Aide sur rapport HijackthisFermé

Question

Bonjour,

J'aurais aimer savoir si je suis infecté, car tous mes scans plantent même en ligne, mon pc ne fonctionne qu' en mode sans echec, merci de m'aider.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:41, on 16/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\Explorer.EXE
C:\Windows\helppane.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information	opi.exe -startup
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [amkcy] "c:\users\vic\appdata\local\amkcy.exe" amkcy
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: BJ Status Monitor Canon MP130 Series Printer.lnk = Vic\cnmss Canon MP130 Series Printer (Local).exe
O4 - Startup: Pense-bête.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix: 
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Notebook Performance Tuning Service  (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - Unknown owner - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (file missing)
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

sherred · Answer

apparament virus magic-control
Télécharge Navilog1.exe http://il.mafioso.pagesperso-orange.fr/Navifix/Navilog1.exe?thread
Choisis Enregistrer sous.... et enregistre-le sur ton bureau. 
Ensuite double clique sur navilog1.exe pour lancer l'installation. 
Si, lors du téléchargement, ton Antivirus fais une alerte, ignore-là
c'est un faux positif, une fausse alerte..
Une fois l'installation terminée, le fix s'exécutera automatiquement. 
Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau
Au menu principal, choisis 1 et valide. 
ne fais pas le choix 2,3 ou 4 
Analyse Terminée
Appuie sur une touche , le bloc-note va s'ouvrir. 
analyse le fichier ou Copie/colle l'intégralité du rapport

Utilisateur anonyme · Answer

Salut

1) désinstal spyware doctor car inefficace

2) désinstal bitdefender ou antivir (2 antivirus = conflits,bugs et ralentissement)

ensuite :


Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 




-> Double clique sur combofix.exe. 
-> Tape sur la touche 1 (Yes) pour démarrer le scan. 
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt 

Avant d'utiliser ComboFix : 

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours. 

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil. 

Une fois fait, sur ton bureau double-clic sur Combofix.exe. 

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc. 

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes. 

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire. 

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt) 

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. 

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

Utilisateur anonyme · Answer

Telecharge malwarebytes 

-> http://www.malwarebytes.org/mbam/program/mbam-setup.exe 

Tu l´instale; le programme va se mettre automatiquement a jour. 

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression". 

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet". 

Puis click sur "rechercher". 

Laisse le scanner le pc... 

Si des elements on ete trouvés > click sur supprimer la selection. 

si il t´es demandé de redemarrer > click sur "yes". 

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum. 
Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log

Utilisateur anonyme · Answer

Copie le texte ci-dessous : 

File:: 
C:\Users\Vic\.bztarotcumul.dat 
C:\Users\Vic\antivir_workstation_win7u_en_h.exe 

Folder:: 
C:\Program Files\Navilog1

Registry:: 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 
"GrpConv"=-




Ouvre le Bloc-Notes puis colle le texte copié. 
(Démarrer\Tous les programmes\Accessoires\Bloc notes.) 
Sauvegarde ce fichier sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous : 

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif 

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. 

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal! 

Ne touche à rien tant que le scan n'est pas terminé. 

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis. 

S'il n'y a pas de rédémarrage, poste quand même les rapports.

GusHan72 · Answer

Chiqui, encore merci de m'aider!!!

J'ai fait ce que tu m'as dis, mais pour combofix, il n'y a pas eu de redémarrage, c' mauvais???

ComboFix 08-08-15.04 - Vic 2008-08-16 16:21:27.2 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6001.1.1252.1.1036.18.1536 [GMT 2:00]
Endroit: E:\Downloads\ComboFix.exe
Command switches used :: C:\Users\Vic\AppData\Desktop\CFScript.txt

FILE ::
C:\Users\Vic\.bztarotcumul.dat
C:\Users\Vic\antivir_workstation_win7u_en_h.exe
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Navilog1
C:\Program Files\Navilog1\Backupnavi\AMKCY.EXE-46736782.pf
C:\Program Files\Navilog1\catchme.exe
C:\Program Files\Navilog1\Contents\Filess.bat
C:\Program Files\Navilog1\Contents\Folders.bat
C:\Program Files\Navilog1\Contents\Folderss.bat
C:\Program Files\Navilog1\Contents\Gnc2.bat
C:\Program Files\Navilog1\Contents\Gnc2su.bat
C:\Program Files\Navilog1\Contents\Gncs.bat
C:\Program Files\Navilog1\Contents\Gncssfil.bat
C:\Program Files\Navilog1\Contents\Heurs.bat
C:\Program Files\Navilog1\Contents\Heurss.bat
C:\Program Files\Navilog1\Contents\Orphus.bat
C:\Program Files\Navilog1\Contents\Wlist.bat
C:\Program Files\Navilog1\GetPaths.exe
C:\Program Files\Navilog1\gnc.exe
C:\Program Files\Navilog1
avilog1.bat
C:\Program Files\Navilog1\Navreb.bat
C:\Program Files\Navilog1\oem2ansi.exe
C:\Program Files\Navilog1\Process.exe
C:\Program Files\Navilog1eg.exe
C:\Program Files\Navilog1egnavi.reg
C:\Program Files\Navilog1\Safebackup\backup_registry.dat
C:\Program Files\Navilog1\Safebackup\HKCU_Run.reg
C:\Program Files\Navilog1\Safebackup\HKLM_Run.reg
C:\Program Files\Navilog1\Safebackup\HKLM_Uninstall.reg
C:\Program Files\Navilog1	raite.bat
C:\Program Files\Navilog1	raite2.bat
C:\Program Files\Navilog1	raite3.bat
C:\Program Files\Navilog1\unins000.dat
C:\Program Files\Navilog1\unins000.exe
C:\Users\Vic\.bztarotcumul.dat
C:\Users\Vic\antivir_workstation_win7u_en_h.exe

.
(((((((((((((((((((((((((((((   Fichiers créés 2008-07-16 to 2008-08-16  ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 14:21	524,288	--sha-w	C:\Users\Invité\NTUSER.DAT
2008-08-16 14:21	524,288	--sha-w	C:\Users\Invité\NTUSER.DAT
2008-08-16 10:38	---------	d-----w	C:\Program Files\Malwarebytes' Anti-Malware
2008-08-16 09:30	---------	d---a-w	C:\ProgramData\TEMP
2008-08-16 09:30	---------	d-----w	C:\Program Files\Spybot - Search & Destroy
2008-08-16 09:29	---------	d-----w	C:\ProgramData\Spybot - Search & Destroy
2008-08-16 08:29	---------	d-----w	C:\Users\Vic\AppData\Roaming\Malwarebytes
2008-08-16 08:29	---------	d-----w	C:\ProgramData\Malwarebytes
2008-08-16 08:19	---------	d-----w	C:\Program Files\Trend Micro
2008-08-16 07:20	81,984	----a-w	C:\Windows\System32\bdod.bin
2008-08-16 04:56	---------	d-----w	C:\Program Files\Mindscape
2008-08-16 01:34	---------	d-----w	C:\ProgramData\Yahoo! Companion
2008-08-16 01:34	---------	d-----w	C:\Program Files\Yahoo!
2008-08-16 01:34	---------	d-----w	C:\Program Files\CCleaner
2008-08-15 20:59	---------	d-----w	C:\ProgramData\Lavasoft
2008-08-15 20:57	---------	d-----w	C:\Program Files\Lavasoft
2008-08-15 20:56	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2008-08-14 01:15	---------	d-----w	C:\Program Files\Windows Mail
2008-08-11 04:23	---------	d-----w	C:\Program Files\DivX
2008-08-07 20:28	---------	d-----w	C:\Users\Vic\AppData\Roaming\vlc
2008-08-07 20:05	---------	d-----w	C:\Program Files\VideoLAN
2008-08-06 21:08	---------	d-----w	C:\Program Files\PokerStars
2008-08-05 17:19	---------	d-----w	C:\Program Files\eMule0.49
2008-08-01 03:18	---------	d-----w	C:\Program Files\DivX6.8
2008-08-01 02:36	716,272	----a-w	C:\Windows\system32\drivers\sptd.sys
2008-07-31 19:14	---------	d-----w	C:\Program Files\Bazooka Scanner
2008-07-30 22:35	---------	d-----w	C:\Program Files\PokerStars.NET
2008-07-30 18:07	38,472	----a-w	C:\Windows\system32\drivers\mbamswissarmy.sys
2008-07-30 18:07	17,144	----a-w	C:\Windows\system32\drivers\mbam.sys
2008-07-30 02:30	---------	d-----w	C:\Program Files\Activision Value
2008-07-29 21:47	---------	d-----w	C:\Users\Admin\AppData\Roaming\DivX
2008-07-29 21:46	---------	d-----w	C:\Users\Admin\AppData\Roaming\Bitdefender
2008-07-29 21:46	---------	d-----w	C:\Users\Admin\AppData\Roaming\ATI
2008-07-29 21:32	---------	d-----w	C:\Users\Invité\AppData\Roaming\DivX
2008-07-29 21:31	---------	d-s---w	C:\Users\Invité\AppData\Roaming\Microsoft
2008-07-29 21:31	---------	d-----w	C:\Users\Invité\AppData\Roaming\ATI
2008-07-29 21:30	---------	d-----w	C:\Users\Invité\AppData\Roaming\Identities
2008-07-29 21:30	---------	d-----w	C:\Users\Invité\AppData\Roaming\Bitdefender
2008-07-28 05:29	5,632	----a-w	C:\Windows\system32\drivers\StarOpen.sys
2008-07-26 02:39	---------	d-----w	C:\Program Files\Full Tilt Poker
2008-07-25 11:43	---------	d-----w	C:\Program Files\eMule
2008-07-25 08:36	524,288	----a-w	C:\Windows\System32\DivXsm.exe
2008-07-25 02:17	---------	d-----w	C:\ProgramData\DVD Shrink
2008-07-23 16:50	3,596,288	----a-w	C:\Windows\System32\qt-dx331.dll
2008-07-23 16:48	200,704	----a-w	C:\Windows\System32\ssldivx.dll
2008-07-23 16:48	1,044,480	----a-w	C:\Windows\System32\libdivx.dll
2008-07-23 16:46	12,288	----a-w	C:\Windows\System32\DivXWMPExtType.dll
2008-07-16 21:42	---------	d-----w	C:\Program Files\Friendly Software
2008-07-16 01:32	2,048	----a-w	C:\Windows\System32	zres.dll
2008-07-15 18:40	---------	d-----w	C:\Program Files\Scd2
2008-07-12 17:03	---------	d-----w	C:\Users\Vic\AppData\Roaming\Bitdefender
2008-07-12 14:08	---------	d-----w	C:\ProgramData\Recisio
2008-07-12 14:08	---------	d-----w	C:\Program Files\KaraFun
2008-07-12 13:57	---------	d-----w	C:\ProgramData\BitDefender
2008-07-12 13:57	---------	d-----w	C:\Program Files\Common Files\Softwin
2008-07-12 13:56	---------	d-----w	C:\Program Files\Softwin
2008-06-27 04:15	827,392	----a-w	C:\Windows\System32\wininet.dll
2008-06-26 03:29	801,280	----a-w	C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45	2,644,480	----a-w	C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45	12,240,896	----a-w	C:\Windows\System32\NlsLexicons0007.dll
2008-06-19 03:31	361,984	----a-w	C:\Windows\System32\IPSECSVC.DLL
2008-06-12 05:28	541,696	----a-w	C:\Windows\AppPatch\AcLayers.dll
2008-05-29 21:07	174	--sha-w	C:\Program Files\desktop.ini
2008-05-29 20:29	82,432	----a-w	C:\Windows\System32\axaltocm.dll
2008-05-29 20:29	101,888	----a-w	C:\Windows\System32\ifxcardm.dll
2008-05-27 05:21	1,582,592	----a-w	C:\Windows\System32	query.dll
2008-05-27 05:21	1,418,240	----a-w	C:\Windows\System32\mssrch.dll
2008-05-27 05:17	87,552	----a-w	C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17	87,552	----a-w	C:\Windows\System32\mssitlb.dll
2008-05-27 05:17	754,176	----a-w	C:\Windows\System32\propsys.dll
2008-05-27 05:17	60,416	----a-w	C:\Windows\System32\msscntrs.dll
2008-05-27 05:17	6,103,040	----a-w	C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17	34,816	----a-w	C:\Windows\System32\msscb.dll
2008-05-27 05:17	32,768	----a-w	C:\Windows\System32\mssprxy.dll
2008-05-27 05:17	313,344	----a-w	C:\Windows\System32	hawbrkr.dll
2008-05-27 05:17	301,568	----a-w	C:\Windows\System32\srchadmin.dll
2008-05-27 05:17	194,560	----a-w	C:\Windows\System32\offfilt.dll
2008-05-27 05:17	143,872	----a-w	C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17	11,776	----a-w	C:\Windows\System32\msshooks.dll
2008-05-27 05:17	1,671,680	----a-w	C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59	18,904	----a-w	C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59	106,605	----a-w	C:\Windows\System32\StructuredQuerySchema.bin
2008-05-16 09:58	12,632	----a-w	C:\Windows\System32\lsdelete.exe
2004-08-16 20:00	13,824	----a-w	C:\Users\Vic\cnmss Canon MP130 Series Printer (Local).exe
2008-03-01 20:02	16,384	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-01 20:02	32,768	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-01 20:02	16,384	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-03-22 15:07	16,384	--sha-w	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-22 15:07	32,768	--sha-w	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-22 15:07	16,384	--sha-w	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-01-16 01:50	56	--sha-r	C:\Windows\System32\4899C5AD8A.sys
2008-01-16 01:50	11,270	--sha-w	C:\Windows\System32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((   snapshot@2008-08-16_12.12.56.56   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-16 10:09:10	262,144	--sha-w	C:\Windows\ServiceProfiles\LocalService
tuser.dat
+ 2008-08-16 13:51:18	262,144	--sha-w	C:\Windows\ServiceProfiles\LocalService
tuser.dat
+ 2008-08-16 13:51:18	262,144	---ha-w	C:\Windows\ServiceProfiles\LocalService
tuser.dat.LOG1
- 2008-08-16 10:09:03	262,144	--sha-w	C:\Windows\ServiceProfiles\NetworkService
tuser.dat
+ 2008-08-16 13:51:23	262,144	--sha-w	C:\Windows\ServiceProfiles\NetworkService
tuser.dat
+ 2008-08-16 13:51:23	262,144	---ha-w	C:\Windows\ServiceProfiles\NetworkService
tuser.dat.LOG1
- 2008-08-16 10:08:06	262,144	----a-w	C:\Windows\System32\config\systemprofile
tuser.dat
+ 2008-08-16 14:21:22	262,144	----a-w	C:\Windows\System32\config\systemprofile
tuser.dat
+ 2008-08-16 14:21:22	262,144	---ha-w	C:\Windows\System32\config\systemprofile
tuser.dat.LOG1
+ 2008-01-19 07:33:35	217,088	----a-w	C:\Windows\System32\WerFault.exe
.
(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"CollaborationHost"="C:\Windows\system32\p2phost.exe" [2008-01-19 09:33 192000]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 09:36 2153472 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 17:14 34352]
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 21:42 438272]
"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information	opi.exe" [2007-04-02 12:48 577536]
"Desktop SMS"="C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe" [2007-06-18 10:51 1507328]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe" [2007-04-10 16:40 413696]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 04:53 894512]
"Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 16:00 571024]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 14:37 174872]
"SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [2006-12-12 20:16 90112]
"Toshiba TEMPO"="C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe" [2007-10-29 17:22 103824]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 16:48 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 07:11 4489216 C:\Windows\RtHDVCpl.exe]
"NDSTray.exe"="NDSTray.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Contr“leur de calendrier Ulead.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2008-02-20 15:12:12 69632]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 12:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"vidc.asv2"= asusasv2.dll
"msvideo7"= SDVC04.drv
"vidc.iv32"= C:\Windows\system32\ir32_32.dll
"vidc.iv31"= C:\Windows\system32\ir32_32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{65E85333-D414-4256-BB86-C4E048CCD08C}C:\program files\activision value\world series of poker toc\wsoptoc.exe"= UDP:C:\program files\activision value\world series of poker toc\wsoptoc.exe:WSOPTOC
"UDP Query User{844022A9-753D-4B5C-A79B-6F9EE0CF2C58}C:\program files\activision value\world series of poker toc\wsoptoc.exe"= TCP:C:\program files\activision value\world series of poker toc\wsoptoc.exe:WSOPTOC
"TCP Query User{953340B0-9AF7-451F-A200-371C03BCE370}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{EBE584F2-3A81-4F03-ABC5-E97A7633A1EA}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{486DF7B8-53B8-47A8-9721-035320D66317}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{2887688C-9806-45DC-BBE1-BFF066FFA542}E:\wsop 2008\wsopbftb.exe"= UDP:E:\wsop 2008\wsopbftb.exe:WSOPBFTB
"UDP Query User{0FAF01C7-954B-4765-9C9E-EEEF068E901D}E:\wsop 2008\wsopbftb.exe"= TCP:E:\wsop 2008\wsopbftb.exe:WSOPBFTB
"TCP Query User{29590836-4EFB-421B-9FDD-B975DC8190CE}C:\windows\temp\navbrowser.exe"= UDP:C:\windows	emp
avbrowser.exe:navbrowser.exe
"UDP Query User{B8A099B5-2888-44F4-B36A-D5870F55AC9F}C:\windows\temp\navbrowser.exe"= TCP:C:\windows	emp
avbrowser.exe:navbrowser.exe
"{0B594EA0-CF72-4646-9D69-1013DF35E4A2}"= UDP:53691:emule1
"{398DD216-20B3-4F2A-A005-6B2FF84354AA}"= TCP:53701:emule2
"TCP Query User{B40E4CF2-6497-4BD0-B597-924BE78DB740}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{B1CA03E5-AAB8-4B97-9E4B-35F1049519EE}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{7AAA053C-BF49-4311-A5BA-BDBE30F283AA}C:\program files\emule0.49\emule.exe"= UDP:C:\program files\emule0.49\emule.exe:eMule
"UDP Query User{093844B6-B37E-41CC-8345-B5249DE45CD6}C:\program files\emule0.49\emule.exe"= TCP:C:\program files\emule0.49\emule.exe:eMule

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"= C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

R0 CplIR;Embedded IR Driver;C:\Windows\system32\DRIVERS\CplIR.SYS [2007-03-06 15:01]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;C:\Program Files\Toshiba TEMPO\TempoSVC.exe [2007-10-29 17:21]
S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-21 11:36]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\system32\drivers\mbamswissarmy.sys [2008-07-30 20:07]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 22:46]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 22:46]
S3 SDVC04;USB DVC Service;C:\Windows\system32\Drivers\SDVC04.sys [2003-05-22 12:02]
S3 Wdm1;USB Bridge Cable Driver;C:\Windows\system32\Drivers\usbbc.sys [2001-12-13 15:35]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-08-15 C:\Windows\Tasks\User_Feed_Synchronization-{95FE6096-B871-4EF8-A6BA-D16AFE933C82}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 16:25:09
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-08-16 16:26:32
ComboFix-quarantined-files.txt  2008-08-16 14:26:30
ComboFix2.txt  2008-08-16 10:13:17

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 14,125,928,448 octets libres

260	--- E O F ---	2008-08-14 01:07:51


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:04, on 16/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32
otepad.exe
C:\Windows\system32
otepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information	opi.exe -startup
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: BJ Status Monitor Canon MP130 Series Printer.lnk = Vic\cnmss Canon MP130 Series Printer (Local).exe
O4 - Startup: Pense-bête.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix: 
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Notebook Performance Tuning Service  (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - Unknown owner - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (file missing)
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

Utilisateur anonyme · Answer

fais un clic droit sur hijackthis
choisi executer en tant qu administrateur
fais scan only
coches ces lignes :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) 


O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o 


O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing) 

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr 
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldfr-fr.cab 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab 


tu les coches et tu clic sur fix checked 


ensuit rééessai le scan malewarebyte

GusHan72 · Answer

Merci encore de t'occupé de moi, j'ai fait tes modifs sur hijacthis, et le scan malewarebyte a planté au bout de 3 heures, y'a du mieux!!! D'ou la lenteur de mes rèponses!!!!!!!Mais je n'arrive toujours a travailler sous vista normal, je reste en sans échec, j'ai tenté un scan bit defender, planté!!!!
Je te joint le rapport hijackthis au cas ou!!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:29:00, on 16/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information	opi.exe -startup
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: BJ Status Monitor Canon MP130 Series Printer.lnk = Vic\cnmss Canon MP130 Series Printer (Local).exe
O4 - Startup: Pense-bête.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix: 
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Notebook Performance Tuning Service  (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - Unknown owner - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (file missing)
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

Utilisateur anonyme · Answer

Rends toi sur ce site : 

https://www.virustotal.com/gui/ 

Clique sur parcourir et cherche ce fichier : C:\Windows\system32\p2phost.exe 

Clique sur Send File. 

Un rapport va s'élaborer ligne à ligne. 

Attends la fin. Il doit comprendre la taille du fichier envoyé. 

Sauvegarde le rapport avec le bloc-note. 

Copie le dans ta réponse.


ensuite :

Télécharge sur ton bureau DSS (ex Comboscan) de Deckard: 

http://deckard.geekstogo.com/dss.exe


(choisis enregistrer, puis Bureau comme emplacement) 

Ferme toutes les applications en cours. 

Double-clic sur DSS.exe pour lancer l'outil. 

Une fenêtre s'ouvre, invitant à fermer toutes les applications, clique sur OK. 

A la fin de l'analyse, une fenêtre s'ouvre, clique sur OK. 

Le rapport main.txt va s'afficher, copie le dans ta prochaine réponse. 
Si un rapport complémentaire a été créé ( extra.txt ), poste le aussi dans ta réponse. 

Les rapports sont ici : 
(!) C:\Deckard\System Scanner\main.txt 
(!) C:\Deckard\System Scanner\extra.txt 

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

GusHan72 · Answer

J'ai re-tenté un scan malewarebyte en ne scannant que ma partition E: et la il n'y pas de problème le scan va au bout et ne détecte rien, depuis ta correction avec combofix, le mode normal fonctionne, je ne suis plus obliger d'être en sans échec, merci encore une fois de m'aider, c'vraiment très sympa!!!! j'ai fait tes deux scans, je te fournis les rapports:

Fichier p2phost.exe reçu le 2008.08.17 18:01:50 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE 


Résultat: 0/35 (0%)
en train de charger les informations du serveur... 
Votre fichier est dans la file d'attente, en position: 1.
L'heure estimée de démarrage est entre 38 et 55 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse. 
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier. 
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération. 
 Formaté Impression des résultats  
Votre fichier a expiré ou n'existe pas. 
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée. 
 Email:  
  

Antivirus Version Dernière mise à jour Résultat 
AhnLab-V3 2008.8.15.0 2008.08.15 - 
AntiVir 7.8.1.19 2008.08.16 - 
Authentium 5.1.0.4 2008.08.17 - 
Avast 4.8.1195.0 2008.08.17 - 
AVG 8.0.0.161 2008.08.17 - 
BitDefender 7.2 2008.08.17 - 
CAT-QuickHeal 9.50 2008.08.16 - 
ClamAV 0.93.1 2008.08.16 - 
DrWeb 4.44.0.09170 2008.08.17 - 
eSafe 7.0.17.0 2008.08.17 - 
eTrust-Vet 31.6.6035 2008.08.15 - 
Ewido 4.0 2008.08.17 - 
F-Prot 4.4.4.56 2008.08.17 - 
Fortinet 3.14.0.0 2008.08.17 - 
GData 2.0.7306.1023 2008.08.16 - 
Ikarus T3.1.1.34.0 2008.08.17 - 
K7AntiVirus 7.10.417 2008.08.15 - 
Kaspersky 7.0.0.125 2008.08.17 - 
McAfee 5362 2008.08.15 - 
Microsoft 1.3807 2008.08.17 - 
NOD32v2 3362 2008.08.17 - 
Norman 5.80.02 2008.08.15 - 
Panda 9.0.0.4 2008.08.17 - 
PCTools 4.4.2.0 2008.08.17 - 
Prevx1 V2 2008.08.17 - 
Rising 20.57.62.00 2008.08.17 - 
Sophos 4.32.0 2008.08.17 - 
Sunbelt 3.1.1546.1 2008.08.15 - 
Symantec 10 2008.08.17 - 
TheHacker 6.3.0.3.052 2008.08.17 - 
TrendMicro 8.700.0.1004 2008.08.16 - 
VBA32 3.12.8.3 2008.08.17 - 
ViRobot 2008.8.16.1338 2008.08.16 - 
VirusBuster 4.5.11.0 2008.08.17 - 
Webwasher-Gateway 6.6.2 2008.08.17 - 
Information additionnelle 
File size: 192000 bytes 
MD5...: 0b729dbae22bceacb1fa39b19748ebdc 
SHA1..: 0d45bf543152746c0b692c3ef34e8b808a05bef8 
SHA256: 267cb064201c3f284b9602cfc5526b6313d8ac326588d710c5bab0bfd2a36454 
SHA512: bd41d51e3c988b025f8259e74c27bebd39db7d3690707be19c84f8eb4d51354b
2473813573bb4f2dcdb63dd9e6dc7850e4b8692a0b974755fdc5b3a17bbda48c 
PEiD..: - 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x100e298
timedatestamp.....: 0x47919161 (Sat Jan 19 05:57:53 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x13dae 0x13e00 6.51 56485aadcecdcc9480fa31bb6ae8a5dc
.data 0x15000 0xe00 0x800 5.90 b9db3db4b478871d72114090e314c7a2
.rsrc 0x16000 0x18208 0x18400 5.50 d295fa2af7b20dd2378a5389c9ae13a1
.reloc 0x2f000 0x1f06 0x2000 4.57 ddfa8dd5384eaa33fafffd21d633c29c

( 11 imports ) 
> ADVAPI32.dll: TraceMessage, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegCloseKey, RegOpenKeyExW, RegCreateKeyExW, RegQueryValueExW, OpenProcessToken, CreateWellKnownSid, GetWindowsAccountDomainSid, GetTokenInformation, OpenThreadToken, CheckTokenMembership, CryptReleaseContext
> KERNEL32.dll: LoadLibraryA, InterlockedCompareExchange, DelayLoadFailureHook, InterlockedExchange, Sleep, GetStartupInfoA, SetUnhandledExceptionFilter, GetModuleHandleA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, GetDriveTypeW, GetProcessHeap, HeapCreate, HeapDestroy, HeapAlloc, GetProcAddress, OpenEventW, GetComputerNameW, GetCurrentProcess, DuplicateHandle, InterlockedCompareExchange64, UnregisterWait, SetEvent, WaitForSingleObject, ResetEvent, HeapSetInformation, GetCurrentProcessId, ProcessIdToSessionId, CreateMutexW, CreateProcessW, GetModuleHandleW, FreeLibrary, CompareFileTime, GetUserDefaultLangID, FileTimeToSystemTime, SystemTimeToTzSpecificLocalTime, GetTimeFormatW, GetDateFormatW, lstrlenW, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, CreateEventW, RegisterWaitForSingleObject, FormatMessageW, SetEnvironmentVariableW, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetLastError, UnregisterWaitEx, CloseHandle, GetSystemTime, SystemTimeToFileTime, GetCurrentThread, HeapFree, HeapReAlloc
> GDI32.dll: SetBkColor, CreateSolidBrush, DeleteObject, LineTo, MoveToEx, SelectObject, ExtCreatePen, GetObjectW, SetLayout, GetLayout, StretchBlt, SetStretchBltMode, CreateCompatibleDC, DeleteDC, CreateFontIndirectW, GetDeviceCaps, SetTextColor, SetBkMode, GetTextExtentExPointW, Rectangle, GetStockObject
> USER32.dll: ShowWindow, PostMessageW, TrackPopupMenu, GetCursorPos, SetForegroundWindow, DestroyIcon, MapWindowPoints, GetClientRect, SystemParametersInfoW, SendMessageW, SetWindowPos, CreateWindowExW, GetWindowLongW, SetTimer, KillTimer, DispatchMessageW, TranslateMessage, IsDialogMessageW, IsWindow, GetMessageW, UnregisterClassW, DestroyWindow, LoadImageW, SetProcessDPIAware, IsDlgButtonChecked, FindWindowW, CheckDlgButton, GetSystemMetrics, FlashWindowEx, LoadIconW, EnableWindow, InflateRect, DrawFocusRect, FrameRect, MoveWindow, SetFocus, AnimateWindow, PtInRect, BeginPaint, EndPaint, GetParent, CallWindowProcW, IsWindowEnabled, FillRect, GetWindowTextW, GetSysColor, DrawTextW, GetDlgItem, MonitorFromWindow, TrackMouseEvent, InvalidateRect, SetCursor, FindWindowExW, GetDesktopWindow, GetWindowRect, MonitorFromRect, GetMonitorInfoW, RegisterClassW, GetSysColorBrush, DefWindowProcW, CreateDialogParamW, PostQuitMessage, SetWindowLongW, RegisterWindowMessageW, SetWindowTextW, GetDC, ReleaseDC, LoadMenuW, GetSubMenu, SetMenuItemInfoW, DestroyMenu, LoadBitmapW, LoadStringW
> msvcrt.dll: _controlfp, memset, memmove, _wtol, memcpy, wcsncpy_s, printf, wcsncmp, _vsnwprintf, isspace, _purecall, __getmainargs, _cexit, _exit, _XcptFilter, _ismbblead, exit, _acmdln, _initterm, _amsg_exit, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _unlock, __dllonexit, _lock, _onexit, _terminate@@YAXXZ, _except_handler4_common
> SHELL32.dll: Shell_NotifyIconW, -, -, -, -, ShellExecuteExW, SHAppBarMessage, SHQueryUserNotificationState, SHGetFileInfoW, SHGetFolderPathW
> RPCRT4.dll: RpcServerRegisterAuthInfoW, UuidCreate, UuidToStringW, RpcStringFreeW, NdrServerCall2, RpcStringBindingParseW, RpcBindingToStringBindingW, RpcServerInqBindings, RpcServerUnregisterIfEx, RpcImpersonateClient, RpcRevertToSelf, RpcServerUseProtseqW, RpcServerUseProtseqEpW, RpcBindingVectorFree, RpcServerRegisterIfEx, RpcEpRegisterW, I_RpcBindingInqTransportType, RpcBindingInqAuthClientW
> SHLWAPI.dll: -, PathIsNetworkPathW, -
> P2P.dll: PeerCollabUnregisterEvent, PeerCollabCloseHandle, PeerFreeData
> P2PCOLLAB.dll: SPUnsubscribeOnRundown, SPDeleteContact, PeopleNearMeUpdateFriendlyName, SPUpdateMeContact, SPUpdateContact, PeopleNearMeGetEndpointsNearMe, SPGetEndpointName, SPSetEndpointName, PeopleNearMeUpdateEndpointName, SPGetObjects, SPPublishObject, SPUnregisterApplication, SPRegisterApplication, SPGetApplications, SPGetEndpoints, SPGetPresenceInfo, SPSetPresenceInfo, CollabPublicationStopListen, SPUnpublishObjects, CollabPublicationPublish, PeopleNearMeSignin, CollabPublicationUnpublish, PeopleNearMeSignout, CollabUnregisterIPAddrChange, AISpecificStart, ContactManagerInit, CollabLayerInitialize, AIStartup, PeopleNearMeInitialize, AISpecificStop, PeopleNearMeUninitialize, CollabPublicationShutdown, AIShutdown, CollabLayerShutdown, ContactManagerCleanup, CollabLoadPrivacyStmt, CollabTrimNicknameSpaces, CollabPublicationInitialize, CollabSetSignInInfo, CollabRegisterIPAddrChange, SPSubscribeEndpoint, SPUnsubscribeEndpoint, CollabPublicationListen, CollabDisableAutoStart, CollabSetup, SPQueryContactData, CollabEnableAutoStart, CollabUpdateContact, CollabGetContact, SPUpdateUserPicture, AIApplicationGetRegistrationInfo, CollabGetUserSettings, CollabConvertPictureToBitmap, AIRespond, CollabGetSignInInfo, CollabDisplayPrivacyWebpage, SPUpdateUserSettings, CollabSetUserSettings
> ntdll.dll: NtQueryInformationToken, NtClose, NtOpenProcessToken, NtOpenThreadToken, RtlSubAuthoritySid, RtlSubAuthorityCountSid

( 0 exports ) 
 


 ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares. 

VirusTotal © Hispasec Sistemas -  Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy 



Deckard's System Scanner v20071014.68
Run by Vic on 2008-08-17 18:21:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.

[color=red]System Drive C: has 15.07 GiB (less than 15%) free./color


-- HijackThis (run as Vic.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23:00, on 17/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\System32\p2phost.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Windows\System32
otepad.exe
E:\Downloads\dss.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Vic.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information	opi.exe -startup
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba	raybar.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Pense-bête.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix: 
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Notebook Performance Tuning Service  (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - Unknown owner - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (file missing)
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

GusHan72 · Answer

Désolé de te déranger Chiqui, mais j'ai encore besoin de ton aide, les rapports sont bons ou pas??? En tout cas de mon coté les scans ne passent toujours pas a 100%, ni antivir, ni malwarebytes, ni les scans en ligne (kaspersky et bit defender), uniquement le disque C:\, car le E:\ passe sans problème!!!! merci d' avance...

Aide sur rapport Hijackthis

10 réponses

Discussions similaires

Newsletters