Forum Clubic

Trojan downloader win32 renos/jm pollue mon pc sous vista comment faire ? (page 2)

Re

pas bon !!!

Supprimes Combofix téléchargé avant

Refais en respectant ce qui est marqué çi- dessous a savoir désactiver l UAC et tes protections avant téléchargement un nouveau Fichier ComboFix et de Bien renomer

ensuite

  1. Télécharge Random’s System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.

[img] []i46.tinypic.com…](http://i46.tinypic.com/i5q0c7.png[/img)

==>Random’s System Information Tool (RSIT)

Windows7/ Vista.

Clic droit sur l’icône RSIT.exe , puis sur Exécuter en tant qu’administrateur dans le menu déroulant,afin de lancer RSIT

==> Clique sur Continue à l’écran Disclaimer.
==> Si l’outil HijackThis (version à jour) n’est pas présent ou non détecté sur l’ordinateur, RSIT le téléchargera et tu devras accepter la licence.
==>Lorsque l’analyse sera terminée, deux fichiers texte s’ouvriront.

==> Poste le contenu de log.txt (<==qui sera affiché) ainsi que de info.txt (<==qui sera réduit dans la Barre des Tâches).

Note : Les deux rapports sont également sauvegardés %systemroot%\rsit

une fois ces deux logs postés,le temps que je regarde

3)Rends toi ici ==> Eset Online scanner (Eset-Nod32)

Uniquement avec Explorer

==> Eset Online scanner

Il faut utiliser Internet Explorer pour pouvoir le lancer (Contrôles ActiveX).

Coches la case: Yes, I accept the Terms of use puis cliques sur Start.

Installes les contrôles Active X proposés.

Choisis et coches les actions de nettoyage:

A la fin de l analyse colle le rapport : C:\Program Files\EsetOnlineScanner\log.txt

a la fin de l analyse

coches la case =>Désinstaller l application à la fermeture

[img] []i33.tinypic.com…](http://i33.tinypic.com/if3f2x.png[/img)

Tu posteras le rapport ou une capture d écran des résultats
Edité le 02/01/2010 à 20:59

Bonjour cricri58,
dsl depuis 15 jours déjà je suis privée d’internet jusqu’à 6 heures par jour via mon fai, j’avais pas àccès à ton mail ci dessus dsl, je vais effectuer tes consignes de suite et te fait parvenir les rapports dans les meilleurs délais et attendant voici le dernier scan obtenu via virus removal tool :slight_smile: bon dimanche :wink:

Autoscan: completed 7 hours ago (events: 6, objects: 754183, time: 04:56:51)
02/01/2010 23:23:20 Task started
03/01/2010 00:28:21 Detected: www.viruslist.com… C:\Program Files\Java\jre1.6.0\bin\java.exe
03/01/2010 00:28:21 Detected: www.viruslist.com… C:\Program Files\Java\jre1.6.0_07\bin\java.exe
03/01/2010 02:58:24 Detected: www.viruslist.com… C:\Program Files\Java\jre1.6.0\bin\java.exe
03/01/2010 02:58:27 Detected: www.viruslist.com… C:\Program Files\Java\jre1.6.0_07\bin\java.exe
03/01/2010 04:20:11 Task completed
Edité le 03/01/2010 à 16:47

RE

:hello: Bonsoir cricri58, comme demandé, vous trouverez ci-après les rapports, je retourne faire l’étape 3, merci d’avance de votre aide, à bientôt :slight_smile:

ComboFix 10-01-02.05 - danieli 03/01/2010 22:16:25.4.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.1013.399 [GMT 1:00]
Lancé depuis: c:\users\danieli\Desktop\dani71.com.exe
SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\LOG.TXT
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\danieli\AppData\Roaming\SystemProc

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-12-03 au 2010-01-03 ))))))))))))))))))))))))))))))))))))
.

2010-01-03 21:38 . 2010-01-03 21:39 -------- dc----w- c:\users\danieli\AppData\Local\temp
2010-01-03 21:38 . 2010-01-03 21:38 -------- dc----w- c:\users\Default\AppData\Local\temp
2010-01-03 21:09 . 2010-01-03 21:10 862040 -c–a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-03 21:09 . 2010-01-03 21:09 15880 -c–a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-01-03 21:09 . 2010-01-03 21:09 206944 -c–a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-03 21:09 . 2010-01-03 21:09 390288 -c–a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-03 21:09 . 2010-01-03 21:09 537576 -c–a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-03 21:09 . 2010-01-03 21:09 370744 -c–a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-01-03 21:09 . 2010-01-03 21:09 163728 -c–a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-01-03 21:09 . 2010-01-03 21:09 194104 -c–a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-03 21:01 . 2010-01-03 21:02 6296864 -c–a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-03 21:01 . 2010-01-03 21:01 327000 -c–a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-01-03 21:01 . 2010-01-03 21:01 87496 -c–a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-01-03 20:59 . 2010-01-03 21:00 0 -c–a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-03 20:59 . 2010-01-03 20:59 641632 -c–a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-01-03 20:56 . 2010-01-03 20:56 816272 -c–a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-03 20:55 . 2010-01-03 20:56 822904 -c–a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-01-03 20:54 . 2010-01-03 20:55 0 -c–a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-03 20:54 . 2010-01-03 20:54 788880 -c–a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-03 20:54 . 2010-01-03 20:54 1181328 -c–a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-01-03 17:32 . 1998-08-31 09:17 92208 -c–a-w- c:\windows\system32\Wing.dll
2010-01-03 17:32 . 1998-08-31 09:17 6736 -c–a-w- c:\windows\system32\Wingdib.drv
2010-01-03 17:32 . 1998-08-31 09:17 188960 -c–a-w- c:\windows\system32\Wingde.dll
2010-01-03 17:32 . 1998-08-31 09:17 12800 -c–a-w- c:\windows\system32\Wing32.dll
2010-01-03 17:32 . 1996-02-20 00:05 444928 -c–a-w- c:\windows\system32\MSVCR40D.DLL
2010-01-03 17:32 . 2010-01-03 17:32 -------- dc----w- c:\program files\Mattel Interactive
2010-01-03 14:27 . 1998-06-16 23:00 385100 -c–a-w- c:\windows\system32\MSVCRTD.DLL
2010-01-03 14:26 . 1998-10-07 12:08 327168 -c–a-w- c:\windows\IsUn040c.exe
2010-01-02 22:01 . 2009-09-03 09:17 15688 -c–a-w- c:\windows\system32\lsdelete.exe
2010-01-02 21:40 . 2009-10-22 11:54 37392 -c–a-w- c:\windows\system32\drivers\73892392.sys
2010-01-02 21:40 . 2009-10-09 21:31 311312 -c–a-w- c:\windows\system32\drivers\7389239.sys
2010-01-02 21:40 . 2009-09-25 15:59 128016 -c–a-w- c:\windows\system32\drivers\73892391.sys
2010-01-02 19:58 . 2009-09-23 12:55 64288 -c–a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-02 19:50 . 2009-10-03 08:15 2924848 -c–a-w- c:\programdata{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2010-01-02 19:48 . 2010-01-02 19:58 -------- dc----w- c:\programdata\Lavasoft
2010-01-02 19:48 . 2010-01-02 19:48 -------- dc----w- c:\program files\Lavasoft
2010-01-02 19:47 . 2010-01-02 19:50 -------- dc-h–w- c:\programdata{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2010-01-02 18:00 . 2009-10-22 11:54 37392 -c–a-w- c:\windows\system32\drivers\81510132.sys
2010-01-02 18:00 . 2009-10-09 21:31 311312 -c–a-w- c:\windows\system32\drivers\8151013.sys
2010-01-02 18:00 . 2009-09-25 15:59 128016 -c–a-w- c:\windows\system32\drivers\81510131.sys
2010-01-02 17:41 . 2010-01-02 17:41 7168 -c–a-w- c:\windows\system32\drivers\uti0odc2.sys
2010-01-02 13:09 . 2010-01-02 22:22 -------- dc----w- c:\programdata\Kaspersky Lab
2010-01-02 12:13 . 2010-01-02 12:13 141824 -c–a-w- c:\programdata\MSN Pictures Displayer\DisplayerDLL.dll
2010-01-02 12:05 . 2009-11-24 23:48 23120 -c–a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-02 12:05 . 2009-11-24 23:49 48560 -c–a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-02 12:05 . 2009-11-24 23:47 97480 -c–a-w- c:\windows\system32\AvastSS.scr
2010-01-02 12:05 . 2009-11-24 23:50 114768 -c–a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-02 12:05 . 2009-11-24 23:50 20560 -c–a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-02 12:03 . 2009-11-24 23:54 1280480 -c–a-w- c:\windows\system32\aswBoot.exe
2010-01-02 12:03 . 2009-11-24 23:49 53328 -c–a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-01-02 12:03 . 2010-01-02 12:03 -------- dc----w- c:\program files\Alwil Software
2010-01-01 11:29 . 2010-01-01 11:29 -------- dc----w- c:\users\danieli\AppData\Local\Microsoft Games
2009-12-31 23:24 . 2009-12-31 23:24 -------- dc----w- c:\users\danieli\DoctorWeb
2009-12-31 14:20 . 2009-12-31 14:20 -------- dc----w- c:\users\danieli\AppData\Roaming\PeerNetworking
2009-12-30 21:18 . 2009-12-30 21:18 -------- dc----w- c:\users\danieli\AppData\Roaming\InterVideo
2009-12-28 21:39 . 2009-12-28 21:39 -------- dc----w- c:\users\danieli\AppData\Roaming\Malwarebytes
2009-12-28 21:39 . 2009-12-03 15:14 38224 -c–a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-28 21:39 . 2009-12-28 21:39 -------- dc----w- c:\programdata\Malwarebytes
2009-12-28 21:39 . 2009-12-28 21:39 -------- dc----w- c:\program files\Malwarebytes’ Anti-Malware
2009-12-28 21:39 . 2009-12-03 15:13 19160 -c–a-w- c:\windows\system32\drivers\mbam.sys
2009-12-28 21:21 . 2010-01-03 19:44 -------- dc----w- c:\program files\trend micro
2009-12-28 21:21 . 2009-12-28 21:26 -------- dc----w- C:\rsit
2009-12-27 14:30 . 2009-12-27 14:30 653560 -c–a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-25 09:04 . 2009-12-25 09:04 -------- dc----w- c:\program files\photoview3.0
2009-12-23 17:49 . 2009-12-23 17:49 -------- dc----w- c:\program files\CCleaner
2009-12-19 12:05 . 2009-12-28 19:41 -------- dc----w- c:\users\danieli\AppData\Roaming\DeepBurner Pro
2009-12-19 12:04 . 2009-12-19 12:04 -------- dc----w- c:\program files\Astonsoft
2009-12-18 16:21 . 2009-12-18 16:21 -------- dc----w- C:\emme
2009-12-16 17:37 . 2009-12-16 17:37 -------- dc----w- c:\program files\LG Electronics
2009-12-16 17:35 . 2005-09-05 10:33 81920 -c–a-r- c:\windows\system32\srctrl.dll
2009-12-16 17:34 . 2009-12-16 17:35 -------- dc----w- c:\program files\LGGSM
2009-12-11 20:06 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-11 20:06 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-11 20:06 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-10 08:24 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-10 08:20 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-05 09:01 . 2008-08-29 16:43 76184 -c–a-w- c:\windows\system32\atsckernel.exe
2009-12-05 09:00 . 2008-08-29 16:40 20376 -c–a-w- c:\windows\system32\atashost.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-03 16:37 . 2006-11-02 15:48 669566 -c–a-w- c:\windows\system32\perfh00C.dat
2010-01-03 16:37 . 2006-11-02 15:48 123556 -c–a-w- c:\windows\system32\perfc00C.dat
2010-01-03 16:30 . 2009-11-25 13:21 -------- dc----w- c:\program files\Lx_cats
2010-01-02 20:59 . 2006-12-18 10:09 -------- dc----w- c:\programdata\Symantec
2010-01-02 20:59 . 2006-12-18 10:09 -------- dc----w- c:\program files\Common Files\Symantec Shared
2010-01-02 12:13 . 2009-11-11 10:40 -------- dc----w- c:\programdata\MSN Pictures Displayer
2010-01-01 01:46 . 2009-11-15 10:45 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-31 13:07 . 2009-11-09 11:12 2032 -c–a-w- c:\users\danieli\AppData\Local\d3d9caps.dat
2009-12-30 09:43 . 2009-11-16 11:32 -------- dc----w- c:\program files\Toshiba TEMPRO
2009-12-28 21:24 . 2009-11-16 11:29 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-28 19:41 . 2009-11-11 10:40 -------- dc----w- c:\users\danieli\AppData\Roaming\MSN Pictures Displayer
2009-12-28 19:41 . 2009-11-27 16:48 -------- dc----w- c:\program files\Microsoft Works
2009-12-28 19:41 . 2009-11-27 14:48 -------- dc----w- c:\programdata\Microsoft Help
2009-12-21 09:04 . 2009-11-10 22:22 -------- dc----w- c:\users\danieli\AppData\Roaming\Radio France
2009-12-16 17:37 . 2006-12-18 08:12 -------- dc-h–w- c:\program files\InstallShield Installation Information
2009-12-10 09:09 . 2006-11-02 11:18 -------- dc----w- c:\program files\Windows Mail
2009-12-04 20:03 . 2009-12-04 20:03 -------- dc----w- c:\programdata\WindowsSearch
2009-12-04 09:03 . 2009-12-04 09:03 251376 -c–a-w- c:\users\danieli\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2009-12-01 07:39 . 2009-11-10 22:21 -------- dc----w- c:\program files\Radio France
2009-11-30 14:39 . 2009-11-25 13:24 -------- dc----w- c:\users\danieli\AppData\Roaming\5400 Series
2009-11-28 17:56 . 2009-11-28 17:56 86576 -c–a-w- c:\users\danieli\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2009-11-28 17:56 . 2009-11-28 17:56 132672 -c–a-w- c:\users\danieli\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
2009-11-28 17:56 . 2009-11-28 17:56 392728 -c–a-w- c:\users\danieli\AppData\Roaming\Microsoft\Services Windows Live\Services Windows Live.dll
2009-11-28 13:21 . 2009-11-09 11:13 75616 -c–a-w- c:\users\danieli\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-28 11:20 . 2009-11-10 13:10 -------- dc----w- c:\program files\Microsoft
2009-11-27 20:54 . 2009-11-10 13:28 -------- dc----w- c:\program files\Microsoft Silverlight
2009-11-27 16:45 . 2009-11-27 16:45 -------- dc----w- c:\program files\Microsoft.NET
2009-11-27 14:44 . 2009-11-24 12:57 -------- dc----w- c:\program files\OpenOffice.org 3
2009-11-27 14:34 . 2009-11-24 13:04 1 -c–a-w- c:\users\danieli\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-25 13:34 . 2009-11-25 13:07 -------- dc----w- c:\program files\Lexmark Toolbar
2009-11-25 13:28 . 2009-11-25 13:06 -------- dc----w- c:\program files\Lexmark 5400 Series
2009-11-25 13:08 . 2009-11-25 13:08 -------- dc----w- c:\programdata\5400 Series
2009-11-24 13:03 . 2009-11-24 13:03 -------- dc----w- c:\users\danieli\AppData\Roaming\OpenOffice.org
2009-11-24 12:54 . 2006-12-18 07:31 -------- dc----w- c:\program files\Java
2009-11-21 06:40 . 2009-12-10 08:25 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-10 08:25 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-10 08:25 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-10 08:25 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-20 10:32 . 2009-11-20 10:32 135680 -c–a-w- c:\users\danieli\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
2009-11-17 09:14 . 2009-11-17 09:14 -------- dc----w- c:\program files\Windows Portable Devices
2009-11-17 09:14 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 09:13 . 2009-11-17 09:13 0 -c-ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 09:12 . 2009-11-17 09:12 0 -c-ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-16 14:34 . 2009-11-16 14:34 -------- dc----w- c:\program files\Common Files\InterVideo
2009-11-16 14:33 . 2009-11-16 14:33 -------- dc----w- c:\users\danieli\AppData\Roaming\InstallShield
2009-11-16 12:11 . 2009-11-11 16:01 -------- dc----w- c:\program files\Common Files\Apple
2009-11-16 11:34 . 2009-11-16 11:34 -------- dc----w- c:\programdata\IsolatedStorage
2009-11-15 12:09 . 2006-11-02 12:37 -------- dc----w- c:\program files\Windows Calendar
2009-11-15 12:09 . 2006-11-02 12:37 -------- dc----w- c:\program files\Windows Sidebar
2009-11-15 12:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-11-15 12:09 . 2006-11-02 12:37 -------- dc----w- c:\program files\Windows Journal
2009-11-15 12:09 . 2006-11-02 12:37 -------- dc----w- c:\program files\Windows Photo Gallery
2009-11-15 12:09 . 2006-11-02 12:37 -------- dc----w- c:\program files\Windows Defender
2009-11-15 11:58 . 2009-11-15 11:58 0 -c-ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-11-15 11:54 . 2009-11-15 11:54 0 -c-ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-11-14 17:02 . 2009-11-14 17:02 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-11-14 14:40 . 2006-11-02 10:32 101888 -c–a-w- c:\windows\system32\ifxcardm.dll
2009-11-14 14:39 . 2006-11-02 10:32 82432 -c–a-w- c:\windows\system32\axaltocm.dll
2009-11-14 08:23 . 2009-11-14 08:23 -------- dc----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-11-12 05:39 . 2009-11-12 05:39 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-12 05:35 . 2009-11-12 05:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-11 17:21 . 2009-11-11 17:19 -------- dc----w- c:\program files\Common Files\Adobe
2009-11-11 16:59 . 2009-11-11 17:01 411368 -c–a-w- c:\windows\system32\deploytk.dll
2009-11-11 16:27 . 2009-11-11 16:24 -------- dc----w- c:\users\danieli\AppData\Roaming\Apple Computer
2009-11-11 16:23 . 2009-11-11 16:20 -------- dc----w- c:\programdata{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-11 16:14 . 2009-11-11 16:14 -------- dc----w- c:\program files\Bonjour
2009-11-11 16:09 . 2009-11-11 16:08 -------- dc----w- c:\program files\Apple Software Update
2009-11-11 16:01 . 2009-11-11 16:01 -------- dc----w- c:\programdata\Apple
2009-11-11 10:46 . 2009-11-11 10:46 446976 -c–a-w- c:\windows\system32\ShellMPD.dll
2009-11-10 21:05 . 2009-11-10 21:05 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-11-10 21:05 . 2009-11-10 21:05 272896 ----a-w- c:\windows\system32\polstore.dll
2009-11-10 20:53 . 2009-11-10 20:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-11-10 20:53 . 2009-11-10 20:53 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-11-10 20:53 . 2009-11-10 20:53 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-11-10 20:53 . 2009-11-10 20:53 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-11-10 20:53 . 2009-11-10 20:53 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-11-10 20:53 . 2009-11-10 20:53 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-11-10 20:53 . 2009-11-10 20:53 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-11-10 20:53 . 2009-11-10 20:53 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-11-10 20:53 . 2009-11-10 20:53 10240 ----a-w- c:\windows\system32\finger.exe
2009-11-10 20:53 . 2009-11-10 20:53 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-11-10 20:53 . 2009-11-10 20:53 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-11-10 20:41 . 2009-11-10 20:41 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-11-10 20:41 . 2009-11-10 20:41 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-11-10 20:41 . 2009-11-10 20:41 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2009-11-10 20:41 . 2009-11-10 20:41 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-11-10 20:41 . 2009-11-10 20:41 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-11-10 20:41 . 2009-11-10 20:41 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-11-10 20:41 . 2009-11-10 20:41 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2009-11-10 20:31 . 2009-11-10 20:31 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-11-10 20:31 . 2009-11-10 20:31 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-11-10 20:31 . 2009-11-10 20:31 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-11-10 20:31 . 2009-11-10 20:31 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-11-10 20:31 . 2009-11-10 20:31 23552 ----a-w- c:\windows\system32\lpk.dll
2009-11-10 20:31 . 2009-11-10 20:31 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-11-10 20:27 . 2009-11-10 20:27 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-11-10 20:18 . 2009-11-10 20:18 2868224 ----a-w- c:\windows\system32\mf.dll
2009-11-10 20:18 . 2009-11-10 20:18 98816 ----a-w- c:\windows\system32\mfps.dll
2009-11-10 20:18 . 2009-11-10 20:18 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-11-10 20:18 . 2009-11-10 20:18 2048 ----a-w- c:\windows\system32\mferror.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe” [2009-04-11 1233920]
“TOSCDSPD”=“c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe” [2006-11-13 413696]
“Google Update”=“c:\users\danieli\AppData\Local\Google\Update\GoogleUpdate.exe” [2009-11-09 135664]
“ehTray.exe”=“c:\windows\ehome\ehTray.exe” [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Windows Defender”=“c:\program files\Windows Defender\MSASCui.exe” [2008-01-19 1008184]
“TPwrMain”=“c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE” [2006-12-14 411768]
“HSON”=“c:\program files\TOSHIBA\TBS\HSON.exe” [2006-12-07 55416]
“SmoothView”=“c:\program files\Toshiba\SmoothView\SmoothView.exe” [2006-12-14 493688]
“00TCrdMain”=“c:\program files\TOSHIBA\FlashCards\TCrdMain.exe” [2006-12-11 530552]
“NvSvc”=“c:\windows\system32\nvsvc.dll” [2006-12-07 90191]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2006-12-07 7766016]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2006-12-07 81920]
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2008-08-14 1348904]
“RtHDVCpl”=“RtHDVCpl.exe” [2006-11-07 3772416]
“LtMoh”=“c:\program files\ltmoh\Ltmoh.exe” [2005-12-16 188416]
“NDSTray.exe”=“NDSTray.exe” [BU]
“topi”=“c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe” [2009-03-16 6158240]
“AppleSyncNotifier”=“c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe” [2009-08-13 177440]
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-11-11 149280]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-10-03 35696]
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2009-09-04 935288]
“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2008-02-11 141848]
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2008-02-11 166424]
“Persistence”=“c:\windows\system32\igfxpers.exe” [2008-02-11 133656]
“Toshiba TEMPRO”=“c:\program files\Toshiba TEMPRO\TemproTray.exe” [2009-12-01 1045976]
“lxctmon.exe”=“c:\program files\Lexmark 5400 Series\lxctmon.exe” [2006-11-22 291760]
“Lexmark 5400 Series Fax Server”=“c:\program files\Lexmark 5400 Series\fm3032.exe” [2006-11-22 304048]
“EzPrint”=“c:\program files\Lexmark 5400 Series\ezprint.exe” [2006-11-22 82864]
“LXCTCATS”=“c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll” [2006-11-21 106496]
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2009-11-24 81000]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“msnmsgr”=“c:\program files\Windows Live\Messenger\msnmsgr.exe” [2009-07-26 3883856]
“TOSHIBA Online Product Information”=“c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe” [2009-03-16 6158240]

c:\users\danieli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MSN Pictures Displayer.lnk - c:\programdata\MSN Pictures Displayer\MSN Pictures Displayer.exe [2009-11-11 4711936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableLUA”= 0 (0x0)
“EnableUIADesktopToggle”= 0 (0x0)
“UacDisableNotify”= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
“HonorAutoRunSetting”= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“HonorAutoRunSetting”= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=“Service”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=“Service”

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
“VistaSp2”=hex(b):94,5e,18,ce,ed,65,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1899379307-253535167-2046178148-1000]
“EnableNotificationsRef”=dword:00000002

R0 73892392;73892392 Boot Guard Driver;c:\windows\System32\drivers\73892392.sys [02/01/2010 22:40 37392]
R0 81510132;81510132 Boot Guard Driver;c:\windows\System32\drivers\81510132.sys [02/01/2010 19:00 37392]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [02/01/2010 20:58 64288]
R1 73892391;73892391;c:\windows\System32\drivers\73892391.sys [02/01/2010 22:40 128016]
R1 81510131;81510131;c:\windows\System32\drivers\81510131.sys [02/01/2010 19:00 128016]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [02/01/2010 13:05 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [02/01/2010 13:05 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [02/01/2010 13:03 53328]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12:17 1169232]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [18/12/2006 09:59 7168]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [01/12/2009 12:12 116176]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [14/11/2009 11:39 21504]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [10/11/2009 15:18 54632]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S3 uti0odc2;AVZ Kernel Driver;c:\windows\System32\drivers\uti0odc2.sys [02/01/2010 18:41 7168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier ‘Tâches planifiées’

2010-01-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job

  • c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:06]

2010-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1899379307-253535167-2046178148-1000Core.job

  • c:\users\danieli\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-09 11:29]

2010-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1899379307-253535167-2046178148-1000UA.job

  • c:\users\danieli\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-09 11:29]

2010-01-03 c:\windows\Tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job

  • c:\windows\system32\msfeedssync.exe [2009-12-10 04:59]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = www.eset-nod32.fr…
    uInternet Settings,ProxyOverride = *.local
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
    IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - www.webtip.ch…
    .

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2010-01-03 22:39
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés …

Recherche d’éléments en démarrage automatique cachés …

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCTCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16???
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i???"P???L? ?L?X?L???L???

Recherche de fichiers cachés …

Scan terminé avec succès
Fichiers cachés: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, www.gmer.net…

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84C5E618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8689dd24
\Driver\ACPI -> acpi.sys @ 0x82a4ad68
\Driver\atapi -> ataport.SYS @ 0x82b93a2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK


.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
“MSCurrentCountry”=dword:000000b5
.
Heure de fin: 2010-01-03 22:48:15
ComboFix-quarantined-files.txt 2010-01-03 21:48

Avant-CF: 74 089 709 568 octets libres
Après-CF: 74 311 798 784 octets libres

    • End Of File - - 9AB044478E96DA8A4026E77DC5A000E2

Logfile of random’s system information tool 1.06 (written by random/random)
Run by danieli at 2010-01-03 22:58:54
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 71 GB (63%) free of 113 GB
Total RAM: 1013 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:58:59, on 03/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\danieli\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\danieli\Desktop\RSIT.exe
C:\Program Files\trend micro\danieli.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.eset-nod32.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = fr.msn.com…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Lexmark Barre d’outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Lexmark Barre d’outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM…\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM…\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM…\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM…\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM…\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM…\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM…\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM…\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM…\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM…\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM…\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM…\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe
O4 - HKLM…\Run: [lxctmon.exe] “C:\Program Files\Lexmark 5400 Series\lxctmon.exe”
O4 - HKLM…\Run: [Lexmark 5400 Series Fax Server] “C:\Program Files\Lexmark 5400 Series\fm3032.exe” /s
O4 - HKLM…\Run: [EzPrint] “C:\Program Files\Lexmark 5400 Series\ezprint.exe”
O4 - HKLM…\Run: [LXCTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU…\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU…\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU…\Run: [Google Update] “C:\Users\danieli\AppData\Local\Google\Update\GoogleUpdate.exe” /c
O4 - HKCU…\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-18…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18…\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background (User ‘Default user’)
O4 - Startup: MSN Pictures Displayer.lnk = C:\ProgramData\MSN Pictures Displayer\MSN Pictures Displayer.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE…
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - www.webtip.ch… (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


End of file - 9924 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1899379307-253535167-2046178148-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1899379307-253535167-2046178148-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
Lexmark Barre d’outils - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-11-11 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d’aide de l’Assistant de connexion Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Barre d’outils - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 184320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Windows Defender”=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
“TPwrMain”=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2006-12-14 411768]
“HSON”=C:\Program Files\TOSHIBA\TBS\HSON.exe [2006-12-07 55416]
“SmoothView”=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2006-12-14 493688]
“00TCrdMain”=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2006-12-11 530552]
“NvSvc”=C:\Windows\system32\nvsvc.dll [2006-12-07 90191]
“NvCplDaemon”=C:\Windows\system32\NvCpl.dll [2006-12-07 7766016]
“NvMediaCenter”=C:\Windows\system32\NvMcTray.dll [2006-12-07 81920]
“SynTPEnh”=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1348904]
“RtHDVCpl”=C:\Windows\RtHDVCpl.exe [2006-11-07 3772416]
“LtMoh”=C:\Program Files\ltmoh\Ltmoh.exe [2005-12-16 188416]
“NDSTray.exe”=NDSTray.exe []
“topi”=C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2009-03-16 6158240]
“AppleSyncNotifier”=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
“SunJavaUpdateSched”=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-11 149280]
“Adobe Reader Speed Launcher”=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
“Adobe ARM”=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
“IgfxTray”=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
“HotKeysCmds”=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
“Persistence”=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
“Toshiba TEMPRO”=C:\Program Files\Toshiba TEMPRO\TemproTray.exe [2009-12-01 1045976]
“lxctmon.exe”=C:\Program Files\Lexmark 5400 Series\lxctmon.exe [2006-11-22 291760]
“Lexmark 5400 Series Fax Server”=C:\Program Files\Lexmark 5400 Series\fm3032.exe [2006-11-22 304048]
“EzPrint”=C:\Program Files\Lexmark 5400 Series\ezprint.exe [2006-11-22 82864]
“LXCTCATS”=rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16 []
“avast!”=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
“TOSCDSPD”=C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [2006-11-13 413696]
“Google Update”=C:\Users\danieli\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-09 135664]
“ehTray.exe”=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

C:\Users\danieli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MSN Pictures Displayer.lnk - C:\ProgramData\MSN Pictures Displayer\MSN Pictures Displayer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
“{AEB6717E-7E19-11d0-97EE-00C04FD91972}”= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\atashost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“EnableUIADesktopToggle”=0
“UacDisableNotify”=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDriveTypeAutoRun”=128
“NoDriveAutoRun”=128
“HonorAutoRunSetting”=0
“NoDrives”=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“BindDirectlyToPropertySetStorage”=
“NoDriveAutoRun”=
“NoDriveTypeAutoRun”=
“HonorAutoRunSetting”=
“NoDrives”=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-01-03 22:48:44 ----SHDC---- C:$RECYCLE.BIN
2010-01-03 22:48:26 ----DC---- C:\Windows\temp
2010-01-03 22:48:20 ----AC---- C:\ComboFix.txt
2010-01-03 22:11:44 ----DC---- C:\dani71.com
2010-01-03 22:10:42 ----AC---- C:\Windows\SWXCACLS.exe
2010-01-03 18:32:42 ----AC---- C:\Windows\system32\Wingde.dll
2010-01-03 18:32:42 ----AC---- C:\Windows\system32\Wing32.dll
2010-01-03 18:32:42 ----AC---- C:\Windows\system32\Wing.dll
2010-01-03 18:32:42 ----AC---- C:\Windows\system32\MSVCR40D.DLL
2010-01-03 18:32:19 ----DC---- C:\Program Files\Mattel Interactive
2010-01-03 15:27:24 ----AC---- C:\Windows\system32\MSVCRTD.DLL
2010-01-03 15:27:24 ----AC---- C:\Windows\dmi.ini
2010-01-03 15:26:26 ----AC---- C:\Windows\IsUn040c.exe
2010-01-02 23:01:39 ----AC---- C:\Windows\system32\lsdelete.exe
2010-01-02 21:59:06 ----DC---- C:\Config.Msi
2010-01-02 20:48:45 ----DC---- C:\ProgramData\Lavasoft
2010-01-02 20:48:45 ----DC---- C:\Program Files\Lavasoft
2010-01-02 20:47:43 ----HDC---- C:\ProgramData{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2010-01-02 14:09:45 ----DC---- C:\ProgramData\Kaspersky Lab
2010-01-02 13:03:58 ----AC---- C:\Windows\system32\aswBoot.exe
2010-01-02 13:03:50 ----DC---- C:\Program Files\Alwil Software
2010-01-02 11:29:16 ----AC---- C:\Windows\zip.exe
2010-01-02 11:29:16 ----AC---- C:\Windows\SWSC.exe
2010-01-02 11:29:16 ----AC---- C:\Windows\SWREG.exe
2010-01-02 11:29:16 ----AC---- C:\Windows\sed.exe
2010-01-02 11:29:16 ----AC---- C:\Windows\PEV.exe
2010-01-02 11:29:16 ----AC---- C:\Windows\NIRCMD.exe
2010-01-02 11:29:16 ----AC---- C:\Windows\MBR.exe
2010-01-02 11:29:16 ----AC---- C:\Windows\grep.exe
2010-01-02 11:28:56 ----DC---- C:\Windows\ERDNT
2010-01-02 10:58:25 ----DC---- C:\Qoobox
2009-12-31 15:20:33 ----DC---- C:\Users\danieli\AppData\Roaming\PeerNetworking
2009-12-31 11:15:28 ----RADC---- C:\autorun.inf
2009-12-30 22:18:24 ----DC---- C:\Users\danieli\AppData\Roaming\InterVideo
2009-12-30 16:39:20 ----AC---- C:\Windows\ntbtlog.txt
2009-12-29 11:47:54 ----DC---- C:\Windows\Minidump
2009-12-28 22:39:17 ----DC---- C:\Users\danieli\AppData\Roaming\Malwarebytes
2009-12-28 22:39:01 ----DC---- C:\ProgramData\Malwarebytes
2009-12-28 22:39:00 ----DC---- C:\Program Files\Malwarebytes’ Anti-Malware
2009-12-28 22:21:26 ----DC---- C:\Program Files\trend micro
2009-12-28 22:21:24 ----DC---- C:\rsit
2009-12-25 10:04:00 ----DC---- C:\Program Files\photoview3.0
2009-12-23 18:49:53 ----DC---- C:\Program Files\CCleaner
2009-12-19 13:05:36 ----DC---- C:\Users\danieli\AppData\Roaming\DeepBurner Pro
2009-12-19 13:04:27 ----DC---- C:\Program Files\Astonsoft
2009-12-19 01:36:10 ----DC---- C:\Users\danieli\AppData\Roaming\Mozilla
2009-12-18 17:21:09 ----DC---- C:\emme
2009-12-16 18:37:06 ----DC---- C:\Program Files\LG Electronics
2009-12-16 18:35:41 ----RAC---- C:\Windows\system32\srctrl.dll
2009-12-16 18:34:56 ----DC---- C:\Program Files\LGGSM
2009-12-11 21:06:35 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-11 21:06:21 ----A---- C:\Windows\system32\httpapi.dll
2009-12-10 09:25:38 ----A---- C:\Windows\system32\mshtml.dll
2009-12-10 09:25:35 ----A---- C:\Windows\system32\ieframe.dll
2009-12-10 09:25:33 ----A---- C:\Windows\system32\wininet.dll
2009-12-10 09:25:33 ----A---- C:\Windows\system32\urlmon.dll
2009-12-10 09:25:33 ----A---- C:\Windows\system32\iertutil.dll
2009-12-10 09:25:32 ----A---- C:\Windows\system32\occache.dll
2009-12-10 09:25:32 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-10 09:25:32 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-10 09:25:31 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-10 09:25:31 ----A---- C:\Windows\system32\ieui.dll
2009-12-10 09:25:31 ----A---- C:\Windows\system32\iepeers.dll
2009-12-10 09:25:30 ----A---- C:\Windows\system32\msfeedssync.exe
2009-12-10 09:25:30 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-10 09:25:30 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-10 09:25:30 ----A---- C:\Windows\system32\iesysprep.dll
2009-12-10 09:25:30 ----A---- C:\Windows\system32\ie4uinit.exe
2009-12-10 09:25:29 ----A---- C:\Windows\system32\iesetup.dll
2009-12-10 09:25:29 ----A---- C:\Windows\system32\iernonce.dll
2009-12-10 09:24:33 ----A---- C:\Windows\system32\winhttp.dll
2009-12-10 09:20:24 ----A---- C:\Windows\system32\rastls.dll
2009-12-05 10:01:04 ----AC---- C:\Windows\system32\atsckernel.exe
2009-12-05 10:00:54 ----AC---- C:\Windows\system32\atashost.exe
2009-12-04 21:03:42 ----DC---- C:\ProgramData\WindowsSearch

======List of files/folders modified in the last 1 months======

2010-01-03 22:53:12 ----DC---- C:\ProgramData
2010-01-03 22:48:26 ----DC---- C:\Windows
2010-01-03 22:39:46 ----AC---- C:\Windows\system.ini
2010-01-03 22:27:24 ----DC---- C:\Windows\system32\drivers
2010-01-03 22:27:24 ----DC---- C:\Windows\System32
2010-01-03 22:27:24 ----DC---- C:\Windows\AppPatch
2010-01-03 22:27:22 ----DC---- C:\Program Files\Common Files
2010-01-03 20:13:52 ----DC---- C:\Windows\Tasks
2010-01-03 18:32:19 ----RDC---- C:\Program Files
2010-01-03 17:37:30 ----DC---- C:\Windows\inf
2010-01-03 17:37:30 ----AC---- C:\Windows\system32\PerfStringBackup.INI
2010-01-03 17:30:24 ----DC---- C:\Program Files\Lx_cats
2010-01-02 21:59:16 ----SHDC---- C:\Windows\Installer
2010-01-02 21:59:14 ----DC---- C:\ProgramData\Symantec
2010-01-02 21:59:13 ----DC---- C:\Program Files\Common Files\Symantec Shared
2010-01-02 21:07:54 ----DC---- C:\Windows\system32\Tasks
2010-01-02 20:58:51 ----DC---- C:\Windows\system32\catroot
2010-01-02 20:58:50 ----DC---- C:\Windows\system32\DRVSTORE
2010-01-02 20:48:32 ----D---- C:\Windows\winsxs
2010-01-02 19:13:53 ----SHD---- C:\System Volume Information
2010-01-02 13:13:47 ----DC---- C:\ProgramData\MSN Pictures Displayer
2010-01-02 11:25:50 ----RSDC---- C:\Windows\assembly
2010-01-02 10:50:33 ----DC---- C:\Windows\Prefetch
2009-12-31 16:18:37 ----DC---- C:\PerfLogs
2009-12-31 15:31:27 ----DC---- C:\Windows\system32\catroot2
2009-12-31 11:22:31 ----HDC---- C:\Windows\system32\GroupPolicy
2009-12-30 10:43:21 ----DC---- C:\Program Files\Toshiba TEMPRO
2009-12-29 09:51:56 ----DC---- C:\Windows\Microsoft.NET
2009-12-28 22:24:55 ----DC---- C:\Program Files\Common Files\Wise Installation Wizard
2009-12-28 20:42:37 ----DC---- C:\Windows\system32\wbem
2009-12-28 20:41:37 ----RSDC---- C:\Windows\Media
2009-12-28 20:41:37 ----DC---- C:\Windows\system32\spool
2009-12-28 20:41:37 ----DC---- C:\Windows\system32\restore
2009-12-28 20:41:37 ----DC---- C:\Windows\system32\CodeIntegrity
2009-12-28 20:41:36 ----RDC---- C:\Users
2009-12-28 20:41:33 ----DC---- C:\Users\danieli\AppData\Roaming\MSN Pictures Displayer
2009-12-28 20:41:29 ----DC---- C:\ProgramData\Microsoft Help
2009-12-28 20:41:29 ----DC---- C:\Program Files\Microsoft Works
2009-12-28 20:41:26 ----DC---- C:\Windows\registration
2009-12-24 11:49:30 ----SDC---- C:\Users\danieli\AppData\Roaming\Microsoft
2009-12-23 18:51:05 ----DC---- C:\Windows\Debug
2009-12-21 10:04:05 ----DC---- C:\Users\danieli\AppData\Roaming\Radio France
2009-12-16 18:37:04 ----HDC---- C:\Program Files\InstallShield Installation Information
2009-12-10 10:53:03 ----D---- C:\Windows\rescache
2009-12-10 10:10:23 ----DC---- C:\Windows\system32\migration
2009-12-10 10:10:09 ----DC---- C:\Program Files\Internet Explorer
2009-12-10 10:10:03 ----DC---- C:\Windows\system32\fr-FR
2009-12-10 10:09:59 ----DC---- C:\Program Files\Windows Mail
2009-12-09 20:32:38 ----DC---- C:\Windows\system32\Msdtc
2009-12-09 20:31:52 ----DC---- C:\Windows\system32\config

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 73892391;73892391; C:\Windows\system32\DRIVERS\73892391.sys [2009-09-25 128016]
R1 81510131;81510131; C:\Windows\system32\DRIVERS\81510131.sys [2009-09-25 128016]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-08-31 1161152]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-07-29 919552]
R3 catchme;catchme; ??\C:\Users\danieli\AppData\Local\Temp\catchme.sys []
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 E100B;Pilote de carte Intel ® PRO; C:\Windows\system32\DRIVERS\e100b325.sys [2008-01-19 159744]
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-19 7168]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-17 1651752]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-08-14 203312]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2006-07-06 168448]
S1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys []
S1 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys [2005-08-01 64896]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
S3 mbr;mbr; ??\C:\Users\danieli\AppData\Local\Temp\mbr.sys []
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d’horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Pilote de carte réseau Intel® PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 1786880]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-12-07 4456416]
S3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
S3 USB_RNDIS;ADI Remote NDIS Network Device Driver; C:\Windows\system32\DRIVERS\usb8023.sys [2009-04-11 15872]
S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 uti0odc2;AVZ Kernel Driver; ??\C:\Windows\system32\Drivers\uti0odc2.sys [2010-01-02 7168]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2006-02-14 216320]
S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2006-02-14 208256]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-09-12 9216]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-24 1169232]
R2 lxct_device;lxct_device; C:\Windows\system32\lxctcoms.exe [2006-11-22 537520]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2006-12-14 428152]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-10-31 77824]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [2009-12-01 116176]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

info.txt logfile of random’s system information tool 1.06 2009-12-28 22:26:50

======Uninstall list======

–>“C:\Program Files\InstallShield Installation Information{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe” --u:{A644254B-92F6-4970-8635-AB0775371E72}
–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe” -l0x40c
–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe” -l0x40c
Adobe Flash Player 10 ActiveX–>C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin–>C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2 - Français–>MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A92000000001}
adsl TV–>C:\Program Files\adslTV\Uninstal.exe
AppCore–>MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Application Support–>MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support–>MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update–>MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assistant de connexion Windows Live ID–>MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
AV–>MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Bluetooth Stack for Windows by Toshiba–>MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour–>MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
ccCommon–>MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CCleaner–>“C:\Program Files\CCleaner\uninst.exe”
Codeur Windows Media Série 9–>msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Codeur Windows Media Série 9–>MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Conseiller de mise à niveau vers Windows 7–>MsiExec.exe /I{4983AA07-81D0-4605-BF92-49A343056DC8}
Dealio Toolbar v4.0.1–>MsiExec.exe /X{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}
DeepBurner Pro v1.9.0.228–>“C:\Program Files\Astonsoft\DeepBurner Pro\Uninstall.exe” “C:\Program Files\Astonsoft\DeepBurner Pro\install.log” -u
DVD MovieFactory for TOSHIBA–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe” -l0x40c
Galerie de photos Windows Live–>MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
Google Talk Plugin–>MsiExec.exe /I{5299C5E1-70F9-3D1D-A1FA-BDECA4EC8015}
HijackThis 2.0.2–>“C:\Program Files\trend micro\HijackThis.exe” /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)–>C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)–>C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Installation Windows Live–>C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live–>MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Intel® Graphics Media Accelerator Driver–>C:\Windows\system32\igxpun.exe -uninstall
Java™ 6 Update 17–>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
Java™ 6 Update 7–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Junk Mail filter update–>MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Lexmark 5400 Series–>C:\Program Files\Lexmark 5400 Series\Install\x86\Uninst.exe
Lexmark Barre d’outils–>regsvr32.exe /s /u “C:\Program Files\Lexmark Toolbar\toolband.dll”
LG GSM PC Components–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{09A2D5BB-8184-4F56-9667-6692CC513792}\setup.exe” -l0x40c
LG USB Modem Driver–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe” -l0x40c -removeonly
LiveUpdate 3.2 (Symantec Corporation)–>“C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE” /U
LiveUpdate Notice (Symantec Corporation)–>MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logiciel d’archivage WinRAR–>C:\Program Files\WinRAR\uninstall.exe
Manuels TOSHIBA–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{29D59BE2-C15F-4835-B113-121D73924979}\setup.exe” -l0x40c -removeonly
Microsoft .NET Framework 3.5 Language Pack SP1 - fra–>MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1–>c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1–>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard–>MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (French) 2007–>MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe” /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007–>MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.4–>MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office OneNote MUI (French) 2007–>MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007–>MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007–>MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007–>MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007–>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007–>MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007–>MsiExec.exe /X{

Bonjour cricri58 :slight_smile:

RE comment ça va ? Comme convenu voici le rapport Eset Online scanner (Eset-Nod32) bonne réception, merci d’avance, bonne journée :slight_smile:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

version=7

iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

OnlineScanner.ocx=1.0.0.6211

api_version=3.0.2

EOSSerial=9fe14999b91bca4eaeb292b04d01eb0d

end=finished

remove_checked=true

archives_checked=true

unwanted_checked=true

unsafe_checked=false

antistealth_checked=true

utc_time=2010-01-04 12:32:30

local_time=2010-01-04 01:32:30 (+0100, Paris, Madrid)

country=“France”

lang=1036

osver=6.0.6002 NT Service Pack 2

compatibility_mode=512 16777215 100 0 4912 4912 0 0

compatibility_mode=769 16775165 100 98 5222 198838402 24090 0

compatibility_mode=5892 16776573 100 100 215822 100089976 0 0

compatibility_mode=8192 67108863 100 0 4021 4021 0 0

scanned=118513

found=0

cleaned=0

scan_time=7901

Salut

Ok!!Comment va ton PC ,???

fais ceci

1)Lances Hijackthis

http://i47.tinypic.com/b4t6kl.gif

SOUS Windows7/VISTA: Clic droit sur Hijackthis/exécuter en tant qu’administrateur!

Cliques sur ==> Do a System Scan Only

coches ces Lignes

Fermes tes autres applications sauf ==> hijackthis ( bien sûr )

et Cliques sur ==> Fix Checked

ensuite

  1. Désactives ton antivirus

Télécharge OTM de OldTimer sur le bureau :

==>OTM de OldTimer

Double-clique sur OTM.exe sur le bureau

—> sous VISTA:Ne pas oublier l’élévation des privilèges sous Vista.
(Clic droit sur l’icône d OTM, puis sur Exécuter en tant qu’administrateur dans le menu déroulant.)

  • Copie le texte qui se trouve en citation et colle le dans le cadre de gauche de OTMoveIt nommé Paste Instructions for Items to be Moved

http://i50.tinypic.com/e7fa69.png

  • Clique sur MoveIt! pour lancer la suppression.
  • Ferme OTM

Ton PC va redémarrer pour finir la suppression, si il ne le fais pas lui-même, redémarre le.

Poste le rapport de OTM qui se trouve dans C:_OTM\MovedFiles.

Réactives ton antivirus

et ensuite

  1. tu as pas mal d applications au démarrage

telecharges Starter

==> Starter
et désactives les applications inutiles au démarrage autres que tes protections,appllications windows et pilotes le reste tu desactives

et en dernier

  1. télécharge GenProc

IMPORTANT ==>Utilisateur Vista ==>Désactives L’UAC

==>Genproc

Windows7/Vista, faire un clic droit et “Exécuter en tant qu’administrateur” (Elévation des privilèges)

double clic sur GenProc.exe et poste le contenu du rapport qui s’ouvre .

réponds " oui" à la fenêtre qui apparait

http://i34.tinypic.com/262sh7b.png

poste le contenu du rapport qui s’ouvre

@+ cricri58

:hello:

RE pour répondre à votre question, tout a l’air d’être rentré dans l’ordre si j’ose dire, je n’ai pas manqué bien évidemment de suivre vos consignes, voici donc le rapport correspondant, :slight_smile: merci du temps consacré !!!:clap: @+

Rapport GenProc 2.660 [1] - 04/01/2010 à 15:10:17
@ Windows VISTA Service Pack 2 - TOSHIBA - Mode normal
@ Internet Explorer 8.0.6001.18865 [Navigateur par défaut]

GenProc n’a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :

Poste un rapport Nod32 www.eset-nod32.fr… (il faut utiliser Internet Explorer)

  • coche toutes les cases à chaque fois, et lorsque c’est terminé, colle le rapport :
    C:\Program Files\EsetOnlineScanner\log.txt

~~~~ INFORMATION COMPLEMENTAIRE ~~~~

Rapport de ZHPDiag v1.24.40 par Nicolas Coolman
Run by danieli at 04/01/2010 15:16:28
Web site : www.premiumorange.com…
Platform : Windows Vista ™ Home Premium (6.0.6002) Service Pack 2
MSIE: Internet Explorer v8.0.6001.18865

Boot mode: Normal (Normal boot)
Total RAM: 1013 MB (16% free)
System drive C: has 87 GB (78%) free of 110 GB

—\
[MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - C:\Program Files\Windows Defender\MSASCui.exe
[MD5.878CA2665DBBE3D45874347B88E27244] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
[MD5.1ED780F9C470D4F22D9EF29A3082B0F4] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe
[MD5.7DC4E93F9BE692E29B1E1D27B6A389DC] - C:\Program Files\ltmoh\Ltmoh.exe
[MD5.CAD76DEE2311C5FFF840A2EB7B058143] - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe
[MD5.D8A33AF26E4143F7A892009890BB6F64] - C:\Windows\system32\igfxpers.exe
[MD5.F84F9D52AA06CBE76CDDEA6CC863FB76] - C:\Program Files\Toshiba TEMPRO\TemproTray.exe
[MD5.0A7E9FDF3BF1980CA09FEEAC7F52EFBC] - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
[MD5.15058804D8A48C67C007DD1D797CC72A] - C:\Program Files\TOSHIBA\TBS\HSON.exe
[MD5.5F529FBB095CBC9F14BB1E97A7A6B547] - C:\Windows\system32\hkcmd.exe
[MD5.7F7B42B1BA42242116F5B277A063FE2E] - C:\Windows\system32\igfxtray.exe
[MD5.9E35FF7F943AE0FB89192BFE058B7FD4] - C:\Program Files\Windows Sidebar\sidebar.exe
[MD5.002835A0AFFF66D5A7B7FB266A6AA368] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] - C:\Users\danieli\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.BF08674925F151BD4537B89A493E3E0C] - C:\Windows\ehome\ehTray.exe
[MD5.3794B461C45882E06856F282EEF025AF] - C:\Windows\system32\svchost.exe
[MD5.1CB677BF1DABD3BAF4F944E2C90D6C73] - C:\Windows\system32\agrsmsvc.exe
[MD5.4B5AE15E5C73EB4DC8DBEC2788230D41] - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[MD5.5DEBC3519D489411073FA7E56FFB4A93] - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[MD5.0AAF6B848185899CF76AE04E62EAB3D2] - C:\Program Files\Alwil Software\Avast4\ashServ.exe
[MD5.C82162949BBA6CC5D006C7BD008F3CF1] - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
[MD5.3CA4E31216365CE2B5D2EDCA5C886C48] - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
[MD5.C52C9D43108E8DB947DCF053356843A7] - C:\Windows\system32\lxctcoms.exe
[MD5.3978F3540329E16C0AC3BCF677E5669F] - C:\Windows\system32\lsass.exe
[MD5.271077B91D7AD1B616F8AFDFE8E3F981] - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - C:\Windows\system32\SLsvc.exe
[MD5.524BFBEA40E6E404737CCBC754647A2E] - C:\Windows\System32\spoolsv.exe
[MD5.E40C2FEC19D0202EB64EBC626B154068] - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
[MD5.D540858E65BFA6FDED41AD2495ECE344] - C:\Windows\system32\TODDSrv.exe
[MD5.FE267A802103687E45DE449BE05CE87C] - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
[MD5.76148C3159718B701252F87B067904A6] - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
[MD5.332D341D92B933600D41953B08360DFB] - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
[MD5.D9250B31B353EE3322C1CAD411997E38] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
[MD5.AED0DFF80C6B3914769407E78D7AB21A] - C:\Windows\system32\SearchIndexer.exe

—\
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,

—\
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.eset-nod32.fr…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = fr.msn.com…

—\
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = ie.search.msn.com…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

—\
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\system32\ieframe.dll

—\
O2 - BHO: Lexmark Barre d’outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

—\
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Lexmark Barre d’outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

—\
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM…\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM…\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM…\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM…\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM…\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM…\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM…\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM…\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM…\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKCU…\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU…\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU…\Run: [Google Update] C:\Users\danieli\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU…\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKLM…\policies\Explorer: [BindDirectlyToPropertySetStorage] Data=0
O4 - HKLM…\policies\Explorer: [NoDriveAutoRun] Data=128
O4 - HKLM…\policies\Explorer: [NoDriveTypeAutoRun] Data=128
O4 - HKLM…\policies\Explorer: [HonorAutoRunSetting] Data=0
O4 - HKLM…\policies\Explorer: [NoDrives] Data=0
O4 - HKCU…\policies\Explorer: [NoDriveTypeAutoRun] Data=128
O4 - HKCU…\policies\Explorer: [NoDriveAutoRun] Data=128
O4 - HKCU…\policies\Explorer: [HonorAutoRunSetting] Data=0
O4 - HKCU…\policies\Explorer: [NoDrives] Data=0
O4 - HKUS\S-1-5-18…\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe
O4 - HKUS\S-1-5-18…\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe

—\
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE…

—\
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll,201
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll,103
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFBARH.ICO
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - C:\Toshiba\ebay\ebay.ico
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE,302

—\
O10 - WLSP:\000000000001\Winsock LSP File - C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File - C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File - C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File - C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File - C:\Program Files\Bonjour\mdnsNSP.dll
O10 - WLSP:\000000000006\Winsock LSP File - C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000007\Winsock LSP File - C:\Windows\system32\winrnr.dll

—\
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} () - download.eset.com…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…

—\
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\system32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll
O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll
O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll
O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

—\
O20 - Winlogon Notify: igfxcui - C:\Windows\System32\igfxdev.dll

—\
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll

—\
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll

—\
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device (Apple Mobile Device) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! Antivirus) - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: ConfigFree Service (CFSvcs) - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
O23 - Service: Lavasoft Ad-Aware Service (Lavasoft Ad-Aware Service) - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxct_device (lxct_device) - C:\Windows\system32\lxctcoms.exe -service
O23 - Service: SeaPort (SeaPort) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - C:\Windows\system32\SLsvc.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - C:\Windows\System32\spoolsv.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service (TOSHIBA Bluetooth Service) - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows Live ID Sign-in Assistant (wlidsvc) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - C:\Windows\system32\SearchIndexer.exe /Embedding

—\
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1899379307-253535167-2046178148-1000Core.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1899379307-253535167-2046178148-1000UA.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job

—\
O41 - Driver: 73892391 (73892391) - C:\WINDOWS\system32\DRIVERS\73892391.sys
O41 - Driver: 81510131 (81510131) - C:\WINDOWS\system32\DRIVERS\81510131.sys
O41 - Driver: Ancilliary Function Driver for Winsock (AFD) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: Pilote de CD-ROM (cdrom) - C:\WINDOWS\system32\DRIVERS\cdrom.sys
O41 - Driver: @%systemroot%\system32\drivers\dfsc.sys,-101 (DfsC) - C:\WINDOWS\System32\Drivers\dfsc.sys
O41 - Driver: Pilote pour clavier i8042 et souris sur port PS/2 (i8042prt) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver: Pilote de la classe Clavier (kbdclass) - C:\WINDOWS\system32\DRIVERS\kbdclass.sys
O41 - Driver: Pilote de la classe Souris (mouclass) - C:\WINDOWS\system32\DRIVERS\mouclass.sys
O41 - Driver: NetBIOS Interface (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: NETBT (netbt) - C:\WINDOWS\System32\DRIVERS\netbt.sys
O41 - Driver: NSI proxy service (nsiproxy) - C:\WINDOWS\system32\drivers\nsiproxy.sys
O41 - Driver: @%SystemRoot%\System32\drivers\pacer.sys,-101 (PSched) - C:\WINDOWS\system32\DRIVERS\pacer.sys
O41 - Driver: Remote Access Auto Connection Driver (RasAcd) - C:\WINDOWS\System32\DRIVERS\rasacd.sys
O41 - Driver: Redirected Buffering Sub Sysytem (rdbss) - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O41 - Driver: RDPCDD (RDPCDD) - C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
O41 - Driver: RDP Encoder Mirror Driver (RDPENCDD) - C:\WINDOWS\system32\drivers\rdpencdd.sys
O41 - Driver: @%SystemRoot%\system32\tcpipcfg.dll,-50005 (Smb) - C:\WINDOWS\system32\DRIVERS\smb.sys
O41 - Driver: @%SystemRoot%\system32\tcpipcfg.dll,-50004 (tdx) - C:\WINDOWS\system32\DRIVERS\tdx.sys
O41 - Driver: Pilote de périphérique terminal (TermDD) - C:\WINDOWS\system32\DRIVERS\termdd.sys
O41 - Driver: (no object) (VgaSave) - C:\Windows\System32\drivers\vga.sys
O41 - Driver: Remote Access IPv6 ARP Driver (Wanarpv6) - C:\WINDOWS\system32\DRIVERS\wanarp.sys

—\
O42 - Logiciel: Ad-Aware
O42 - Logiciel: Adobe Flash Player 10 ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin
O42 - Logiciel: Adobe Reader 9.2 - Français
O42 - Logiciel: Apple Application Support
O42 - Logiciel: Apple Mobile Device Support
O42 - Logiciel: Apple Software Update
O42 - Logiciel: Assistant de connexion Windows Live ID
O42 - Logiciel: Barbie® Top Model
O42 - Logiciel: Bluetooth Stack for Windows by Toshiba
O42 - Logiciel: Bonjour
O42 - Logiciel: CCleaner
O42 - Logiciel: CodeStuff Starter
O42 - Logiciel: Codeur Windows Media Série 9
O42 - Logiciel: Conseiller de mise à niveau vers Windows 7
O42 - Logiciel: DVD MovieFactory for TOSHIBA
O42 - Logiciel: Dealio Toolbar v4.0.1
O42 - Logiciel: DeepBurner Pro v1.9.0.228
O42 - Logiciel: Galerie de photos Windows Live
O42 - Logiciel: Google Talk Plugin
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
O42 - Logiciel: Installation Windows Live
O42 - Logiciel: Intel® Graphics Media Accelerator Driver
O42 - Logiciel: Java™ 6 Update 17
O42 - Logiciel: Java™ 6 Update 7
O42 - Logiciel: Java™ SE Runtime Environment 6
O42 - Logiciel: Junk Mail filter update
O42 - Logiciel: LG GSM PC Components
O42 - Logiciel: LG USB Modem Driver
O42 - Logiciel: Lexmark 5400 Series
O42 - Logiciel: Lexmark Barre d’outils
O42 - Logiciel: Logiciel d’archivage WinRAR
O42 - Logiciel: MSN Pictures Displayer 4.6
O42 - Logiciel: MSVCRT
O42 - Logiciel: MSXML 4.0 SP2 (KB954430)
O42 - Logiciel: MSXML 4.0 SP2 (KB973688)
O42 - Logiciel: Malwarebytes’ Anti-Malware
O42 - Logiciel: Manuels TOSHIBA
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft Choice Guard
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2)
O42 - Logiciel: Microsoft Office Excel MUI (French) 2007
O42 - Logiciel: Microsoft Office Home and Student 2007
O42 - Logiciel: Microsoft Office Live Add-in 1.4
O42 - Logiciel: Microsoft Office OneNote MUI (French) 2007
O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007
O42 - Logiciel: Microsoft Office Proof (Arabic) 2007
O42 - Logiciel: Microsoft Office Proof (Dutch) 2007
O42 - Logiciel: Microsoft Office Proof (English) 2007
O42 - Logiciel: Microsoft Office Proof (French) 2007
O42 - Logiciel: Microsoft Office Proof (German) 2007
O42 - Logiciel: Microsoft Office Proof (Spanish) 2007
O42 - Logiciel: Microsoft Office Proofing (French) 2007
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
O42 - Logiciel: Microsoft Office Shared MUI (French) 2007
O42 - Logiciel: Microsoft Office Word MUI (French) 2007
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU]
O42 - Logiciel: Microsoft Search Enhancement Pack
O42 - Logiciel: Microsoft Silverlight
O42 - Logiciel: Microsoft Sync Framework Runtime Native v1.0 (x86)
O42 - Logiciel: Microsoft Sync Framework Services Native v1.0 (x86)
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable
O42 - Logiciel: MobileMe Control Panel
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra
O42 - Logiciel: NVIDIA Drivers
O42 - Logiciel: Outil de téléchargement Windows Live
O42 - Logiciel: Programme d’installation d’Atheros Driver
O42 - Logiciel: Radio France 1.1.1
O42 - Logiciel: Realtek High Definition Audio Driver
O42 - Logiciel: Réducteur de bruit lect. CD/DVD
O42 - Logiciel: Search Settings 1.2.2
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB969559)
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB973704)
O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB973593)
O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB957789)
O42 - Logiciel: Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
O42 - Logiciel: Security Update for Microsoft Office system 2007 (972581)
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB969613)
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB974234)
O42 - Logiciel: Security Update for Windows Media Encoder (KB954156)
O42 - Logiciel: Sony Player Plug-in for Windows Media Player
O42 - Logiciel: Synaptics Pointing Device Driver
O42 - Logiciel: TOSHIBA Assist
O42 - Logiciel: TOSHIBA ConfigFree
O42 - Logiciel: TOSHIBA Disc Creator
O42 - Logiciel: TOSHIBA Hardware Setup
O42 - Logiciel: TOSHIBA SD Memory Utilities
O42 - Logiciel: TOSHIBA Software Modem
O42 - Logiciel: TOSHIBA Supervisor Password
O42 - Logiciel: TOSHIBA Value Added Package
O42 - Logiciel: Texas Instruments PCIxx21/x515/xx12 drivers.
O42 - Logiciel: Toshiba Online Product Information
O42 - Logiciel: Toshiba TEMPRO
O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642)
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
O42 - Logiciel: Update for Microsoft Office InfoPath 2007 (KB976416)
O42 - Logiciel: Update for Microsoft Office Word 2007 (KB974561)
O42 - Logiciel: Visual C++ 2008 x86 Runtime - (v9.0.30729)
O42 - Logiciel: Visual C++ 2008 x86 Runtime - v9.0.30729.01
O42 - Logiciel: WinDVD for TOSHIBA
O42 - Logiciel: Windows Live Call
O42 - Logiciel: Windows Live Communications Platform
O42 - Logiciel: Windows Live Contrôle parental
O42 - Logiciel: Windows Live FolderShare
O42 - Logiciel: Windows Live Mail
O42 - Logiciel: Windows Live Messenger
O42 - Logiciel: Windows Live Movie Maker
O42 - Logiciel: Windows Live Toolbar
O42 - Logiciel: Windows Live Writer
O42 - Logiciel: adsl TV
O42 - Logiciel: avast! Antivirus
O42 - Logiciel: photoview3.0 3.0

—\
O44 - LFC:Last File Created 04/01/2010 - 14:49:15 —A- C:\Windows\WindowsUpdate.log
O44 - LFC:Last File Created 04/01/2010 - 14:03:30 -S-A- C:\Windows\bootstat.dat
O44 - LFC:Last File Created 04/01/2010 - 14:03:20 —A- C:\aaw7boot.log
O44 - LFC:Last File Created 04/01/2010 - 07:35:58 —A- C:\Windows\PFRO.log
O44 - LFC:Last File Created 03/01/2010 - 22:48:20 —A- C:\ComboFix.txt
O44 - LFC:Last File Created 03/01/2010 - 22:39:46 —A- C:\Windows\system.ini
O44 - LFC:Last File Created 03/01/2010 - 18:38:12 —A- C:\Windows\dmi.ini
O44 - LFC:Last File Created 03/01/2010 - 17:37:30 —A- C:\Windows\System32\PerfStringBackup.INI
O44 - LFC:Last File Created 03/01/2010 - 17:37:30 —A- C:\Windows\System32\perfc009.dat
O44 - LFC:Last File Created 03/01/2010 - 17:37:30 —A- C:\Windows\System32\perfc00C.dat
O44 - LFC:Last File Created 03/01/2010 - 17:37:30 —A- C:\Windows\System32\perfh009.dat
O44 - LFC:Last File Created 03/01/2010 - 17:37:30 —A- C:\Windows\System32\perfh00C.dat
O44 - LFC:Last File Created 03/01/2010 - 14:53:34 —A- C:\Windows\ntbtlog.txt
O44 - LFC:Last File Created 02/01/2010 - 18:41:10 —A- C:\Windows\System32\drivers\uti0odc2.sys
O44 - LFC:Last File Created 02/01/2010 - 13:04:59 —A- C:\Windows\System32\config.nt
O44 - LFC:Last File Created 31/12/2009 - 10:10:34 —A- C:\Windows\setupact.log
O44 - LFC:Last File Created 31/12/2009 - 10:10:34 —A- C:\Windows\setuperr.log
O44 - LFC:Last File Created 01/01/2010 - 02:46:55 —A- C:\Windows\System32\drivers\atapi.sys
O44 - LFC:Last File Created 10/12/2009 - 14:11:50 —A- C:\Windows\System32\atasinst.log

—\
O51 - MPSK:{7748f391-cd1e-11de-bacb-806e6f6e6963}\Shell\AutoRun\command - E:\Setup.exe

—\
O63 - Logiciel: HijackThis 2.0.2
O63 - Logiciel: GenProc
O63 - Logiciel: OTM
O63 - Logiciel: RSIT

End of the scan: 348 lines


Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com

~~ Fin à 15:17:48 ~~

Re

Tant mieux si ça fonctionne,il reste deux ou trois choses à faire

1)pour t eviter de telecharger et installer Hijackthis

Si tu n as pas l icône sur ton bureau ==>cliques==>poste de travail ==>afficher le contenu de ce dossier ==>program files ==>afficher le contenu de ce dossier =>ouvre le
dossier " trend Micro ==>puis Hijackthis

http://i47.tinypic.com/b4t6kl.gif

fais un clic droit ==> envoyer vers le bureau puis tu refermes tout ==>dans la colonne de gauche en haut==> cliques sur=>masquer le
contenu de ce dossier ==>precedent =>masquer le contenu de ce dossier et tu refermes

sur ton bureau cliques sur l icone hijackthis (si besoin cliques sur I accept.)

SOUS Windows7/VISTA: Clic droit sur Hijackthis/exécuter en tant qu’administrateur!

==> Cliques sur Do a system scan and save a logfile.

A la fin du scan le bloc-notes va s’ouvrir contenant le rapport.

Fais un copié-collé de ce rapport

 Clic-droit sur le texte du rapport --> Sélectionner tout
 Clic-droit sur le texte du rapport --> Copier
Clic droit dans ta fenêtre de réponse sur le forum --> coller 

ou
Ctrl+A= selectionner
Ctrl+C=copier
Ctrl+V=coller

@+ cricri58
Edité le 04/01/2010 à 15:57

:hello: RE Voici comme convenu le rapport et vous remercie encore de votre précieuse aide, je n’y serai pas arrivée sans vous !! :slight_smile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:11:27, on 04/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\ProgramData\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\danieli\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\danieli\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\danieli\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\danieli\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\danieli\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.eset-nod32.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = fr.msn.com…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Lexmark Barre d’outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Lexmark Barre d’outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM…\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM…\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM…\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM…\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM…\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM…\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM…\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM…\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM…\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKCU…\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU…\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU…\Run: [Google Update] “C:\Users\danieli\AppData\Local\Google\Update\GoogleUpdate.exe” /c
O4 - HKCU…\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-18…\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User ‘Default user’)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE…
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - www.webtip.ch… (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - download.eset.com…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


End of file - 9331 bytes

Re

voila ton Log est ok !!!

fais ceci encore pour supprimer les utilitaires utilisés pour la désinfection

Télécharges ToolsCleaner! de A.Rothstein pour enlever les programmes utilisés pendant la procédure.

==>ToolsCleaner

==> Enregistres ToolsCleaner2.exe sur le Bureau.
Sous Vista,Clic-droit > Exécuter en tant qu’ Administrateur
==> Double-cliquer dessus, puis cliquer sur Recherche –> Le programme va chercher les utilitaires installés

http://i36.tinypic.com/e96ouq.jpg

------> Il se peut que la fenêtre devienne blanche pendant le scan, c’est normal !
==> Copier-coller le contenu du rapport qui apparait dans la fenêtre blanche.

Lorsque la recherche est terminée ToolsCleaner affiche une liste des différents outils trouvés,

cliques sur “Suppression” afin de les supprimer.

http://i36.tinypic.com/vr55ye.jpg

et ensuite cliques==>vidage Corbeille
Fermes le programme en cliquant sur "Quitter ".

Postes le rapport qui se trouve ici >>> C:\TCleaner.txt
Edité le 04/01/2010 à 17:25

RE moi HELP
:frowning: bonsoir avant de mettre à exécution toolscleaner j’aimerai vous montrer ceci, en étant sur adsltv, avast déclenche une alerte avec ceci :

virus : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\WERBEE5.tmp.hdmp
Win32:Alureon-ET [Rtk]

et en consultant le visualiseur de journaux avast! je trouve ceci :

02/01/2010 21:13:54 SYSTEM 1872 Sign of “Win32:Alureon-ET [Rtk]” has been found in “C:\Users\danieli\AppData\Local\Temp\WER45B8.tmp.hdmp” file.
02/01/2010 21:13:54 SYSTEM 1872 Sign of “Win32:Alureon-ET [Rtk]” has been found in “C:\Users\danieli\AppData\Local\Temp\WER4174.tmp.hdmp” file.
02/01/2010 21:14:27 SYSTEM 1872 Sign of “Win32:Alureon-ET [Rtk]” has been found in “C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report10eff5b3\WERBC9C.tmp.hdmp” file.
02/01/2010 21:47:32 SYSTEM 1872 Sign of “Win32:Alureon-ET [Rtk]” has been found in “C:\Users\danieli\AppData\Local\Temp\WERB48.tmp.hdmp” file.
02/01/2010 21:48:53 SYSTEM 1872 Sign of “Win32:Alureon-ET [Rtk]” has been found in “C:\Users\danieli\AppData\Local\Temp\WER53DC.tmp.hdmp” file.
02/01/2010 22:22:50 SYSTEM 1872 Sign of “Win32:Alureon-ET [Rtk]” has been found in “C:\Users\danieli\AppData\Local\Temp\WER70EE.tmp.hdmp” file.
02/01/2010 22:41:24 SYSTEM 1872 Sign of “Win32:Alureon-ET [Rtk]” has been found in “C:\ProgramData\WindowsSearch\MiniDumps\Microsoft Windows Search Protocol Host_0.hdmp” file.
03/01/2010 11:42:02 SYSTEM 1772 Sign of “Win32:Alureon-ET [Rtk]” has been found in “C:\Users\danieli\AppData\Local\Temp\WERC41B.tmp.hdmp” file.
03/01/2010 11:45:34 SYSTEM 1772 Sign of “Win32:Alureon-ET [Rtk]” has been found in “C:\Users\danieli\AppData\Local\Temp\WER66CF.tmp.hdmp” file.
03/01/2010 12:32:25 danieli 1736 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
03/01/2010 13:04:06 danieli 1736 Sign of “Win32:Alureon-ET [Rtk]” has been found in “C:\Users\danieli\AppData\Local\Microsoft\Windows\WER\ReportQueue\Report0f9034e4\WERD50C.tmp.hdmp” file.
03/01/2010 13:15:00 danieli 1736 Sign of “Win32:Alureon-ET [Rtk]” has been found in “C:\Users\danieli\AppData\Local\Temp\WER4174.tmp.hdmp” file.
03/01/2010 13:15:04 danieli 1736 Sign of “Win32:Alureon-ET [Rtk]” has been found in “C:\Users\danieli\AppData\Local\Temp\WER45B8.tmp.hdmp” file.
03/01/2010 13:15:04 danieli 1736 Sign of “Win32:Alureon-ET [Rtk]” has been found in “C:\Users\danieli\AppData\Local\Temp\WERC41B.tmp.hdmp” file.
03/01/2010 13:40:28 danieli 1736 Sign of “Win32:Alureon-EU” has been found in “C:\Windows\MEMORY.DMP” file.
03/01/2010 14:53:37 danieli 1736 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
03/01/2010 17:21:35 SYSTEM 1784 Sign of “Win32:Alureon-ET [Rtk]” has been found in “C:\Users\danieli\AppData\Local\Temp\WER44FD.tmp.hdmp” file.
03/01/2010 17:21:40 SYSTEM 1784 Sign of “Win32:Alureon-ET [Rtk]” has been found in “C:\Users\danieli\AppData\Local\Temp\WER7E45.tmp.hdmp” file.
03/01/2010 17:33:28 SYSTEM 1784 Sign of “Win32:Alureon-ET [Rtk]” has been found in “C:\Users\danieli\AppData\Local\Temp\WER63C3.tmp.hdmp” file.
04/01/2010 08:57:34 SYSTEM 1740 Sign of “Win32:Alureon-ET [Rtk]” has been found in “C:\Users\danieli\AppData\Local\temp\WERD8E4.tmp.hdmp” file.
04/01/2010 21:13:14 SYSTEM 1680 Sign of “Win32:Alureon-ET [Rtk]” has been found in “C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\WERBEE5.tmp.hdmp” file.
04/01/2010 22:35:46 SYSTEM 1680 Sign of “Win32:Alureon-ET [Rtk]” has been found in “C:\Users\danieli\AppData\Local\temp\WER4093.tmp.hdmp” file.

je dois m’en préoccuper je pense !?

Merci d’avance de votre aide ! :etonne2:
@+
Edité le 04/01/2010 à 22:59

Re

j ai oublie une chose

respecte ceci et lis bien,on verra aprés

  1. Supprime la quarantaine d Avast

aprés

2)==>Termine ToolsCleaner comme d écris et supprime==> Recherche ==> Suppression==> Vidage corbeillle

aprés et surtout fait

3)Désactive la restauration du système Vista comme sur ces images

[spoiler]
A)http://i35.tinypic.com/6zvi2o.png

[/spoiler]

[spoiler]
B)http://i35.tinypic.com/21l75uv.png
[/spoiler]

[spoiler]
C)http://i38.tinypic.com/20pf2ja.png
[/spoiler]

ensuite

  1. Créer un point de restauration Vistacomme çi-dessous

[spoiler]
1)http://i35.tinypic.com/195obt.png
[/spoiler]

[spoiler]
2)http://i38.tinypic.com/2wqy8hz.png
[/spoiler]

aprés

  1. Telecharge et installes Ccleaner ==>ne l installes pas si tu l as déja

==>Ccleaner

Une fois sur le bureau, clic sur l’install de CCleaner.
-> Mais avant de cliquer sur le bouton “installer”, décoche toutes les “options supplémentaires”.(install de la barre yahoo,etc…)

–>Ensuite, clique sur “Options”, “Avancé” et décoche la case
–>“Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures”.
–>Clique sur l’onglet “Nettoyeur” puis sur “Lancer le Nettoyage”.
–> Ensuite clique sur l’icone Registre, à droite, clique sur “Chercher des erreurs” puis sur “Réparer les erreurs sélectionnées”.

Accepte la sauvegarde, de la BDR (base de registre )qu’il propose .
Je te conseille de le repasser au moins deux fois,(ou + jusqu’à qu’il ne trouve plus d’erreurs.)

Redémarres ton Pc-

aprés refais une analyse avec Avast et poste le rapport

on verra pour changer d Antivirus,car Avast tu peux oublier??
Edité le 05/01/2010 à 10:07

RE moi :hello: bonjour bonjour comme convenu j’ai appliqué vos consignes et vous remet le rapport toolscleaner suivi du rapport avast. bonne réception merci d’avance atoute :slight_smile:

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

–> Recherche:

C:\Combofix.txt: trouvé !
C:\GenProc: trouvé !
C:\Qoobox: trouvé !
C:_OTM: trouvé !
C:\Rsit: trouvé !
C:\GenProc\Genproc.exe: trouvé !
C:\GenProc\Outil\hijackthis.log: trouvé !
C:\GenProc\Outil\mbr.exe: trouvé !
C:\GenProc\Outil\ZHPDiag: trouvé !
C:\GenProc\Outil\ZHPDiag\ZHPdiag.exe: trouvé !
C:\GenProc\Page\GenProc[*].html: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Program Files\trend micro\hijackthis.log: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !
C:\Users\danieli\AppData\Local\VirtualStore\Program Files\trend micro\hijackthis.log: trouvé !
C:\Users\danieli\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: trouvé !
C:\Users\danieli\Desktop\OTM.exe: trouvé !
C:\Users\danieli\Documents\Downloads\Ad-R.exe: trouvé !
C:\Windows\mbr.exe: trouvé !

:hello:

05/01/2010 10:26:45 SYSTEM 1704 Sign of “Win32:Alureon-ET [Rtk]” has been found in “C:\Users\danieli\AppData\Local\temp\WERC5FE.tmp.hdmp” file.
05/01/2010 13:28:53 danieli 4748 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
05/01/2010 14:31:00 danieli 5924 Sign of “Win32:Alureon-ET [Rtk]” has been found in “C:\Users\danieli\AppData\Local\Microsoft\Windows\WER\ReportQueue\Report097fd00a\WER8EA9.tmp.hdmp” file.
05/01/2010 14:31:13 danieli 5924 Sign of “Win32:Alureon-ET [Rtk]” has been found in “C:\Users\danieli\AppData\Local\Microsoft\Windows\WER\ReportQueue\Report122a8076\WER5D01.tmp.hdmp” file.
05/01/2010 14:31:17 danieli 5924 Sign of “Win32:DNSChanger-VJ [Trj]” has been found in “C:\Users\danieli\AppData\Local\Microsoft\Windows\WER\ReportQueue\Report1562d8f0\chrome.exe.hu.kdmp” file.
Edité le 05/01/2010 à 20:37

Salut

Pour résoudre ce problème ==> ReportQueue\Report1562d8f0\chrome.exe.hu.kdmp" file

Fais Démarrer ==> Maintenance ==> Rapports et solutions aux problèmes puis clique sur: solution claire et problème de l’histoire

et nettoie tout le contenu du dossier ==> ReportQueue.

passe Ccleaner et Redémarres ton PC

et refais l analyse avec Avast

:hello: Merci bcp bonne journée !! :slight_smile:

Attends l ami

Fais encore ceci

ToolsCleaner

==> Double-cliquer dessus, puis cliquer sur Recherche --> Le programme va chercher les utilitaires installés

------> Il se peut que la fenêtre devienne blanche pendant le scan, c’est normal !
==> Copier-coller le contenu du rapport qui apparait dans la fenêtre blanche.

Lorsque la recherche est terminée ToolsCleaner affiche une liste des différents outils trouvés,

cliques sur ==> Suppression afin de les supprimer.

et ensuite cliques==>vidage Corbeille
Fermes le programme en cliquant sur "Quitter ".

Postes le rapport qui se trouve ici >>> C:\TCleaner.txt

RE :hello:

Ma box me laisse tomber toutes les heures mdr, bref oups toolscleaner ne trouve rien à afficher, pas de rapport à vous remettre :frowning:

j’espère que c’est bon signe !? :slight_smile: @+

Re

C est que tu avais supprimé avant que tu me montres le rapport d Avast c’est tout

Voili ,Voila,pour moi cest fini, le Jour ou tu veux changer d Antivirus fais un signe.

Autrement bon Surf !! Au plaisir

cricri58:hello:

Bonjour, merci pour tout et vivement intéressée par un antivirus !! au plaisir !
Edité le 08/01/2010 à 10:14

salut

je te conseille de changer d Antivirus plus performant qu Avast

Bien entendu 1 par PC ,donc suis les instructions

Pour ce faire, lis bien et fais dans l ordre

  1. Telecharges Avira Antivir sur ton Bureau ==> sans l installer pour le moment

=>Avira AntiVir Personal Free 9.0.0.67 Version 9

==> Avira AntiVir Personal - FREE Antivirus, Version 9

Télécharger le kit d’installation français] Télécharger le kit d’installation français
Avira AntiVir Personal - FREE Antivirus, Version 9

Tu cliques ==> Md5: dc29289305e5689e5d1c93e4065470ae 29.56 MB

  1. telecharge l Utilitaire de désinstallation d’Avast! : aswClear.exe

==> Utilitaire de désinstallation d’avast

fais ceci

A)dans les “Réglages du programme”, section “Dépannage” ? cochez y l´option “Désactiver le module self-defense d’avast!”.

B) Exécute l’utilitaire aswClear.exe téléchargé

aprés

  1. Lances Ccleaner ,tu las

–>Ensuite, clique sur “Options”, “Avancé” et décoche la case
–>“Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures”.
–>Clique sur l’onglet “Nettoyeur” puis sur “Lancer le Nettoyage”.
–> Ensuite clique sur l’icone Registre, à droite, clique sur “Chercher des erreurs” puis sur “Réparer les erreurs sélectionnées”.

Accepte la sauvegarde, de la BDR (base de registre )qu’il propose .
Je te conseille de le repasser au moins deux fois,(ou + jusqu’à qu’il ne trouve plus d’erreurs.)

Redémarres ton Pc- important

  1. Cliques dur Démarrer ==> ordinateur ==> Disque local =>vas dans program Files et supprimes le dossier d Avast ALWIL

  2. Maintenant ==> installes Avira + mise à jour

  3. Tutoriel Configuration Antivir Personal Free

==>Tutoriel Configuration

Voila ,respecte bien et tiens moi au courant

@++ cricri58

:hello: bonjour j’ai bien suivi vos instructions et vous remercie !!! tout s’est bien déroulé, :bounce: trooop coooool respect bon we !!!:clap::clap: @+