV12
2008-06-04 15:03 --------- d-----w C:\Program Files\Last.fm
2008-05-27 15:22 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-24 11:14 --------- d-----w C:\Users\scroling\AppData\Roaming\Audacity
2008-05-23 20:36 --------- d-----w C:\Users\scroling\AppData\Roaming\data
2008-05-21 12:29 --------- d-----w C:\Program Files\Architecte 3D Platinium Demo
2008-05-18 12:11 --------- d-----w C:\Program Files\WinPcap
2008-05-18 12:03 --------- d-----w C:\Program Files\Secunia
2008-05-17 13:49 --------- d-----w C:\Program Files\Universalis
2008-05-15 07:54 --------- d-----w C:\ProgramData\Toshiba
2008-05-15 07:54 --------- d-----w C:\Program Files\Common Files\Toshiba Shared
2008-05-15 07:50 --------- d-----w C:\Program Files\Atheros
2008-05-15 07:48 --------- d-----w C:\Program Files\Cisco
2008-05-15 07:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-15 07:45 --------- d-----w C:\ProgramData\Atheros
2008-05-14 01:02 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-13 04:26 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-11 15:10 --------- d-----w C:\Users\scroling\AppData\Roaming\Universalis V12
2008-05-11 15:10 --------- d-----w C:\ProgramData\Link Data Security
2008-05-11 14:56 --------- d-----w C:\Program Files\free-downloads.net
2008-05-11 14:56 --------- d-----w C:\Program Files\Conduit
2008-05-11 14:56 --------- d-----w C:\Program Files\Alcohol Soft
2008-05-11 14:23 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-05-10 15:16 --------- d-----w C:\Program Files\pd
2008-05-09 08:58 --------- d-----w C:\ProgramData\Symantec
2008-05-09 08:58 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-09 08:53 --------- d-----w C:\ProgramData\CheckPoint
2008-05-09 08:47 --------- d-----w C:\ProgramData\ESET
2008-05-09 08:47 --------- d-----w C:\Program Files\ESET
2008-05-09 08:13 --------- d-----w C:\Program Files\Symantec
2008-05-07 21:04 174 --sha-w C:\Program Files\desktop.ini
2008-05-07 20:51 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-07 20:51 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-07 20:51 --------- d-----w C:\Program Files\Windows Journal
2008-05-07 20:51 --------- d-----w C:\Program Files\Windows Defender
2008-05-07 20:51 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-07 20:51 --------- d-----w C:\Program Files\Windows Calendar
2008-05-07 18:30 --------- d-----w C:\ProgramData\Apple Computer
2008-05-07 18:30 --------- d-----w C:\Program Files\iTunes
2008-05-07 18:30 --------- d-----w C:\Program Files\iPod
2008-05-04 19:31 --------- d-----w C:\Users\scroling\AppData\Roaming\ESTsoft
2008-05-04 19:31 --------- d-----w C:\ProgramData\ESTsoft
2008-04-30 12:11 32 ----a-w C:\Windows\system32\drivers\adidsl.cfg
2008-04-30 12:08 --------- d-----w C:\Program Files\SAGEM
2008-04-29 13:57 --------- d-----w C:\Users\Carine\AppData\Roaming\foobar2000
2008-04-29 09:20 15,648 ----a-w C:\Windows\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\Windows\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\Windows\system32\drivers\Awrtpd.sys
2008-04-25 12:45 274,432 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((( snapshot@2008-06-24_23.52.12,93 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-24 21:39:10 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-24 22:17:01 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2005-10-20 18:02:28 163,328 ----a-w C:\Windows\erdnt\subs\ERDNT.EXE
- 2008-06-24 21:38:07 384,032 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-06-24 22:15:59 384,032 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-06-24 21:39:11 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-24 22:17:03 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-06-24 21:39:11 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-06-24 22:17:03 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-06-24 21:42:05 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-24 22:17:35 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-24 22:17:35 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-24 21:42:10 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-24 22:18:34 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-06-24 21:39:11 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-24 21:54:32 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-24 21:39:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-24 21:54:32 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-24 21:39:11 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-24 21:54:32 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-24 21:42:27 8,816 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2159299132-1564214123-2251615005-1001_UserData.bin
+ 2008-06-24 22:19:26 8,942 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2159299132-1564214123-2251615005-1001_UserData.bin
- 2008-06-24 21:42:27 78,812 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-24 22:19:25 78,936 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-24 08:59:18 49,860 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-24 22:19:06 50,802 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 14:54 1555480 --a------ C:\Program Files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-02-14 14:54 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= C:\Program Files\free-downloads.net\tbfree.dll [2008-02-14 14:54 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 13:01 413696]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-03-20 18:39 216520]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 11:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 11:14 4444160 C:\Windows\RtHDVCpl.exe]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 10:39 411192]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 16:49 55416]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-05-23 15:57 509496]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 16:32 538744]
"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 17:14 34352]
"HWSetup"="\HWSetup.exe" [ ]
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 20:42 438272]
"NDSTray.exe"="NDSTray.exe" []
"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 12:48 577536]
"Desktop SMS"="C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe" [2007-01-19 13:25 1507328]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 17:40 413696]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-03 10:51 1045800]
"Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 13:05 571024]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-31 22:24 185896]
"Toshiba TEMPO"="C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe" [2007-10-29 17:22 103824]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 06:00 204800]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"adiras"="C:\Windows\adiras.exe" [2007-01-10 15:34 188416]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-04-30 14:09:13 1214032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4A8D236F-55DA-4571-9350-5D6BF4EA89E6}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{36595F6E-4254-4535-A4D6-2E518BBA6A0E}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{454FED6B-1B56-44A7-BA29-197D0722BED0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0B990B40-21D0-43AA-BDFB-F85B8D614AFA}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{48B7255F-16EB-4186-81D9-7ED4F56F144C}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{F8307870-9EAB-4E6F-B460-009A3AB0ECEF}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7E0EC894-5A01-47B3-9489-A9835270AD48}"= Disabled:UDP:C:\Program Files\devolo\informer\devinf.exe:MicroLink Informer
"{D56CEF82-EC89-462F-AB36-598BD3403AF9}"= Disabled:TCP:C:\Program Files\devolo\informer\devinf.exe:MicroLink Informer
"{CDA2C4FC-A9C3-40AC-BF15-D4828B88FD64}"= Disabled:UDP:C:\Program Files\devolo\easyshare\easyshare.exe:MicroLink EasyShare
"{FD8EE34F-AD4B-4AC8-81AC-77E53A9B18E9}"= Disabled:TCP:C:\Program Files\devolo\easyshare\easyshare.exe:MicroLink EasyShare
"{B6C82080-583D-4501-B031-0D818B0D9EAC}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{FB5A1340-056E-4BF7-96CC-A130D87BB18C}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{618E2857-DBFA-4175-A1D0-8B11865B8B5B}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{5BAC6A8E-720B-47A5-B998-98B1F8760D2E}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{DC8168A4-FD12-4218-8C2D-2BCDEBDE5495}C:\\windows\\system32\\electricsheep.scr"= UDP:C:\windows\system32\electricsheep.scr:ElectricSheep
"UDP Query User{C87EF501-9A8B-43DD-9C44-8343278FB413}C:\\windows\\system32\\electricsheep.scr"= TCP:C:\windows\system32\electricsheep.scr:ElectricSheep
"TCP Query User{5C2AE538-6EDA-4B05-B194-6D4E37306DEB}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{684A0DCA-EFE6-4BAD-8F61-535D7082042A}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{2B6E061A-748C-43E6-BE6E-B7CA18593348}C:\\program files\\pd\\bin\\pd.exe"= UDP:C:\program files\pd\bin\pd.exe:pd
"UDP Query User{97489448-1368-42EE-A4DE-880A54BD973C}C:\\program files\\pd\\bin\\pd.exe"= TCP:C:\program files\pd\bin\pd.exe:pd
"TCP Query User{BD302B19-EEB5-4493-ACA7-FAC581989DEB}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{DED4E7F7-ED51-4A6E-8C93-C11B533E08BF}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{75E1AC33-BAB6-42BB-9A7B-9B58EBA204B1}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{623340E9-0576-4F6B-9668-B96D7AE755CA}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{07DCB6BE-6935-48BE-88D6-1B07F3428ECC}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{42F3ECB8-C30F-4CF4-9A69-3E9255CFB22D}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{740DBBF3-594D-4C45-A457-44692F90EE7C}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{BBF6D04E-1DC4-4E14-856A-75940B3468EE}"= TCP:C:\Program Files\DNA\btdna.exe:DNA

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R2 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;C:\Windows\system32\plcndis5.sys [2004-05-17 12:21]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-16 01:16]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\Windows\system32\Drivers\e4ldr.sys [2007-01-04 13:47]
S3 e4usbaw;USB ADSL2 WAN Adapter;C:\Windows\system32\DRIVERS\e4usbaw.sys [2007-01-04 13:48]
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2007-11-06 22:22]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys [2008-02-19 10:24]
S3 tapvpn;TAP VPN Adapter;C:\Windows\system32\DRIVERS\tapvpn.sys [2008-03-13 04:38]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-24 22:20:16 C:\Windows\Tasks\User_Feed_Synchronization-{CA3E6470-DE20-462E-9E98-7E43DA69E60E}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-25 00:17:43
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\IDM\Desktop SMS\oehook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\wlanext.exe
C:\Windows\System32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Program Files\Toshiba TEMPO\TempoSVC.exe
C:\Windows\System32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\conime.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-25 0:24:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-24 22:24:27
ComboFix2.txt 2008-06-24 21:53:11

Pre-Run: 24,140,349,440 octets libres
Post-Run: 23,848,640,512 octets libres

353 --- E O F --- 2008-06-20 19:33:58

Au fait : félicitation, je ne vois plus le truc de winspyware protect.

Utilisateur anonyme · Answer

hi hi merki

refais un scan hijackthis et post le rapport stp

DeadLugosi · Answer

Voilà :



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:56:57, on 25/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
C:\Program Files\Common Files\Real\Update_OBealsched.exe
C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\adiras.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\Explorer.exe
C:\Windows\system32
otepad.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net	bfree.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet	ools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net	bfree.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net	bfree.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information	opi.exe -startup
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [adiras] C:\Windows\adiras.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet	ools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O13 - Gopher Prefix: 
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcappcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Notebook Performance Tuning Service  (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - Unknown owner - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (file missing)
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Utilisateur anonyme · Answer

oki

ferme hijackths
fais un clic droit sur hijackthis
fais scan only
coches ces lignes :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640 

O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing) 
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing) 


O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet	ools\BitCometBHO_1.2.2.28.dll/206 (file missing) 

tu les coche et tu clic sur fix checked

ensuite désinstal java car pas a jours et telecharge et instal cette version :

https://www.java.com/fr/download/manual.jsp

ensuite tu as 2 traces de norton

désinstal liveupdate de symantec

ensuite fais ça :

Démarrer > executer > tape : services.msc 

- Clic droit sur le service cité - LiveUpdate Notice Service Ex 
- propriétés 
- et dans "type de démarrage" et mets le sur « désactivé ». 
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté » 

Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html 

fais la meme chose pour : Planificateur LiveUpdate automatique 

et pour : TOSHIBA Navi Support Service 

et pour : TOSHIBA Bluetooth Service 

ensuite :

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. 
double-clique sur OTMoveIt.exe pour le lancer. 
copie la ligne qui se trouve en gras ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved. 

C:\Windows\adiras.exe

clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles + un nouveau rapport hijackthis stp

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

DeadLugosi · Answer

OTMoveIt :

C:\Windows\adiras.exe moved successfully.
 
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06252008_012155


HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:26:10, on 25/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
C:\Program Files\Common Files\Real\Update_OBealsched.exe
C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe
C:\Windows\adiras.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\Explorer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net	bfree.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet	ools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net	bfree.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net	bfree.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information	opi.exe -startup
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [adiras] C:\Windows\adiras.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcappcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Notebook Performance Tuning Service  (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPO\TempoSVC.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Utilisateur anonyme · Answer

fais un clic droit sur hijackthis
choisi executer en tant qu admnistrateur
coche cette ligne ;

O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing) 

et clic sur fix checked

et ça sera clean :

* pour supprimer les outils/fix utilisés : 

Télécharge ToolsCleaner sur ton bureau. 
--> 
http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe 
http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe 

# Clique sur Recherche et laisse le scan agir ... 
# Clique sur Suppression pour finaliser. 
# Tu peux, si tu le souhaites, te servir des Options facultatives. 
# Clique sur Quitter pour obtenir le rapport. 
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

DeadLugosi · Answer

-->- Recherche: 

C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Navilog1: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: trouvé !
C:\QooBox\Quarantine\C\Program Files\Navilog1: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\Navilog1: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Navilog1: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: trouvé !
C:\Users\Carine\Desktop\HijackThis.lnk: trouvé !
C:\Users\Public\Desktop\Navilog1.lnk: trouvé !
C:\Users\scroling\AppData\Local\Opera\Opera\profile\cache4	emporary_download\Navilog1.exe: trouvé !
C:\Users\scroling\AppData\Local\Opera\Opera\profile\cache4	emporary_download\HJTInstall.exe: trouvé !
C:\Users\scroling\Desktop\HijackThis.lnk: trouvé !
C:\Users\scroling\Desktop\OtMoveIt2.exe: trouvé !
C:\Users\scroling\Desktop\ComboFix.exe: trouvé !


Fichiers temporaires nettoyés !
Corbeille vidée!
---------------------------------
-->- Suppression: 
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: supprimé !
C:\Users\Carine\Desktop\HijackThis.lnk: supprimé !
C:\Users\Public\Desktop\Navilog1.lnk: supprimé !
C:\Users\scroling\AppData\Local\Opera\Opera\profile\cache4	emporary_download\Navilog1.exe: supprimé !
C:\Users\scroling\AppData\Local\Opera\Opera\profile\cache4	emporary_download\HJTInstall.exe: supprimé !
C:\Users\scroling\Desktop\HijackThis.lnk: supprimé !
C:\Users\scroling\Desktop\OtMoveIt2.exe: supprimé !
C:\Users\scroling\Desktop\ComboFix.exe: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Navilog1: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1: supprimé !

Utilisateur anonyme · Answer

C:\_OtMoveIt: ERREUR DE SUPPRESSION !! 
C:\Program Files\Trend Micro\HijackThis: supprimé ! 
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !! 
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Navilog1: ERREUR DE SUPPRESSION !! 

faudra les supprimer manuellement 

voila c fini 

ciao et bon surf !!

DeadLugosi · Answer

Ben merci beaucoup beaucoup et ciao aussi!

Utilisateur anonyme · Answer

de rien pas de soucis

Winspyware protect (encore un ...)

13 réponses

Votre réponse

Discussions similaires

Newsletters