Sujet Précédent Sujet Suivant

Pb avec spybot, kapersky, hijackthis(rapport)

Résolu
missy69 Messages postés 36 Statut Membre -  
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
Bonjour,
voila je pense avec un virus sur mon ordi ou autre chose de ce genre mais lorque je fais un scan en ligne avec kapersky ou une correction avec spybot ou une annalyse avec hijack il y a toujours une erreur des composant endommagées , des dll par ci par là je ne sais pas trop quoi faire à part le formatage.

Logfile of HijackThis v1.99.1
Scan saved at 23:52:24, on 20/07/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
E:\programmes\VeohClient.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Elodie\winlogon.exe
C:\Windows\System32\rundll32.exe
E:\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\Elodie\AppData\Local\Temp\Rar$EX11.520\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.broadcom.com/support/security-center
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - E:\programmes\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Nouveau dossier\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Veoh] "E:\programmes\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Windows Logon Applicationedc] C:\Users\Elodie\winlogon.exe
O4 - HKCU\..\Run: [Windows Service] C:\Users\Elodie\service.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Elodie\AppData\Local\Temp\ddcabBQH.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Elodie\AppData\Local\Temp\xxyxUlKD.dll,c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BM6547bede] Rundll32.exe "C:\Users\Elodie\AppData\Local\Temp\ljoitdgt.dll",s
O4 - HKCU\..\Run: [66748d42] rundll32.exe "C:\Users\Elodie\AppData\Local\Temp\sbxbdovt.dll",b
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DEAAB234-9D25-4D31-A3F7-162AD10CE98E} (FileUpload Control) - http://www.zaoza.fr/ActiveX/1.1.0.14/FileUpload.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
A voir également:

31 réponses

  • 1
  • 2
Réponse 1 / 31
cruchot10 Messages postés 262 Statut Membre 27
 
bonsoir elodie

télécharge malwarebytes antimalware installe le et met le a jour puis redemarre ton ordi en mode sans echec et fais un examen complet puis supprime tous ce qu'il a trouvé du moins sil trouve quelque chose et revien sur le forum me dire les changements bon courage
0
Réponse 2 / 31
missy69 Messages postés 36 Statut Membre
 
merci pour la reponse j'essai ça demain du moins aujourdhui vers 10H
0
Réponse 3 / 31
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Salut vou 2 !!

décidément cruchot, tu es abonné à malwarebytes mdr...et tu ne vois meme pas que sa version de hijackthis n est pas à jour et qu il est tres mal installé :s

missy69 :

désinstalle ta version de hijackthis et retélécharge d ici en suivant bien le tuto pour bien l installer et le renommer :

Télécharge hijackthis : http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

voici un tuto pour bien l installer : https://forums.cnetfrance.fr

-une fois installé, le renommer HJT.exe pour contrer une éventuelle infection vundo
-Double-clic dessus
- Clic sur "Do a system scan and save the log"
- copier le rapport, le coller dans la réponse
0
Réponse 4 / 31
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
et pourquoi as tu crée 2 topics :s

un suffiusait ;-)

reste sur celui ci stp
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 31
missy69 Messages postés 36 Statut Membre
 
je pense avoir bien suivi

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:10:55, on 21/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
E:\programmes\VeohClient.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Elodie\winlogon.exe
C:\Windows\System32\rundll32.exe
E:\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\BitComet\BitComet.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\Explorer.exe
C:\Users\Elodie\Desktop\HJT.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.broadcom.com/support/security-center
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - E:\programmes\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Nouveau dossier\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Veoh] "E:\programmes\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Windows Logon Applicationedc] C:\Users\Elodie\winlogon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Elodie\AppData\Local\Temp\xxyxUlKD.dll,c
O4 - HKCU\..\Run: [BM6547bede] Rundll32.exe "C:\Users\Elodie\AppData\Local\Temp\ljoitdgt.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DEAAB234-9D25-4D31-A3F7-162AD10CE98E} (FileUpload Control) - http://www.zaoza.fr/ActiveX/1.1.0.14/FileUpload.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
0
Réponse 6 / 31
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Télécharger sur le bureau malware bytes : http://ww.commentcamarche.net/telecharger/telechargement 34055379 malwarebyte s anti malware?thread

= double-clic sur mbam-setup pour lancer l'installation
= Installer simplement sans rien modifier
= Quand le programme lancé ==> faire une mise à jour ensuite cocher Exécuter un examen complet
= Clic Rechercher
= Eventuellement décocher les disque à ne pas analyser
= Clic Lancer l'examen
= En fin de scan , si infection trouvée
==> Clic Afficher résultat
= Fermer vos applications en cours
= Vérifier si tout est coché et clic Supprimer la sélection

un rapport s'ouvre le copier et le coller dans la réponse

Puis redémarrer le pc !!

Et refais un nouveau rapport hijackthis stp
0
Réponse 7 / 31
missy69 Messages postés 36 Statut Membre
 
Malwarebytes' Anti-Malware 1.22
Version de la base de données: 972
Windows 6.0.6001 Service Pack 1

09:36:49 21/07/2008
mbam-log-7-21-2008 (09-36-49).txt

Type de recherche: Examen rapide
Eléments examinés: 36821
Temps écoulé: 6 minute(s), 26 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 8
Fichier(s) infecté(s): 122

Processus mémoire infecté(s):
C:\Users\Elodie\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\Users\Elodie\AppData\Local\Temp\xxyxUlKD.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows logon applicationedc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm6547bede (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Casino (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\sounds (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\poker_paigow (Adware.Casino) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Users\Elodie\AppData\Local\Temp\xxyxUlKD.dll (Trojan.Vundo) -> Delete on reboot.
C:\Casino\Casino Tropez\data\lobby\gameicon2\aroundtheworld.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\baccarat.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\baccarat_progressive.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\baccarat_video.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\balls.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\blackjack.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\blackjack_duel.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\blackjack_pontoon.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\blackjack_progressive.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\blackjack_surrender.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\menu_favourites.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\menu_live.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\menu_progressive.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\menu_specials.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\menu_tablegames.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\menu_videopoker.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\menu_videoslots.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\pachinko.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\penaltyshootout.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\blackjack_video.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\bonusbowling.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\craps.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\darts.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\dicetwister.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\gameicon-alpha.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\genieshilo.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\genieshilo_jackpot.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\headsortails.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\horseracing.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\keno.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\keno_x.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\mahjong.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\mahjong_pro.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\menu_asian.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\poker_caribbean.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\poker_holdem.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\poker_paigow.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\poker_tequila.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\popbingo.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\reddog.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\rockpaperscissors.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\rollercoasterdice.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\roulette.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\roulette00.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\roulette_mini.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\sicbo.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\sicbo_video.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\blackjack_switch.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\menu_cardgames.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\roulette_video.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_alchemist.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_fountain.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_ocean.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_alien25line.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_amigos.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_beachlife20line.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_bermuda.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_bonusbears25line.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_captain.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_chinese8line.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_cinerama.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_crazy.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_custom3reel.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_custom5reel.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_desert20line.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_diamond5reel.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_footballrules25line.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_forestofwonders25line.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_fruitmania5reel.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_globaltraveler20line.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_goblin.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_gold.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_golf.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_haunted.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_highway.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_jungle.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_lotto20line.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_lovemore20line.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_magic.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_millionaireslane20line.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_monkey.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_neptune.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_nightout20line.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_8ball.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_party.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_profits.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_pyramids9line.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_rock.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_safe.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_silver.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_sultan.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_thrillseekers50line.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_tropic.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_uggabugga.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_ultimate8line.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_vacation8line.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_wall.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_wanted25line.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\slots_whatscooking30line.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\spinawin.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\stravaganza.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\videopoker_10jacks.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\videopoker_10orbetter.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\videopoker_25aces.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\videopoker_4aces.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\videopoker_4deuceswild.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\videopoker_4jacks.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\videopoker_50jacks.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\videopoker_aces.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\videopoker_deuceswild.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\videopoker_highlow.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\videopoker_jacks.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\videopoker_joker.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\videopoker_megajacks.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\lobby\gameicon2\wildviking.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\data\poker_paigow\back.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Casino Tropez\Casino Tropez.lnk (Adware.Casino) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Casino Tropez\Uninstall Casino Tropez.lnk (Adware.Casino) -> Quarantined and deleted successfully.
C:\Users\Elodie\winlogon.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Elodie\AppData\Local\Temp\ljoitdgt.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
0
Réponse 8 / 31
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
ok redémarre ton pc et refais un nouveau rapport hijackthis stp
0
Réponse 9 / 31
missy69 Messages postés 36 Statut Membre
 
voila

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:45:09, on 21/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
E:\programmes\VeohClient.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
E:\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Windows Mail\WinMail.exe
C:\Users\Elodie\Desktop\HJT.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.broadcom.com/support/security-center
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - E:\programmes\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Nouveau dossier\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Veoh] "E:\programmes\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Elodie\AppData\Local\Temp\xxyxUlKD.dll,c
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DEAAB234-9D25-4D31-A3F7-162AD10CE98E} (FileUpload Control) - http://www.zaoza.fr/ActiveX/1.1.0.14/FileUpload.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
0
Réponse 10 / 31
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
télécharge OtMoveIt

Télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.


c:\users\elodie\appdata\local\temp\xxyxulkd.dll

clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

ensuite :

Fix.reg

Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisi nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en gras dans la citation ci-dessous (copie tout d'un trait sans les barres(x)) :

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"cmds"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Note : Regedit4 est sur la premiere ligne dans le bloc note et il y a une ligne blanche a la fin.
Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"

ca doit ressembler à ca une fois enregistré :

http://img520.imageshack.us/img520/4251/screenshot005ps2.png

double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"

ensuite redémarre le pc et refais un nouveau rapport hijackthis stp
0
Réponse 11 / 31
missy69 Messages postés 36 Statut Membre
 
je poste deja le rapport otmovelt

File/Folder c:\users\elodie\appdata\local\temp\xxyxulkd.dll not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07212008_095415
0
Réponse 12 / 31
missy69 Messages postés 36 Statut Membre
 
voici le nouveau rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:10, on 21/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
E:\programmes\VeohClient.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
E:\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Windows Mail\WinMail.exe
C:\Users\Elodie\Desktop\HJT.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.broadcom.com/support/security-center
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - E:\programmes\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Nouveau dossier\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Veoh] "E:\programmes\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DEAAB234-9D25-4D31-A3F7-162AD10CE98E} (FileUpload Control) - http://www.zaoza.fr/ActiveX/1.1.0.14/FileUpload.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
0
Réponse 13 / 31
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
ca a l air bon je ne vois plus d infections

relance hijackthis en cliquant sur scan only et coches ces lignes stp :

O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O16 - DPF: {DEAAB234-9D25-4D31-A3F7-162AD10CE98E} (FileUpload Control) - http://www.zaoza.fr/ActiveX/1.1.0.14/FileUpload.cab

puis tu cliques sur fix checked.

vas faire les mises à niveau de java et adobe reader à ces adresses :

java : https://www.java.com/fr/download/manual.jsp

adobe reader VISTA : https://get2.adobe.com/reader/otherversions/

et ensuite désinstalle les versions antérieures.

est ce que tu utilises norton pour le moment ??

et est ce que tu as encore des problemes ??
0
Réponse 14 / 31
missy69 Messages postés 36 Statut Membre
 
jai fais fix checked mais j'ai eu un message d'erreur

je suis en train d'installer java, pour après dans quel dossier je vais pour trouver les versions anterieurs à supprimer.

Oui j'utilise norton apparement il y a deja tout pare feu et tou
jai aussi spybot qui m'affiche un message constament je n'arrive pas a fermer"spybot a décelé qu'un élément important du registrea été modifié" element sun java uptade sched

sinon tout à l'air d'allé mieu, donc un grand merci pour ton aide geoffrey5
0
Réponse 15 / 31
missy69 Messages postés 36 Statut Membre
 
pour le message de spybot il est parti
voila
0
Réponse 16 / 31
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
autorise la modification...et je te conseille de désactiver le résident de spybot, il embete plus qu autre chose...

pour désinstaller les versions antérieures, tu vas dans supprimer programmes (je ne connais pas bien vista donc je ne saurais pas te dire exactement)

et tu désinstalles toutes les versions de java sauf la version6 update7

et tu désinstalles toutes les versions d adobe reader sauf la 9

ensuite :

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.

Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :

Télécharge toolscleaner sur ton Bureau : http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
* Double-clique sur ToolsCleaner2.exe et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse

ensuite réactive le controle des comptes utilisateur et vas créer un point de restauration systeme.
0
Réponse 17 / 31
missy69 Messages postés 36 Statut Membre
 
lorsque je clic sur le lien pour telecharger toolcleaner il ne se passe rien
0
Réponse 18 / 31
missy69 Messages postés 36 Statut Membre
 
personne pour m'aider?,je peu supprimé les programmes un par un dans panneau de configuration?
0
Réponse 19 / 31
cruchot10 Messages postés 262 Statut Membre 27
 
bonjour

supprime seulement ce que tools cleaner a trouvé dapres geoffrey cela devra etre sa mais est ce qu eton probleme est resolu?
0
Réponse 20 / 31
missy69 Messages postés 36 Statut Membre
 
oui mon probleme est résolu , mais je n'arrive pas a installer tool cleaner je suis aller sur son lien et lorsque je clique sur telecharger il ne se passe rien et jai essayer avec un autre lien de telechargement sa marche donc c'est peu etre le lien telechargement de tool cleaner qui ne fonctionne pas
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
Problém affichage du tableau croisé dynamique
BK -
Raymond PENTIER -

2 réponses
Theme de rapport de stage option comptabilité
sana saydou -
Raymond PENTIER -

2 réponses