[Résolu] Problème : apparitions de pubs intempestives sans arrêt
Forum Sécurité - Virus : [Résolu] Problème : apparitions de pubs intempestives sans arrêt
Salut à tous !
je sais que beaucoup de topics ont été faits sur ce sujet , mais je préfere créer un topic pour mon cas 
alors voilà , il y a 2 jours , j'ai acheté un nouveau PC : le toshiba A300 . Seulement , depuis ce matin , dès que mon pc est connecté à internet , que je sois sur le bureau , sur un jeu , ou sur internet explorer , je suis sans cesse gêné par des pubs : CID nottament , et d'autres ..
j'ai installé ad-aware et analysé mon ordi avec , suite aux conseils d'un ami , celui ci a trouvé beaucoup de cookies traceur , puis les a supprimé . Ensuite j'ai installé Google Toolbar , qui est sensé bloquer les fenetres publicitaires intempestives (tout comme internet explorer 7 ) , mais tout cela en vain ! les pubs me harcèlent toujours !
c'est pour cela que je vous demande de l'aide 
que me conseillez vous pour remédier à ce problème ?
pour info je suis sur windows vista , et mon antivirus est bitdefender 2008 ..
Message édité par JeJe Le CoRsE le 30-08-2008 à 23:36:59
Bonjour,
Je vais m'occuper de toi. Merci de prendre en compte que je suis bénévole, que j'ai une vie privée et que j'aide plusieurs internautes à la fois, donc merci d'être patient. Cependant, je ne lâche jamais un internaute tant que son PC n'est pas propre 
Télécharge Hijackthis (de Trend Micro) sur ton Bureau.
- Double clique sur HJTInstall.exe pour lancer l'installation.
- Clique sur Install.
- Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)
- Accepte la licence en cliquant sur Yes.
- Clique sur "Do a system scan and save a logfile".
- Poste ici[ le rapport généré.
Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log
Aide : Comment utiliser HijackThis.
Sécurité / Prévention
Répondre à Egwene
pas de problèmes je saurais être patient je te comprend
voilà mon rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:31:35, on 17/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\tb_eula\EULALauncher.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\windows defender\MSASCui.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] c:\tb_eula\EULALauncher.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [the 1] "C:\ProgramData\Glue scr scr.8z9t6g5"
O4 - HKCU\..\Run: [Okay Proxy Ooze Each] "C:\ProgramData\Show plus program.it3sqz"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [!MMPermissions] C:\PROGRA~1\Sony\SHARED~1\MEDIAM~1\2.2\ADJUST~1.EXE /waitforservice MSSQL$SONY_MEDIAMGR SQLAgent$SONY_MEDIAMGR
O4 - HKCU\..\RunOnce: [!MMUserGroups] C:\PROGRA~1\Sony\SHARED~1\MEDIAM~1\2.2\MEDIAM~3.EXE /forcestatus /scriptfilename: C:\PROGRA~1\Sony\SHARED~1\MEDIAM~1\2.2\ADDUSE~1.SQL
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/r [...] &site=home (file missing)
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 9398 bytes
Re,
Infecté(e) par Lop.com ( pubs CiD )
Télécharge Lop S&D.exe (d’ Eric 71 & Angeldark) sur ton bureau.
- Double-clique dessus pour lancer l'installation
- Puis double-clique sur le raccourci Lop S&D présent sur ton bureau (Si tu es sous Vista, clique droit -> exécuter en tant qu'admin)
- Séléctionne la langue souhaitée , puis choisis l'Option 1 (Recherche)
- Patiente jusqu'à la fin du scan
- Poste le rapport généré (C:\lopR.txt)
Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
Tapes explorer et valide. Cela te fera apparaitre ton bureau
Sécurité / Prévention
Répondre à Egwene
voili voilou
--------------------\\ Lop S&D 4.2.3-0 XP/Vista
[ Windows VISTA (NT 6.0) Workstation Build 6001, Service Pack 1 ]
[ USER : Nardini Jean ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 18/08/2008 | 0:02:10 ] [ PC : PC-DE-JEAN (Proc:x86) ]
[ MAJ : 17-08-2008 | 01:58 ]
[ UAC => 0 ]
--------------------\\ Listing des dossiers dans Local
[17/08/2008|15:27] C:\Users\NARDIN~1\AppData\Local\Adobe
[15/08/2008|17:43] C:\Users\NARDIN~1\AppData\Local\Application Data
[15/08/2008|17:50] C:\Users\NARDIN~1\AppData\Local\ATI
[17/08/2008|14:47] C:\Users\NARDIN~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[16/08/2008|18:53] C:\Users\NARDIN~1\AppData\Local\GDIPFONTCACHEV1.DAT
[16/08/2008|10:44] C:\Users\NARDIN~1\AppData\Local\Google
[15/08/2008|17:43] C:\Users\NARDIN~1\AppData\Local\Historique
[17/08/2008|20:35] C:\Users\NARDIN~1\AppData\Local\IconCache.db
[17/08/2008|19:00] C:\Users\NARDIN~1\AppData\Local\Microsoft
[15/08/2008|22:26] C:\Users\NARDIN~1\AppData\Local\Microsoft Games
[16/08/2008|18:50] C:\Users\NARDIN~1\AppData\Local\MigWiz
[16/08/2008|14:54] C:\Users\NARDIN~1\AppData\Local\Mozilla
[17/08/2008|20:21] C:\Users\NARDIN~1\AppData\Local\Sony
[18/08/2008|00:00] C:\Users\NARDIN~1\AppData\Local\Temp
[15/08/2008|17:43] C:\Users\NARDIN~1\AppData\Local\Temporary Internet Files
[15/08/2008|17:50] C:\Users\NARDIN~1\AppData\Local\Toshiba
[15/08/2008|19:38] C:\Users\NARDIN~1\AppData\Local\VirtualStore
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[17/08/2008 23:00][--ah-----] C:\Windows\tasks\SA.DAT
[17/08/2008 20:35][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[29/04/2008|16:15] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[16/08/2008|18:38] C:\ProgramData\Adobe
[16/08/2008|18:32] C:\ProgramData\Adobe Systems
[02/11/2006|15:02] C:\ProgramData\Application Data
[15/08/2008|17:50] C:\ProgramData\ATI
[15/08/2008|19:52] C:\ProgramData\BitDefender
[15/08/2008|17:39] C:\ProgramData\Bureau
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[15/08/2008|17:39] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[16/08/2008|09:50] C:\ProgramData\Glue scr scr.8z9t6g5
[16/08/2008|09:50] C:\ProgramData\Glue scr scr.mowln
[17/08/2008|15:21] C:\ProgramData\Google
[17/08/2008|16:20] C:\ProgramData\Google Updater
[16/08/2008|09:51] C:\ProgramData\IDOL DOG
[15/08/2008|20:15] C:\ProgramData\IsolatedStorage
[17/08/2008|15:30] C:\ProgramData\Lavasoft
[15/08/2008|18:21] C:\ProgramData\McAfee
[15/08/2008|17:39] C:\ProgramData\Menu D‚marrer
[16/08/2008|12:39] C:\ProgramData\Messenger Plus!
[15/08/2008|23:31] C:\ProgramData\Microsoft
[15/08/2008|19:34] C:\ProgramData\Microsoft Help
[15/08/2008|17:39] C:\ProgramData\ModŠles
[16/08/2008|09:50] C:\ProgramData\Second Atom Okay Proxy
[16/08/2008|09:50] C:\ProgramData\Show plus program.it3sqz
[17/08/2008|20:08] C:\ProgramData\Sony
[02/11/2006|15:02] C:\ProgramData\Start Menu
[02/11/2006|15:02] C:\ProgramData\Templates
[17/08/2008|11:47] C:\ProgramData\TOSHIBA
[15/08/2008|17:44] C:\ProgramData\ToshibaEurope
[16/04/2008|14:00] C:\ProgramData\Ulead Systems
[16/08/2008|09:46] C:\ProgramData\WLInstaller
--------------------\\ Listing des dossiers dans C:\Program Files
[29/04/2008|16:15] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[16/08/2008|18:38] C:\Program Files\Adobe
[15/08/2008|17:30] C:\Program Files\ATI
[15/08/2008|17:30] C:\Program Files\ATI Technologies
[15/08/2008|18:18] C:\Program Files\BitDefender
[15/08/2008|17:31] C:\Program Files\Camera Assistant Software for Toshiba
[16/08/2008|09:49] C:\Program Files\Circle Developement
[17/08/2008|11:47] C:\Program Files\Common Files
[16/08/2008|11:41] C:\Program Files\DebugMode
[21/01/2008|04:43] C:\Program Files\desktop.ini
[15/08/2008|17:39] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[17/08/2008|15:21] C:\Program Files\Google
[16/04/2008|14:11] C:\Program Files\IDM
[17/08/2008|11:08] C:\Program Files\InstallShield Installation Information
[15/08/2008|17:29] C:\Program Files\Intel
[21/01/2008|04:35] C:\Program Files\Internet Explorer
[16/04/2008|14:01] C:\Program Files\InterVideo
[15/08/2008|19:30] C:\Program Files\Java
[17/08/2008|15:28] C:\Program Files\Lavasoft
[16/08/2008|11:03] C:\Program Files\MediaCoder
[16/08/2008|09:49] C:\Program Files\Messenger Plus! Live
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[15/08/2008|19:34] C:\Program Files\Microsoft Office
[17/08/2008|11:33] C:\Program Files\Microsoft Silverlight
[15/08/2008|19:34] C:\Program Files\Microsoft Works
[15/08/2008|17:46] C:\Program Files\Motorola
[21/01/2008|04:35] C:\Program Files\Movie Maker
[02/11/2006|14:37] C:\Program Files\MSBuild
[16/04/2008|13:22] C:\Program Files\MSXML 4.0
[16/08/2008|10:39] C:\Program Files\PhotoFiltre
[16/04/2008|13:39] C:\Program Files\Realtek
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[17/08/2008|20:06] C:\Program Files\Sony
[17/08/2008|20:04] C:\Program Files\Sony Setup
[17/08/2008|18:07] C:\Program Files\Sports Interactive
[17/08/2008|23:47] C:\Program Files\Steam
[16/04/2008|13:40] C:\Program Files\Synaptics
[17/08/2008|11:08] C:\Program Files\THQ
[17/08/2008|11:47] C:\Program Files\Toshiba
[15/08/2008|20:14] C:\Program Files\Toshiba TEMPRO
[16/08/2008|15:55] C:\Program Files\Total War
[17/08/2008|20:31] C:\Program Files\Trend Micro
[16/04/2008|13:58] C:\Program Files\Ulead Systems
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[16/08/2008|10:47] C:\Program Files\VideoLAN
[17/08/2008|20:06] C:\Program Files\Vstplugins
[21/01/2008|04:35] C:\Program Files\Windows Calendar
[21/01/2008|04:35] C:\Program Files\Windows Collaboration
[21/01/2008|04:35] C:\Program Files\Windows Defender
[21/01/2008|04:35] C:\Program Files\Windows Journal
[16/08/2008|09:48] C:\Program Files\Windows Live
[15/08/2008|23:07] C:\Program Files\Windows Mail
[16/04/2008|14:00] C:\Program Files\Windows Media Components
[21/01/2008|04:35] C:\Program Files\Windows Media Player
[15/08/2008|17:39] C:\Program Files\Windows NT
[21/01/2008|04:35] C:\Program Files\Windows Photo Gallery
[21/01/2008|04:35] C:\Program Files\Windows Sidebar
[17/08/2008|18:16] C:\Program Files\WinRAR
[17/08/2008|18:11] C:\Program Files\Zero G Registry
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[16/08/2008|18:38] C:\Program Files\Common Files\Adobe
[15/08/2008|19:52] C:\Program Files\Common Files\BitDefender
[16/08/2008|16:01] C:\Program Files\Common Files\InstallShield
[16/04/2008|13:24] C:\Program Files\Common Files\Java
[15/08/2008|21:02] C:\Program Files\Common Files\microsoft shared
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[15/08/2008|23:04] C:\Program Files\Common Files\Steam
[21/01/2008|04:35] C:\Program Files\Common Files\System
[17/08/2008|11:48] C:\Program Files\Common Files\Toshiba Shared
[16/04/2008|14:01] C:\Program Files\Common Files\Ulead Systems
[15/08/2008|20:50] C:\Program Files\Common Files\WindowsLiveInstaller
[17/08/2008|15:27] C:\Program Files\Common Files\Wise Installation Wizard
--------------------\\ Process
( 84 Processus )
iexplore.exe ~ [PID:2532] ~ [Threads:17]
iexplore.exe ~ [PID:2572] ~ [Threads:5]
iexplore.exe ~ [PID:5956] ~ [Threads:24]
--------------------\\ Recherche avec S_Lop
C:\ProgramData\Glue scr scr.mowln
C:\ProgramData\Show plus program.it3sqz
C:\ProgramData\Glue scr scr.8z9t6g5
C:\Users\NARDIN~1\AppData\Local\Temp\bis2693.exe
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\Program Files\Circle Developement
C:\Program Files\Circle Developement\Uninstall.exe
C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies\nardini_jean@advertstream[1].txt
C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies\nardini_jean@www.adserver5[1].txt
C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies\nardini_jean@advertising[1].txt
--------------------\\ Verification du Registre
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"the 1"="\"C:\\ProgramData\\Glue scr scr.8z9t6g5\""
"Okay Proxy Ooze Each"="\"C:\\ProgramData\\Show plus program.it3sqz\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 00:02:25
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\Users\NARDIN~1\Downloads\keygen.exe
[F:89][D:26]-> C:\Users\NARDIN~1\AppData\Local\Temp
[F:259][D:1]-> C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:2536][D:6]-> C:\Users\NARDIN~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:5][D:1]-> C:\$Recycle.Bin
--------------------\\ Fin du rapport a 0:04:00,56
[ UAC => 1 ]
Re,
Relance Lop S&D
- Choisis cette fois ci l'Option 2 ( Suppression )
- Ne ferme pas la fenêtre lors de la suppression !
- Poste le rapport généré ( C:\lopR.txt )
(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
Sécurité / Prévention
Répondre à Egwene
voila le rapport
--------------------\\ Lop S&D 4.2.3-0 XP/Vista
[ Windows VISTA (NT 6.0) Workstation Build 6001, Service Pack 1 ]
[ USER : Nardini Jean ] [ "C:\Lop SD" ] [ Selection : 2 ]
[ 18/08/2008 | 10:40:34 ] [ PC : PC-DE-JEAN (Proc:x86) ]
[ MAJ : 17-08-2008 | 01:58 ]
[ UAC => 1 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\Program Files\Circle Developement\Uninstall.exe
Supprime! - C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies\nardini_jean@advertstream[1].txt
Supprime! - C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies\nardini_jean@www.adserver5[1].txt
Supprime! - C:\ProgramData\Glue scr scr.mowln
Supprime! - C:\ProgramData\Show plus program.it3sqz
Supprime! - C:\ProgramData\Glue scr scr.8z9t6g5
Supprime! - C:\Users\NARDIN~1\AppData\Local\Temp\bis2693.exe
Supprime! - C:\Program Files\Circle Developement
-
[ Fichier Hosts ] .. Restaure!
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans Local
[17/08/2008|15:27] C:\Users\NARDIN~1\AppData\Local\Adobe
[15/08/2008|17:43] C:\Users\NARDIN~1\AppData\Local\Application Data
[15/08/2008|17:50] C:\Users\NARDIN~1\AppData\Local\ATI
[17/08/2008|14:47] C:\Users\NARDIN~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[16/08/2008|18:53] C:\Users\NARDIN~1\AppData\Local\GDIPFONTCACHEV1.DAT
[16/08/2008|10:44] C:\Users\NARDIN~1\AppData\Local\Google
[15/08/2008|17:43] C:\Users\NARDIN~1\AppData\Local\Historique
[18/08/2008|00:14] C:\Users\NARDIN~1\AppData\Local\IconCache.db
[17/08/2008|19:00] C:\Users\NARDIN~1\AppData\Local\Microsoft
[15/08/2008|22:26] C:\Users\NARDIN~1\AppData\Local\Microsoft Games
[16/08/2008|18:50] C:\Users\NARDIN~1\AppData\Local\MigWiz
[16/08/2008|14:54] C:\Users\NARDIN~1\AppData\Local\Mozilla
[17/08/2008|20:21] C:\Users\NARDIN~1\AppData\Local\Sony
[18/08/2008|10:40] C:\Users\NARDIN~1\AppData\Local\Temp
[15/08/2008|17:43] C:\Users\NARDIN~1\AppData\Local\Temporary Internet Files
[15/08/2008|17:50] C:\Users\NARDIN~1\AppData\Local\Toshiba
[15/08/2008|19:38] C:\Users\NARDIN~1\AppData\Local\VirtualStore
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[18/08/2008 10:28][--ah-----] C:\Windows\tasks\SA.DAT
[18/08/2008 00:15][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[29/04/2008|16:15] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[16/08/2008|18:38] C:\ProgramData\Adobe
[16/08/2008|18:32] C:\ProgramData\Adobe Systems
[02/11/2006|15:02] C:\ProgramData\Application Data
[15/08/2008|17:50] C:\ProgramData\ATI
[15/08/2008|19:52] C:\ProgramData\BitDefender
[15/08/2008|17:39] C:\ProgramData\Bureau
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[15/08/2008|17:39] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[17/08/2008|15:21] C:\ProgramData\Google
[17/08/2008|16:20] C:\ProgramData\Google Updater
[16/08/2008|09:51] C:\ProgramData\IDOL DOG
[15/08/2008|20:15] C:\ProgramData\IsolatedStorage
[17/08/2008|15:30] C:\ProgramData\Lavasoft
[15/08/2008|18:21] C:\ProgramData\McAfee
[15/08/2008|17:39] C:\ProgramData\Menu D‚marrer
[16/08/2008|12:39] C:\ProgramData\Messenger Plus!
[15/08/2008|23:31] C:\ProgramData\Microsoft
[15/08/2008|19:34] C:\ProgramData\Microsoft Help
[15/08/2008|17:39] C:\ProgramData\ModŠles
[16/08/2008|09:50] C:\ProgramData\Second Atom Okay Proxy
[17/08/2008|20:08] C:\ProgramData\Sony
[02/11/2006|15:02] C:\ProgramData\Start Menu
[02/11/2006|15:02] C:\ProgramData\Templates
[17/08/2008|11:47] C:\ProgramData\TOSHIBA
[15/08/2008|17:44] C:\ProgramData\ToshibaEurope
[16/04/2008|14:00] C:\ProgramData\Ulead Systems
[16/08/2008|09:46] C:\ProgramData\WLInstaller
--------------------\\ Listing des dossiers dans C:\Program Files
[29/04/2008|16:15] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[16/08/2008|18:38] C:\Program Files\Adobe
[15/08/2008|17:30] C:\Program Files\ATI
[15/08/2008|17:30] C:\Program Files\ATI Technologies
[15/08/2008|18:18] C:\Program Files\BitDefender
[15/08/2008|17:31] C:\Program Files\Camera Assistant Software for Toshiba
[17/08/2008|11:47] C:\Program Files\Common Files
[16/08/2008|11:41] C:\Program Files\DebugMode
[21/01/2008|04:43] C:\Program Files\desktop.ini
[15/08/2008|17:39] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[17/08/2008|15:21] C:\Program Files\Google
[16/04/2008|14:11] C:\Program Files\IDM
[17/08/2008|11:08] C:\Program Files\InstallShield Installation Information
[15/08/2008|17:29] C:\Program Files\Intel
[21/01/2008|04:35] C:\Program Files\Internet Explorer
[16/04/2008|14:01] C:\Program Files\InterVideo
[15/08/2008|19:30] C:\Program Files\Java
[17/08/2008|15:28] C:\Program Files\Lavasoft
[16/08/2008|11:03] C:\Program Files\MediaCoder
[16/08/2008|09:49] C:\Program Files\Messenger Plus! Live
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[15/08/2008|19:34] C:\Program Files\Microsoft Office
[17/08/2008|11:33] C:\Program Files\Microsoft Silverlight
[15/08/2008|19:34] C:\Program Files\Microsoft Works
[15/08/2008|17:46] C:\Program Files\Motorola
[21/01/2008|04:35] C:\Program Files\Movie Maker
[02/11/2006|14:37] C:\Program Files\MSBuild
[16/04/2008|13:22] C:\Program Files\MSXML 4.0
[16/08/2008|10:39] C:\Program Files\PhotoFiltre
[16/04/2008|13:39] C:\Program Files\Realtek
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[17/08/2008|20:06] C:\Program Files\Sony
[17/08/2008|20:04] C:\Program Files\Sony Setup
[17/08/2008|18:07] C:\Program Files\Sports Interactive
[17/08/2008|23:47] C:\Program Files\Steam
[16/04/2008|13:40] C:\Program Files\Synaptics
[17/08/2008|11:08] C:\Program Files\THQ
[17/08/2008|11:47] C:\Program Files\Toshiba
[15/08/2008|20:14] C:\Program Files\Toshiba TEMPRO
[16/08/2008|15:55] C:\Program Files\Total War
[17/08/2008|20:31] C:\Program Files\Trend Micro
[16/04/2008|13:58] C:\Program Files\Ulead Systems
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[16/08/2008|10:47] C:\Program Files\VideoLAN
[17/08/2008|20:06] C:\Program Files\Vstplugins
[21/01/2008|04:35] C:\Program Files\Windows Calendar
[21/01/2008|04:35] C:\Program Files\Windows Collaboration
[21/01/2008|04:35] C:\Program Files\Windows Defender
[21/01/2008|04:35] C:\Program Files\Windows Journal
[16/08/2008|09:48] C:\Program Files\Windows Live
[15/08/2008|23:07] C:\Program Files\Windows Mail
[16/04/2008|14:00] C:\Program Files\Windows Media Components
[21/01/2008|04:35] C:\Program Files\Windows Media Player
[15/08/2008|17:39] C:\Program Files\Windows NT
[21/01/2008|04:35] C:\Program Files\Windows Photo Gallery
[21/01/2008|04:35] C:\Program Files\Windows Sidebar
[17/08/2008|18:16] C:\Program Files\WinRAR
[17/08/2008|18:11] C:\Program Files\Zero G Registry
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[16/08/2008|18:38] C:\Program Files\Common Files\Adobe
[15/08/2008|19:52] C:\Program Files\Common Files\BitDefender
[16/08/2008|16:01] C:\Program Files\Common Files\InstallShield
[16/04/2008|13:24] C:\Program Files\Common Files\Java
[15/08/2008|21:02] C:\Program Files\Common Files\microsoft shared
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[15/08/2008|23:04] C:\Program Files\Common Files\Steam
[21/01/2008|04:35] C:\Program Files\Common Files\System
[17/08/2008|11:48] C:\Program Files\Common Files\Toshiba Shared
[16/04/2008|14:01] C:\Program Files\Common Files\Ulead Systems
[15/08/2008|20:50] C:\Program Files\Common Files\WindowsLiveInstaller
[17/08/2008|15:27] C:\Program Files\Common Files\Wise Installation Wizard
--------------------\\ Process
( 81 Processus )
iexplore.exe ~ [PID:2064] ~ [Threads:3]
iexplore.exe ~ [PID:4544] ~ [Threads:6]
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies\nardini_jean@advertising[2].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 10:40:53
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\Users\NARDIN~1\Downloads\keygen.exe
[F:86][D:27]-> C:\Users\NARDIN~1\AppData\Local\Temp
[F:266][D:1]-> C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:2939][D:6]-> C:\Users\NARDIN~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:5][D:1]-> C:\$Recycle.Bin
--------------------\\ Fin du rapport a 10:42:27,48
[ UAC => 1 ]
Re,
Oki
Supprime-moi ce keygen :
C:\Users\NARDIN~1\Downloads\keygen.exe
Je te conseille de désinstaller et de supprimer tous tes logiciels de p2p : 50% de ce que tu télécharges via p2p est piégé. Le p2p est le premier vecteur d'infection de nos jours.
Plus d'informations disponibles en cliquant sur le lien suivant : Cracks / P2P
Poste un nouveau rapport HijackThis et dis-moi comment va le PC.
Toujours des problèmes ?
Sécurité / Prévention
Répondre à Egwene
j'ai supprimé le keygen , c'était le seul logiciel de P2P que j'avais sur ce PC
voila le rapport : Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:35:36, on 18/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [the 1] "C:\ProgramData\Glue scr scr.yp6jcm"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/r [...] &site=home (file missing)
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 8777 bytes
faut-il régler autre chose ?
pour le moment je ne suis gêné par aucune pub , je te tiens au courant si c'est de nouveau le cas .
Sans vouloir trop t'en demander , est ce que tu pourrais faire une vérification de mon autre PC ? Il rame depuis pas mal de temps , alors j'aimerais bien que tu me dises ce qui ne va pas dans le pc , si il a des virus ou autre
si tu es ok je te poste un rapport hijackthis de mon autre pc !
Re,
J'ai dû aller trop vite dans l'analyse du rapport
On va reprendre, t'inquiète pas
Refais-moi un rapport LopS&D qu'on vérifie tout cela. Il se peut aussi que les pubs soient lié à autre chose.
Tu utilises quel navigateur pour surfer ?
Sécurité / Prévention
Répondre à Egwene
Re,
Relance Lop S&D
- Choisis cette fois ci l'Option 2 ( Suppression )
- Ne ferme pas la fenêtre lors de la suppression !
- Poste le rapport généré ( C:\lopR.txt )
(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
Et poste un nouveau rapport HijackThis.
Sécurité / Prévention
Répondre à Egwene
Re,
Normalement tu ne devrais plus avoir de pubs. Si tu en as toujours, c'est qu'il y a quelque chose qui relance l'infection, tiens-moi au courant. En attendant, fais ça
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
- Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
Sécurité / Prévention
Répondre à Egwene
MBAM n'a rien trouvé , et les pubs s'ouvrent encore 
Re,
Relance LopS&D option 1.
On va voir si l'infection est revenue.
Je dois être aveugle, ce n'est pas possible
Sécurité / Prévention
Répondre à Egwene
Re,
Relance l'option 2... poste le rapport, puis :
Séléctionne l'encadré ci dessous en entier , puis clique droit , choisis Copier
@echo off & cls
|
Puis , menu Démarrer / Executer , tape cmd et valide par OK
Fais un clique droit dans la fenêtre noire et choisis Coller
il va sortir un rapport , poste le ici,
Sécurité / Prévention
Répondre à Egwene
Re,
Le rapport me semble bon
As-tu désinstallé via ajout/suppression de programmes du panneau de configuration le sponsor de MSN 3+! , responsable de l'infection ?
Toujours des pubs ?
Redémarre le PC et envoie un nouveau rapport lopS&D option 1.
Message édité par Egwene le 20-08-2008 à 11:03:18
Sécurité / Prévention
Répondre à Egwene
Re,
Non c'est revenu 
Bon, on va creuser plus en profondeur, comme ça j'en saurais plus, là je tourne en rond.
C'est parti pour le gros calibre
1) Téléchargez ATF Cleaner sur votre Bureau.
- Faites un double clic sur ATF-Cleaner.exe pour lancer le programme.
- Cliquez sur Select All situé en bas de la liste.
- Cliquez sur le bouton Empty Selected.
Si vous utilisez le navigateur Firefox, faites aussi ceci :
- Cliquez sur Firefox en haut et choisissez Select All dans la liste.
- Cliquez sur le bouton Empty Selected.
- NOTE : Si vous désirez conserver vos mots de passe enregistrés, cliquez sur No dans le message d'avertissement.
Si vous utilisez le navigateur Opera, faites aussi ceci :
- Cliquez sur Opera en haut et choisissez Select All dans la liste.
- Fermez TOUS les navigateurs Internet (très important).
- Cliquez sur le bouton Empty Selected.
- NOTE : Si vous désirez conserver vos mots de passe enregistrés, cliquez sur No dans le message d'avertissement.
Cliquez sur Exit dans le menu principal pour fermer le programme.
2) Ensuite, téléchargez OTScanIt.exe sur votre Bureau, et faites un double clic dessus pour extraire les fichiers. Ceci va créer un dossier nommé OTScanIt sur votre Bureau.
N.B : Si pendant le téléchargement et/ou l’installation tu reçois une alerte de ton antivirus, ignore-là. Certains composants de OTscanIT peuvent être détectés comme un virus par certains antivirus. Pense aussi à désactiver tes protections résidentes durant la procédure.
Note : Vous devez avoir ouvert une session avec un compte ayant les droits Administrateur pour exécuter ce programme.
- Fermez TOUS LES AUTRES PROGRAMMES.
- Ouvrez le dossier OTScanIt et faites un double clic sur OTScanIt.exe pour lancer le programme (si vous êtes sous Windows Vista, faites un clic droit sur le programme et choisissez Exécuter en tant qu'Administrateur).
- Dans la section Drivers cliquez sur Non-Microsoft.
- Sous Additional Scans cochez la case située devant les éléments suivants afin de les sélectionner :
Reg - BotCheck
File - Additional Folder Scans
- Ne modifiez aucun autre paramètre.
- Ensuite, cliquez sur le bouton Run Scan dans la barre d'outils.
- Laissez le programme tourner sans intervenir.
- Lorsque l'analyse est terminée le Bloc-notes va s'ouvrir pour afficher le fichier rapport.
- Cliquez sur le menu Format et vérifiez que Retour automatique à la ligne n'est pas coché. S'il l'est, cliquez dessus afin de le décocher.
Utilisez le bouton Répondre et faites un copier/coller de ces informations ici. Je les examinerai dès leur arrivée. Vérifiez que la première ligne est code entouré de crochets [] et que la dernière ligne est /code entouré de crochets [].
Si, après avoir envoyé votre message, la dernière ligne n'est pas <End of Report> cela signifie que le rapport est trop long pour tenir dans un seul message, et vous devez dans ce cas le découper en plusieurs messages, ou le mettre sur Mediafire : http://www.mediafire.com
Sécurité / Prévention
Répondre à Egwene
[code]
OTScanIt logfile created on: 20/08/2008 14:02:58
OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Users\NARDIN~1\Desktop
Windows Vista Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
2,00 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 86,97% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys;
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,37 Gb Total Space | 30,48 Gb Free Space | 40,98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 73,21 Gb Total Space | 68,47 Gb Free Space | 93,52% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC-DE-JEAN
Current User Name: Nardini Jean
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
[Processes - Non-Microsoft Only]
ati2evxx.exe -> %SystemRoot%\System32\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4188 | Size = 643072 bytes | Modified Date = 30/01/2008 16:28:06 | Attr = ]
ati2evxx.exe -> %SystemRoot%\System32\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4188 | Size = 643072 bytes | Modified Date = 30/01/2008 16:28:06 | Attr = ]
cfsvcs.exe -> %ProgramFiles%\TOSHIBA\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 7, 0, 1, 6 | Size = 40960 bytes | Modified Date = 25/12/2007 13:07:14 | Attr = ]
googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.1175.1407.beta | Size = 137200 bytes | Modified Date = 17/08/2008 15:20:41 | Attr = ]
temposvc.exe -> %ProgramFiles%\Toshiba TEMPRO\TempoSVC.exe -> Toshiba Europe GmbH [Ver = 1.1.0.0 | Size = 99720 bytes | Modified Date = 24/04/2008 10:21:56 | Attr = ]
tnavisrv.exe -> %ProgramFiles%\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -> TOSHIBA Corporation [Ver = 1.00.0003 | Size = 83312 bytes | Modified Date = 05/06/2008 18:43:10 | Attr = ]
toddsrv.exe -> %SystemRoot%\System32\TODDSrv.exe -> TOSHIBA Corporation [Ver = 1, 0, 0, 5 | Size = 129632 bytes | Modified Date = 21/11/2007 17:23:32 | Attr = ]
toscosrv.exe -> %ProgramFiles%\Toshiba\Power Saver\TosCoSrv.exe -> TOSHIBA Corporation [Ver = 1.0.0.3 | Size = 431456 bytes | Modified Date = 17/01/2008 16:27:34 | Attr = ]
tosipcsrv.exe -> %ProgramFiles%\TOSHIBA\SMARTLogService\TosIPCSrv.exe -> TOSHIBA Corporation [Ver = 1, 0, 0, 1 | Size = 126976 bytes | Modified Date = 03/12/2007 17:03:52 | Attr = ]
ulcdrsvr.exe -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 23/08/2006 16:39:48 | Attr = ]
xcommsvr.exe -> %CommonProgramFiles%\BitDefender\BitDefender Communicator\xcommsvr.exe -> BitDefender [Ver = 1, 8, 16, 0 | Size = 86016 bytes | Modified Date = 15/08/2008 19:58:50 | Attr = ]
vsserv.exe -> %ProgramFiles%\BitDefender\BitDefender 2008\vsserv.exe -> BitDefender S.R.L. [Ver = 11, 0, 0, 444 | Size = 1253376 bytes | Modified Date = 15/08/2008 20:00:58 | Attr = ]
livesrv.exe -> %CommonProgramFiles%\BitDefender\BitDefender Update Service\livesrv.exe -> BitDefender SRL [Ver = 11, 0, 1, 87 | Size = 1155072 bytes | Modified Date = 15/08/2008 20:01:06 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 22/02/2008 04:25:21 | Attr = ]
rthdvcpl.exe -> %SystemRoot%\RtHDVCpl.exe -> Realtek Semiconductor [Ver = 1, 0, 0, 132 | Size = 4911104 bytes | Modified Date = 29/01/2008 19:51:52 | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 11.1.16 17Jun08 | Size = 1295656 bytes | Modified Date = 17/06/2008 03:15:00 | Attr = ]
traybar.exe -> %ProgramFiles%\Camera Assistant Software for Toshiba\traybar.exe -> Chicony [Ver = 1, 5, 4002, 79 | Size = 413696 bytes | Modified Date = 25/10/2007 17:41:18 | Attr = ]
tpwrmain.exe -> %ProgramFiles%\Toshiba\Power Saver\TPwrMain.exe -> TOSHIBA Corporation [Ver = 1.0.0.2 | Size = 431456 bytes | Modified Date = 17/01/2008 16:27:52 | Attr = ]
smoothview.exe -> %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe -> TOSHIBA Corporation [Ver = 3, 0, 8, 32 | Size = 509816 bytes | Modified Date = 25/01/2008 11:22:14 | Attr = ]
tcrdmain.exe -> %ProgramFiles%\Toshiba\FlashCards\TCrdMain.exe -> TOSHIBA Corporation [Ver = 2.0.0.6 | Size = 712704 bytes | Modified Date = 22/01/2008 14:25:26 | Attr = ]
toshibaregistration.exe -> %ProgramFiles%\Toshiba\Registration\ToshibaRegistration.exe -> Toshiba [Ver = 4.0.0.0 | Size = 571024 bytes | Modified Date = 04/05/2007 12:05:08 | Attr = ]
sm56hlpr.exe -> %ProgramFiles%\Motorola\SMSERIAL\sm56hlpr.exe -> Motorola Inc. [Ver = 6.12.14 | Size = 1216512 bytes | Modified Date = 21/02/2008 20:23:38 | Attr = ]
bdagent.exe -> %ProgramFiles%\BitDefender\BitDefender 2008\bdagent.exe -> BitDefender S.R.L. [Ver = 11, 0, 0, 179 | Size = 368640 bytes | Modified Date = 15/08/2008 20:00:58 | Attr = ]
toshiba.tempo.ui.trayapplication.exe -> %ProgramFiles%\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe -> Toshiba Europe GmbH [Ver = 1.1.0.0 | Size = 103824 bytes | Modified Date = 24/04/2008 10:22:10 | Attr = ]
mom.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE -> Advanced Micro Devices Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 17/07/2007 11:13:56 | Attr = ]
cec_main.exe -> %ProgramFiles%\Camera Assistant Software for Toshiba\CEC_MAIN.exe -> [Ver = 1.7.8000.444 | Size = 4624384 bytes | Modified Date = 22/01/2008 11:00:30 | Attr = ]
ccc.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CCC.exe -> ATI Technologies Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 17/07/2007 11:13:34 | Attr = ]
syntphelper.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPHelper.exe -> Synaptics, Inc. [Ver = 11.1.16 17Jun08 | Size = 103720 bytes | Modified Date = 17/06/2008 03:16:00 | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 12/07/2008 09:29:54 | Attr = ]
[Win32 Services - Non-Microsoft Only]
(Ati External Event Utility) Ati External Event Utility [Win32_Own | Auto | Running] -> %SystemRoot%\System32\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4188 | Size = 643072 bytes | Modified Date = 30/01/2008 16:28:06 | Attr = ]
(CertPropSvc) Propagation du certificat [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(ConfigFree Service) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\TOSHIBA\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 7, 0, 1, 6 | Size = 40960 bytes | Modified Date = 25/12/2007 13:07:14 | Attr = ]
(DcomLaunch) Lanceur de processus serveur DCOM [Win32_Shared | Unknown | Running] -> %SystemRoot%\system32\svchost.exe -> File not found
(gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.1175.1407.beta | Size = 137200 bytes | Modified Date = 17/08/2008 15:20:41 | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> File not found
(LIVESRV) BitDefender Desktop Update Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\BitDefender\BitDefender Update Service\livesrv.exe -> BitDefender SRL [Ver = 11, 0, 1, 87 | Size = 1155072 bytes | Modified Date = 15/08/2008 20:01:06 | Attr = ]
(MSDTC) Coordinateur de transactions distribuées [Win32_Own | Unknown | Stopped] -> %SystemRoot%\System32\msdtc.exe -> File not found
(Schedule) Planificateur de tâches [Win32_Shared | Unknown | Running] -> %systemroot%\system32\svchost.exe -> File not found
(SCPolicySvc) Stratégie de retrait de la carte à puce [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found
(Steam Client Service) Steam Client Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Steam\SteamService.exe -> Valve Corporation [Ver = 1, 0, 0, 1 | Size = 87288 bytes | Modified Date = 15/08/2008 23:03:42 | Attr = ]
(TempoMonitoringService) Notebook Performance Tuning Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba TEMPRO\TempoSVC.exe -> Toshiba Europe GmbH [Ver = 1.1.0.0 | Size = 99720 bytes | Modified Date = 24/04/2008 10:21:56 | Attr = ]
(TNaviSrv) TOSHIBA Navi Support Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -> TOSHIBA Corporation [Ver = 1.00.0003 | Size = 83312 bytes | Modified Date = 05/06/2008 18:43:10 | Attr = ]
(TODDSrv) TOSHIBA Optical Disc Drive Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\TODDSrv.exe -> TOSHIBA Corporation [Ver = 1, 0, 0, 5 | Size = 129632 bytes | Modified Date = 21/11/2007 17:23:32 | Attr = ]
(TosCoSrv) TOSHIBA Power Saver [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\Power Saver\TosCoSrv.exe -> TOSHIBA Corporation [Ver = 1.0.0.3 | Size = 431456 bytes | Modified Date = 17/01/2008 16:27:34 | Attr = ]
(TOSHIBA Bluetooth Service) TOSHIBA Bluetooth Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -> File not found
(TOSHIBA SMART Log Service) TOSHIBA SMART Log Service [Win32_Own | Auto | Running] -> %ProgramFiles%\TOSHIBA\SMARTLogService\TosIPCSrv.exe -> TOSHIBA Corporation [Ver = 1, 0, 0, 1 | Size = 126976 bytes | Modified Date = 03/12/2007 17:03:52 | Attr = ]
(TrustedInstaller) Programme d’installation de modules Windows [Win32_Own | Unknown | Stopped] -> %SystemRoot%\servicing\TrustedInstaller.exe -> File not found
(UleadBurningHelper) Ulead Burning Helper [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 23/08/2006 16:39:48 | Attr = ]
(VSSERV) BitDefender Virus Shield [Win32_Own | Auto | Running] -> %ProgramFiles%\BitDefender\BitDefender 2008\vsserv.exe -> BitDefender S.R.L. [Ver = 11, 0, 0, 444 | Size = 1253376 bytes | Modified Date = 15/08/2008 20:00:58 | Attr = ]
(WdiServiceHost) Service hôte WDIServiceHost [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found
(WdiSystemHost) Hôte système de diagnostics [Win32_Shared | Unknown | Running] -> %SystemRoot%\System32\svchost.exe -> File not found
(WMPNetworkSvc) Service Partage réseau du Lecteur Windows Media [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> File not found
(XCOMM) BitDefender Communicator [Win32_Own | Auto | Running] -> %CommonProgramFiles%\BitDefender\BitDefender Communicator\xcommsvr.exe -> BitDefender [Ver = 1, 8, 16, 0 | Size = 86016 bytes | Modified Date = 15/08/2008 19:58:50 | Attr = ]
[Driver Services - Non-Microsoft Only]
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adp94xx.sys -> Adaptec, Inc. [Ver = 1.6.0006.3 (1.070222-1720) | Size = 422968 bytes | Modified Date = 21/01/2008 04:23:21 | Attr = ]
(adpahci) adpahci [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpahci.sys -> Adaptec, Inc. [Ver = 1.6.0006.1 (1.070222-1720) | Size = 300600 bytes | Modified Date = 21/01/2008 04:23:25 | Attr = ]
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpu160m.sys -> Adaptec, Inc. [Ver = 6.4.645.100 (NT.070221-1001) | Size = 101432 bytes | Modified Date = 21/01/2008 04:23:26 | Attr = ]
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\adpu320.sys -> Adaptec, Inc. [Ver = 7.2.000.000 (NT.070221-1245) | Size = 149560 bytes | Modified Date = 21/01/2008 04:23:27 | Attr = ]
(AgereSoftModem) Modem Soft Agere Systems [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.69 | Size = 983552 bytes | Modified Date = 02/11/2006 09:41:50 | Attr = ]
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\djsvs.sys -> Adaptec, Inc. [Ver = 6.0.0.0 | Size = 71272 bytes | Modified Date = 02/11/2006 11:50:11 | Attr = ]
(aliide) aliide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 17464 bytes | Modified Date = 21/01/2008 04:23:00 | Attr = ]
(arc) arc [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\arc.sys -> Adaptec, Inc. [Ver = 5.2.0.10384 (NT.070222-1720) | Size = 79416 bytes | Modified Date = 21/01/2008 04:23:23 | Attr = ]
(arcsas) arcsas [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\arcsas.sys -> Adaptec, Inc. [Ver = 5.2.0.10384 (NT.070222-1720) | Size = 79928 bytes | Modified Date = 21/01/2008 04:23:24 | Attr = ]
(atikmdag) atikmdag [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\atikmdag.sys -> ATI Technologies Inc. [Ver = 7.01.01.730 | Size = 3483648 bytes | Modified Date = 30/01/2008 17:24:00 | Attr = ]
(Bdfndisf) BitDefender Firewall NDIS Filter Service [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\bdfndisf.sys -> BitDefender SRL [Ver = 3.0.0.18 built by: WinDDK | Size = 86792 bytes | Modified Date = 15/08/2008 20:00:58 | Attr = ]
(bdfsfltr) bdfsfltr [File_System | On_Demand | Running] -> %SystemRoot%\System32\drivers\bdfsfltr.sys -> BitDefender S.R.L. Bucharest, ROMANIA [Ver = 0.3.124.3908, RELEASE, built by: WinDDK | Size = 196368 bytes | Modified Date = 07/01/2008 17:41:34 | Attr = ]
(bdftdif) bdftdif [Kernel | System | Running] -> %CommonProgramFiles%\BitDefender\BitDefender Firewall\bdftdif.sys -> BitDefender SRL [Ver = 3.0.0.11 | Size = 156688 bytes | Modified Date = 15/08/2008 19:58:51 | Attr = ]
(BDSelfPr) BDSelfPr [Kernel | On_Demand | Running] -> %ProgramFiles%\BitDefender\BitDefender 2008\bdselfpr.sys -> BitDefender S.R.L. [Ver = 11.00 built by: WinDDK | Size = 8320 bytes | Modified Date = 15/08/2008 20:00:58 | Attr = ]
(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrFiltLo.sys -> Brother Industries, Ltd. [Ver = 1.10.000 (vbl_wcp_d2_drivers.060616-1619) | Size = 13568 bytes | Modified Date = 02/11/2006 10:24:45 | Attr = ]
(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrFiltUp.sys -> Brother Industries, Ltd. [Ver = 1.04.000 (vbl_wcp_d2_drivers.060616-1619) | Size = 5248 bytes | Modified Date = 02/11/2006 10:24:46 | Attr = ]
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrSerId.sys -> Brother Industries Ltd. [Ver = 1.0.1.6 (vbl_wcp_d2_drivers.060616-1619) | Size = 71808 bytes | Modified Date = 02/11/2006 10:25:24 | Attr = ]
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrSerWdm.sys -> Brother Industries Ltd. [Ver = 1.0.0.20 (vbl_wcp_d2_drivers.060616-1619) | Size = 62336 bytes | Modified Date = 02/11/2006 10:24:44 | Attr = ]
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\BrUsbMdm.sys -> Brother Industries Ltd. [Ver = 1,0,0,12 (vbl_wcp_d2_drivers.060616-1619) | Size = 12160 bytes | Modified Date = 02/11/2006 10:24:44 | Attr = ]
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\BrUsbSer.sys -> Brother Industries Ltd. [Ver = 1,0,1,3 (vbl_wcp_d2_drivers.060809-0459) | Size = 11904 bytes | Modified Date = 02/11/2006 10:24:47 | Attr = ]
(CLFS) Common Log (CLFS) [Kernel | Unknown | Running] -> -> File not found
(cmdide) cmdide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (longhorn_rtm.080118-1840) | Size = 19000 bytes | Modified Date = 21/01/2008 04:23:00 | Attr = ]
(E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\E1G60I32.sys -> Intel Corporation [Ver = 8.3.2.8 built by: WinDDK | Size = 118784 bytes | Modified Date = 21/01/2008 04:23:24 | Attr = ]
(elxstor) elxstor [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\elxstor.sys -> Emulex [Ver = 5-1.30M9 03/18/2007 WS2K3 32 bit (NT.070222-1720) | Size = 342584 bytes | Modified Date = 21/01/2008 04:23:22 | Attr = ]
(FwLnk) FwLnk Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\FwLnk.sys -> TOSHIBA Corporation [Ver = 1.0.0.3V built by: WinDDK | Size = 7168 bytes | Modified Date = 20/11/2006 14:11:14 | Attr = ]
(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\HpCISSs.sys -> Hewlett-Packard Company [Ver = 6.0.0.32 Build 7 (x86) (NT.070221-1245) | Size = 40504 bytes | Modified Date = 21/01/2008 04:23:26 | Attr = ]
(iaStor) Intel AHCI Controller [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\iaStor.sys -> Intel Corporation [Ver = 7.8.0.1012 | Size = 308248 bytes | Modified Date = 29/09/2007 23:03:12 | Attr = ]
(iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iaStorV.sys -> Intel Corporation [Ver = 6.2.0.1019 | Size = 235064 bytes | Modified Date = 21/01/2008 04:23:23 | Attr = ]
(igfx) igfx [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\igdkmd32.sys -> File not found
(iirsp) iirsp [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iirsp.sys -> Intel Corp./ICP vortex GmbH [Ver = 5.4.22.0 | Size = 41576 bytes | Modified Date = 02/11/2006 11:50:17 | Attr = ]
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\RTKVHDA.sys -> Realtek Semiconductor Corp. [Ver = 6.0.1.5559 built by: WinDDK | Size = 2058528 bytes | Modified Date = 30/01/2008 12:34:20 | Attr = ]
(IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\ipinip.sys -> File not found
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iteatapi.sys -> Integrated Technology Express, Inc. [Ver = v1.3.2.7 (NT.060726-2054) | Size = 35944 bytes | Modified Date = 02/11/2006 11:50:07 | Attr = ]
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\iteraid.sys -> Integrated Technology Express, Inc. [Ver = v1.7.1.91 (NT.060726-2054) | Size = 35944 bytes | Modified Date = 02/11/2006 11:50:09 | Attr = ]
(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_fc.sys -> LSI Logic [Ver = 1.25.06.22 (NT.070222-1242) | Size = 96312 bytes | Modified Date = 21/01/2008 04:23:23 | Attr = ]
(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_sas.sys -> LSI Logic [Ver = 1.25.06.22 (NT.070222-1242) | Size = 89656 bytes | Modified Date = 21/01/2008 04:23:25 | Attr = ]
(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\lsi_scsi.sys -> LSI Logic [Ver = 1.25.06.22 (NT.070222-1242) | Size = 96312 bytes | Modified Date = 21/01/2008 04:23:23 | Attr = ]
(megasas) megasas [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\megasas.sys -> LSI Corporation [Ver = 2.13.0.32 (NT.070222-1720) | Size = 31288 bytes | Modified Date = 21/01/2008 04:23:27 | Attr = ]
(MegaSR) MegaSR [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\MegaSR.sys -> LSI Corporation, Inc. [Ver = 09.06.0523.2007 | Size = 386616 bytes | Modified Date = 21/01/2008 04:23:27 | Attr = ]
(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\Mraid35x.sys -> LSI Logic Corporation [Ver = 6.50.2.32 (NT.060824-1234) | Size = 33384 bytes | Modified Date = 02/11/2006 11:49:59 | Attr = ]
(NETw3v32) Pilote de carte Intel(R) PRO/sans fil 3945ABG pour Windows Vista 32 bits [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\NETw3v32.sys -> Intel Corporation [Ver = 11.1.1.20 | Size = 2225664 bytes | Modified Date = 21/01/2008 04:23:20 | Attr = ]
(NETw4v32) Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\NETw4v32.sys -> Intel Corporation [Ver = 11.5.0.32 | Size = 2251776 bytes | Modified Date = 26/09/2007 07:12:22 | Attr = ]
(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nfrd960.sys -> IBM Corporation [Ver = 7.10.56 (NT.060601-1710) | Size = 45160 bytes | Modified Date = 02/11/2006 11:50:19 | Attr = ]
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ntrigdigi.sys -> N-trig Innovative Technologies [Ver = 0.90.16.16384 (Vista_RC1.060509-2219) | Size = 20608 bytes | Modified Date = 02/11/2006 09:36:50 | Attr = ]
(nvraid) NVIDIA nForce RAID Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nvraid.sys -> NVIDIA Corporation [Ver = 5.10.2600.0833 (NT.070222-1720) | Size = 102968 bytes | Modified Date = 21/01/2008 04:23:21 | Attr = ]
(nvstor) nvstor [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\nvstor.sys -> NVIDIA Corporation [Ver = 5.10.2600.0833 (NT.070222-1720) | Size = 45112 bytes | Modified Date = 21/01/2008 04:23:21 | Attr = ]
(NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\nwlnkflt.sys -> File not found
(NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\nwlnkfwd.sys -> File not found
(PxHelp20) PxHelp20 [Kernel | Boot | Stopped] -> %SystemRoot%\System32\Drivers\PxHelp20.sys -> File not found
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ql2300.sys -> QLogic Corporation [Ver = 9.1.4.5 | Size = 1122360 bytes | Modified Date = 21/01/2008 04:23:24 | Attr = ]
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ql40xx.sys -> QLogic Corporation [Ver = 2.1.3.19 (STOR w32) | Size = 106088 bytes | Modified Date = 02/11/2006 11:50:35 | Attr = ]
(rimmptsk) rimmptsk [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\rimmptsk.sys -> REDC [Ver = 6.00.03.05 | Size = 46592 bytes | Modified Date = 15/02/2008 18:01:18 | Attr = ]
(rimsptsk) rimsptsk [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\rimsptsk.sys -> REDC [Ver = 6.00.01.11 | Size = 43008 bytes | Modified Date = 30/07/2007 10:42:58 | Attr = ]
(rismxdp) Ricoh xD-Picture Card Driver [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\rixdptsk.sys -> REDC [Ver = 6.00.01.13 | Size = 38400 bytes | Modified Date = 30/07/2007 11:54:02 | Attr = ]
(RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\Rtlh86.sys -> Realtek Corporation [Ver = 6.201.1228.2007 built by: WinDDK | Size = 104448 bytes | Modified Date = 28/12/2007 20:21:54 | Attr = ]
(secdrv) Security Driver [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 02/11/2006 08:37:21 | Attr = ]
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sisraid4.sys -> Silicon Integrated Systems [Ver = 3.00.02 (NT.070222-1720) | Size = 74808 bytes | Modified Date = 21/01/2008 04:23:26 | Attr = ]
(smserial) smserial [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\smserial.sys -> Motorola Inc. [Ver = SM56 Rel. 6.12.14.03 | Size = 1092608 bytes | Modified Date = 21/02/2008 20:29:00 | Attr = ]
(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\symc8xx.sys -> LSI Logic [Ver = 4.16.06.00 (NT.051018-1332) | Size = 35944 bytes | Modified Date = 02/11/2006 11:50:05 | Attr = ]
(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sym_hi.sys -> LSI Logic [Ver = 4.16.06.00 (NT.051018-1332) | Size = 31848 bytes | Modified Date = 02/11/2006 11:49:56 | Attr = ]
(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.09.09.00 (NT.051018-1332) | Size = 34920 bytes | Modified Date = 02/11/2006 11:50:03 | Attr = ]
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 11.1.16 17Jun08 | Size = 199728 bytes | Modified Date = 17/06/2008 03:16:00 | Attr = ]
(tdcmdpst) TOSHIBA Writing Engine Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\tdcmdpst.sys -> TOSHIBA Corporation. [Ver = 2, 0, 0, 0 | Size = 16128 bytes | Modified Date = 18/10/2006 11:50:04 | Attr = ]
(tos_sps32) TOSHIBA tos_sps32 Service [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\tos_sps32.sys -> TOSHIBA Corporation [Ver = 4, 0, 2007, 1115 | Size = 279376 bytes | Modified Date = 05/06/2008 18:13:40 | Attr = ]
(TVALZ) TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\TVALZ_O.SYS -> TOSHIBA Corporation [Ver = 2, 0, 0, 1 | Size = 23640 bytes | Modified Date = 09/11/2007 14:00:52 | Attr = ]
(uliahci) uliahci [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\uliahci.sys -> ULi Electronics Inc. [Ver = 6.302 | Size = 238648 bytes | Modified Date = 21/01/2008 04:23:20 | Attr = ]
(UlSata) UlSata [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ulsata.sys -> Promise Technology, Inc. [Ver = 1.1.0.31 | Size = 98408 bytes | Modified Date = 02/11/2006 11:50:35 | Attr = ]
(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\ulsata2.sys -> Promise Technology, Inc. [Ver = 1.0.0.38 | Size = 115816 bytes | Modified Date = 21/01/2008 04:23:23 | Attr = ]
(UVCFTR) UVCFTR [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\UVCFTR_S.SYS -> Chicony Electronics Co., Ltd. [Ver = 1.1.1.238 | Size = 18432 bytes | Modified Date = 17/12/2007 11:45:20 | Attr = ]
(viaide) viaide [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\viaide.sys -> VIA Technologies, Inc. [Ver = 5.1.3790.150 | Size = 20024 bytes | Modified Date = 21/01/2008 04:23:00 | Attr = ]
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\vsmraid.sys -> VIA Technologies Inc.,Ltd [Ver = 6.0.6000,6161 | Size = 130616 bytes | Modified Date = 21/01/2008 04:23:23 | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
00TCrdMain -> %SystemDrive%\Programmes\Toshiba\FlashCards\TCrdMain.exe [%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe] -> File not found
Adobe Reader Speed Launcher -> %SystemDrive%\Programmes\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> File not found
BDAgent -> %SystemDrive%\Programmes\BitDefender\BitDefender 2008\bdagent.exe ["C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"] -> File not found
BitDefender Antiphishing Helper -> %SystemDrive%\Programmes\BitDefender\BitDefender 2008\IEShow.exe ["C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"] -> File not found
Camera Assistant Software -> %SystemDrive%\Programmes\Camera Assistant Software for Toshiba\traybar.exe ["C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start] -> File not found
HSON -> %SystemDrive%\Programmes\Toshiba\TBS\HSON.exe [%ProgramFiles%\TOSHIBA\TBS\HSON.exe] -> File not found
ITSecMng -> %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [%ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START] -> File not found
NDSTray.exe -> [NDSTray.exe] -> File not found
RtHDVCpl -> %SystemRoot%\RtHDVCpl.exe [RtHDVCpl.exe] -> Realtek Semiconductor [Ver = 1, 0, 0, 132 | Size = 4911104 bytes | Modified Date = 29/01/2008 19:51:52 | Attr = ]
SmoothView -> %SystemDrive%\Programmes\Toshiba\SmoothView\SmoothView.exe [%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe] -> File not found
SMSERIAL -> %SystemDrive%\Programmes\Motorola\SMSERIAL\sm56hlpr.exe [C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe] -> File not found
StartCCC -> %SystemDrive%\Programmes\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"] -> File not found
SunJavaUpdateSched -> %SystemDrive%\Programmes\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> File not found
SynTPEnh -> %SystemDrive%\Programmes\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> File not found
topi -> %SystemDrive%\Programmes\Toshiba\Toshiba Online Product Information\TOPI.exe [C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup] -> File not found
Toshiba Registration -> %SystemDrive%\Programmes\Toshiba\Registration\ToshibaRegistration.exe [C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe] -> File not found
Toshiba TEMPO -> %SystemDrive%\Programmes\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe [C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe] -> File not found
TPwrMain -> %SystemDrive%\Programmes\Toshiba\Power Saver\TPwrMain.exe [%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE] -> File not found
Windows Defender -> %SystemDrive%\Programmes\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> File not found
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
MsnMsgr -> %SystemDrive%\Programmes\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background] -> File not found
Sidebar -> %SystemDrive%\Programmes\Windows Sidebar\sidebar.exe [C:\Program Files\Windows Sidebar\sidebar.exe /autoRun] -> File not found
the 1 -> %SystemDrive%\ProgramData\Glue scr scr.14b ["C:\ProgramData\Glue scr scr.14boiz"] -> File not found
WMPNSCFG -> %SystemDrive%\Programmes\Windows Media Player\wmpnscfg.exe [C:\Program Files\Windows Media Player\WMPNSCFG.exe] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 2927104 bytes | Modified Date = 21/01/2008 04:24:24 | Attr = ]
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\Windows\system32\userinit.exe -> %SystemRoot%\System32\userinit.exe -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 25088 bytes | Modified Date = 21/01/2008 04:24:49 | Attr = ]
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\System32\shell32.dll -> Microsoft Corporation [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 11580416 bytes | Modified Date = 24/04/2008 06:58:20 | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\System32\sysdm.cpl -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 242688 bytes | Modified Date = 21/01/2008 04:24:23 | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 3 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableInstallerDetection -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableSecureUIAPaths -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableVirtualization -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ValidateAdminCodeSignatures -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableUIADesktopToggle -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_TEXT -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_BITMAP -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_OEMTEXT -> 7 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIB -> 8 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_PALETTE -> 9 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_UNICODETEXT -> 13 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats\\CF_DIBV5 -> 17 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
TORiSAN CD-ROM CDR_C36 -> -> File not found
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> Pilote de CD-ROM ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\System32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 67072 bytes | Modified Date = 21/01/2008 04:23:02 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomMATSHITA_DVD-RAM_UJ-850S________________1.40____\5&2ed2b163&0&0.0.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 ->
< Drives - Autoruns > -> ->
autoexec.bat [REM Dummy file for NTVDM | ] -> %SystemDrive%\autoexec.bat [ NTFS ] -> [Ver = | Size = 24 bytes | Modified Date = 18/09/2006 23:43:36 | Attr = ]
< HOSTS File > (27 bytes) -> C:\Windows\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.google.fr ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://www.google.fr ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\Windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.fr ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Programmes\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Aide pour le lien d'Adobe PDF Reader] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Programmes\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> File not found
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Programmes\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll [Programme d'aide de l'Assistant de connexion Windows Live] -> File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Programmes\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> File not found
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Programmes\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll [Google Toolbar Notifier BHO] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Programmes\Google\GoogleToolbar1.dll [&Google] -> File not found
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Programmes\BitDefender\BitDefender 2008\IEToolbar.dll [BitDefender Toolbar] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Programmes\Google\GoogleToolbar1.dll [&Google] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Programmes\Java\jre1.6.0_05\bin\ssv.dll [Console Java (Sun)] -> File not found
{76577871-04EC-495E-A12B-91F7C3600AFA}:Exec -> [eBay - Achetez, Vendez] -> File not found
{8A918C1D-E123-4E36-B562-5C1519E434CE}:Exec -> [Amazon.fr] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/contr [...] %s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{6AEE4A6F-408E-4623-9686-B107507240BB} -> (Intel(R) PRO/Wireless 3945ABG Network Connection) ->
{964B5F78-4539-4B8A-8AD7-93BA0BEFDA72} -> (Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)) ->
< Default Protocols [HKEY_LOCAL_MACHINE\] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
ldap -> 4 = Restricted sites (Not a Default Protocol) ->
news -> 4 = Restricted sites (Not a Default Protocol) ->
nntp -> 4 = Restricted sites (Not a Default Protocol) ->
oecmd -> 4 = Restricted sites (Not a Default Protocol) ->
snews -> 4 = Restricted sites (Not a Default Protocol) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
livecall:{828030A1-22C1-4009-854F-8E305202313F} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Programmes\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll[Reg Error: Value does not exist or could not be read.] -> File not found
ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Programmes\Common Files\microsoft shared\Information Retrieval\msitss.dll[Microsoft Infotech Storage Protocol for IE 4.0] -> File not found
msnim:{828030A1-22C1-4009-854F-8E305202313F} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Programmes\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/j [...] s-i586.cab[Java Plug-in 1.6.0_05] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/g [...] rashim.cab[Reg Error: Value does not exist or could not be read.] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/j [...] s-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/j [...] s-i586.cab[Java Plug-in 1.6.0_05] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/j [...] s-i586.cab[Java Plug-in 1.6.0_05] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/ [...] wflash.cab[Shockwave Flash Object] ->
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\CWindows/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\CWindows/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\CWindows/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> ->
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\LegacyImpersonationLevel -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{C73106E0-AC80-11D1-8DF3-00C04FB6EF4F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{835BEE60-8731-4159-8BFF-941301D76D05} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{D9F260BC-EE6A-4c66-A5C3-30B2ECF4C368} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{91BC037F-B58C-43cb-AD9C-1718ACA70E2F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{9da0e0ea-86ce-11d1-8699-00c04fb98036} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{CA6C8347-120F-4122-873F-F89138694AC8} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{E8494122-79AD-11D2-909C-00A0C9AFE0AA} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A373F3DA-7A87-11D3-B1C1-00C04F68155C} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{C7310557-AC80-11D1-8DF3-00C04FB6EF4F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Eventlog\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Eventlog\\SuppressDuplicateDuration -> 86400 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ($build.empty) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\cval -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UacDisableNotify -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware\\DisableMonitoring -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\AntiSpywareOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\VistaSp1 -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbasedirectories -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LimitBlankPasswordUse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LmCompatibilityLevel -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\NoLmHash -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %SystemRoot%\System32\scecli.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 177152 bytes | Modified Date = 21/01/2008 04:24:50 | Attr = ]
*MultiFile Done* -> ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\System32\kerberos.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 497664 bytes | Modified Date = 21/01/2008 04:24:41 | Attr = ]
msv1_0 -> %SystemRoot%\System32\msv1_0.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 210432 bytes | Modified Date = 21/01/2008 04:24:18 | Attr = ]
schannel -> %SystemRoot%\System32\schannel.dll -> Microsoft Corporation [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 268288 bytes | Modified Date = 21/01/2008 04:24:12 | Attr = ]
wdigest -> %SystemRoot%\System32\wdigest.dll -> Microsoft Corporation [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 168448 bytes | Modified Date = 21/01/2008 04:24:25 | Attr = ]
tspkg -> %SystemRoot%\System32\TSpkg.dll -> Microsoft Corporation [Ver = 6.0.6001.18000 (longhorn_rtm.080118-1840) | Size = 62464 bytes | Modified Date = 21/01/2008 04:24:37 | Attr = ]
*MultiFile Done* -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %SystemRoot%\System32\msv1_0.dll -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 210432 bytes | Modified Date = 21/01/2008 04:24:18 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 744 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ProductType -> 3 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\System32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 121344 bytes | Modified Date = 21/01/2008 04:24:23 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\AuditPolicy\ -> ->
-> Reg Error: Key does not exist or could not be opened. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
-> Reg Error: Key does not exist or could not be opened. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\\DebugLogLevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 20 EE 17 78 7C BD 0C 21 26 39 E9 E4 4F 7D 51 8D [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\\Enabled -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 67 74 D3 D2 B6 B2 A8 95 A9 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> C4 93 8B 56 5A AE [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\HostToRealm\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> IISSUBA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\NtlmMinClientSec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\NtlmMinServerSec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 72 BD CE 71 36 81 17 36 7D 0B E2 A5 CB 56 C4 0F [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> @%SystemRoot%\system32\ipnathlp.dll,-106 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 6.0.6000.16386 (vista_rtm.061101-2205) | Size = 21504 bytes | Modified Date = 21/01/2008 04:23:43 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> @%SystemRoot%\system32\ipnathlp.dll,-107 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt;RasMan;BFE; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ServiceSidType -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\RequiredPrivileges -> SeChangeNotifyPrivilege;SeCreateGlobalPrivilege;SeImpersonatePrivilege;SeLoadDriverPrivilege;SeTakeOwnershipPrivilege; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\FailureActions -> 84 03 00 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\\IPSecExempt -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\\DisableStatefulFTP -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\\DisableStatefulPPTP -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\\PolicyVersion -> 513 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging\\LogFileSize -> 4096 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging\\LogFilePath -> %SystemRoot%\System32\LogFiles\Firewall\pfirewall.log [%systemroot%\system32\LogFiles\Firewall\pfirewall.log] -> [Ver = | Size = 594772 bytes | Modified Date = 21/01/2008 04:57:52 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PerfLogsAlerts-PLASrv-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\plasrv.exe|Name=@PlaSrv.exe,-10000|Desc=@PlaSrv.exe,-10001|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PerfLogsAlerts-DCOM-In-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=rpcss|Name=@PlaSrv.exe,-10002|Desc=@PlaSrv.exe,-10003|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PerfLogsAlerts-PLASrv-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\plasrv.exe|Name=@PlaSrv.exe,-10000|Desc=@PlaSrv.exe,-10001|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\PerfLogsAlerts-DCOM-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%systemroot%\system32\svchost.exe|Svc=rpcss|Name=@PlaSrv.exe,-10002|Desc=@PlaSrv.exe,-10003|EmbedCtxt=@PlaSrv.exe,-10005|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMP-In-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31003|Desc=@FirewallAPI.dll,-31006|EmbedCtxt=@FirewallAPI.dll,-31002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMP-Out-UDP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31007|Desc=@FirewallAPI.dll,-31010|EmbedCtxt=@FirewallAPI.dll,-31002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMP-Out-TCP -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31011|Desc=@FirewallAPI.dll,-31014|EmbedCtxt=@FirewallAPI.dll,-31002|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-In-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31253|Desc=@FirewallAPI.dll,-31256|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-Out-UDP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31257|Desc=@FirewallAPI.dll,-31260|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-In-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-QWave-Out-TCP-NoScope -> v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31265|Desc=@FirewallAPI.dll,-31268|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE| ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\WMPNSS-HTTPSTR-In-TCP-NoScope -> v2.0|Action=Allow|Ac
Message édité par Jejedu13 le 20-08-2008 à 14:45:18
Re,
Mets le rapport sur mediafire comme demandé.
Sécurité / Prévention
Répondre à Egwene
Re,
1) => Utilise ERUNT pour sauvegarder ton registre
http://www.zebulon.fr/dossiers/57- [...] istre.html
En cas de problème, il te sera ainsi possible d'annuler la manipulation,
/!\ Etape importante à ne pas sauter ! /!\
2) Ouvrez le dossier OTScanIt et faites un double clic sur OTScanIt.exe pour lancer le programme (si vous êtes sous Windows Vista, faites un clic droit sur le programme et choisissez Exécuter en tant qu'Administrateur).
Faites un copier/coller des informations de la zone Code ci-dessous dans la zone de saisie intitulée "Paste fix here" puis cliquez sur le bouton Run Fix.
|
L'exécution devrait être très rapide. Lorsque la correction est terminée, soit vous verrez un message vous annonçant que c'est fini (finished), soit vous serez invité à faire redémarrer le PC pour terminer l'exécution. Si c'est fini, cliquez sur le bouton Ok et le Bloc-notes va s'ouvrir pour afficher un rapport de toutes les actions réalisées. Envoyez ces informations en réponse.
Si un redémarrage est nécessaire, cliquez sur le bouton "Yes" pour faire redémarrer la machine. Après ce redémarrage, OTScanIt va finir de déplacer les fichiers qui ne pouvaient pas l'être précédemment, puis le Bloc-notes va s'ouvrir et afficher à ce moment-là les résultats finaux. Envoyez ces informations en réponse.
Message édité par Egwene le 20-08-2008 à 22:49:00
Sécurité / Prévention
Répondre à Egwene
Re,
Refais-moi un rapport LopS&D option 1 ainsi qu'un nouveau rapport HijackTHis.
Toujours des pubs ?
Sécurité / Prévention
Répondre à Egwene
Pour le moment non !
le rapport lop :
--------------------\\ Lop S&D 4.2.3-0 XP/Vista
[ Windows VISTA (NT 6.0) Workstation Build 6001, Service Pack 1 ]
[ USER : Nardini Jean ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 21/08/2008 | 11:42:24 ] [ PC : PC-DE-JEAN (Proc:x86) ]
[ MAJ : 17-08-2008 | 01:58 ]
[ UAC => 1 ]
--------------------\\ Listing des dossiers dans Local
[15/08/2008|17:43] C:\Users\NARDIN~1\AppData\Local\Application Data
[15/08/2008|17:50] C:\Users\NARDIN~1\AppData\Local\ATI
[20/08/2008|13:56] C:\Users\NARDIN~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[18/08/2008|16:20] C:\Users\NARDIN~1\AppData\Local\GDIPFONTCACHEV1.DAT
[16/08/2008|10:44] C:\Users\NARDIN~1\AppData\Local\Google
[15/08/2008|17:43] C:\Users\NARDIN~1\AppData\Local\Historique
[21/08/2008|00:31] C:\Users\NARDIN~1\AppData\Local\IconCache.db
[17/08/2008|19:00] C:\Users\NARDIN~1\AppData\Local\Microsoft
[15/08/2008|22:26] C:\Users\NARDIN~1\AppData\Local\Microsoft Games
[16/08/2008|18:50] C:\Users\NARDIN~1\AppData\Local\MigWiz
[16/08/2008|14:54] C:\Users\NARDIN~1\AppData\Local\Mozilla
[17/08/2008|20:21] C:\Users\NARDIN~1\AppData\Local\Sony
[21/08/2008|11:41] C:\Users\NARDIN~1\AppData\Local\Temp
[15/08/2008|17:43] C:\Users\NARDIN~1\AppData\Local\Temporary Internet Files
[15/08/2008|17:50] C:\Users\NARDIN~1\AppData\Local\Toshiba
[15/08/2008|19:38] C:\Users\NARDIN~1\AppData\Local\VirtualStore
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[21/08/2008 11:34][--ah-----] C:\Windows\tasks\SA.DAT
[21/08/2008 00:31][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[29/04/2008|16:15] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[16/08/2008|18:38] C:\ProgramData\Adobe
[16/08/2008|18:32] C:\ProgramData\Adobe Systems
[02/11/2006|15:02] C:\ProgramData\Application Data
[15/08/2008|17:50] C:\ProgramData\ATI
[15/08/2008|19:52] C:\ProgramData\BitDefender
[15/08/2008|17:39] C:\ProgramData\Bureau
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[15/08/2008|17:39] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[17/08/2008|15:21] C:\ProgramData\Google
[20/08/2008|20:17] C:\ProgramData\Google Updater
[16/08/2008|09:51] C:\ProgramData\IDOL DOG
[15/08/2008|20:15] C:\ProgramData\IsolatedStorage
[17/08/2008|15:30] C:\ProgramData\Lavasoft
[19/08/2008|21:37] C:\ProgramData\Malwarebytes
[15/08/2008|18:21] C:\ProgramData\McAfee
[15/08/2008|17:39] C:\ProgramData\Menu D‚marrer
[20/08/2008|17:32] C:\ProgramData\Messenger Plus!
[15/08/2008|23:31] C:\ProgramData\Microsoft
[15/08/2008|19:34] C:\ProgramData\Microsoft Help
[15/08/2008|17:39] C:\ProgramData\ModŠles
[16/08/2008|09:50] C:\ProgramData\Second Atom Okay Proxy
[17/08/2008|20:08] C:\ProgramData\Sony
[02/11/2006|15:02] C:\ProgramData\Start Menu
[02/11/2006|15:02] C:\ProgramData\Templates
[17/08/2008|11:47] C:\ProgramData\TOSHIBA
[15/08/2008|17:44] C:\ProgramData\ToshibaEurope
[16/04/2008|14:00] C:\ProgramData\Ulead Systems
[16/08/2008|09:46] C:\ProgramData\WLInstaller
--------------------\\ Listing des dossiers dans C:\Program Files
[29/04/2008|16:15] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[16/08/2008|18:38] C:\Program Files\Adobe
[15/08/2008|17:30] C:\Program Files\ATI
[15/08/2008|17:30] C:\Program Files\ATI Technologies
[15/08/2008|18:18] C:\Program Files\BitDefender
[15/08/2008|17:31] C:\Program Files\Camera Assistant Software for Toshiba
[19/08/2008|21:33] C:\Program Files\CamStudio
[17/08/2008|11:47] C:\Program Files\Common Files
[19/08/2008|20:13] C:\Program Files\DebugMode
[21/01/2008|04:43] C:\Program Files\desktop.ini
[20/08/2008|23:14] C:\Program Files\ERUNT
[15/08/2008|17:39] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[19/08/2008|10:54] C:\Program Files\GameSpy Arcade
[17/08/2008|15:21] C:\Program Files\Google
[16/04/2008|14:11] C:\Program Files\IDM
[19/08/2008|10:56] C:\Program Files\InstallShield Installation Information
[15/08/2008|17:29] C:\Program Files\Intel
[21/01/2008|04:35] C:\Program Files\Internet Explorer
[16/04/2008|14:01] C:\Program Files\InterVideo
[15/08/2008|19:30] C:\Program Files\Java
[17/08/2008|15:28] C:\Program Files\Lavasoft
[19/08/2008|21:38] C:\Program Files\Malwarebytes' Anti-Malware
[16/08/2008|11:03] C:\Program Files\MediaCoder
[20/08/2008|12:20] C:\Program Files\Messenger Plus! Live
[02/11/2006|14:37] C:\Program Files\Microsoft Games
[15/08/2008|19:34] C:\Program Files\Microsoft Office
[20/08/2008|00:40] C:\Program Files\Microsoft Silverlight
[15/08/2008|19:34] C:\Program Files\Microsoft Works
[15/08/2008|17:46] C:\Program Files\Motorola
[21/01/2008|04:35] C:\Program Files\Movie Maker
[02/11/2006|14:37] C:\Program Files\MSBuild
[16/04/2008|13:22] C:\Program Files\MSXML 4.0
[19/08/2008|15:08] C:\Program Files\PhotoFiltre
[16/04/2008|13:39] C:\Program Files\Realtek
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[17/08/2008|20:06] C:\Program Files\Sony
[17/08/2008|20:04] C:\Program Files\Sony Setup
[17/08/2008|18:07] C:\Program Files\Sports Interactive
[20/08/2008|13:58] C:\Program Files\Steam
[16/04/2008|13:40] C:\Program Files\Synaptics
[17/08/2008|11:08] C:\Program Files\THQ
[17/08/2008|11:47] C:\Program Files\Toshiba
[15/08/2008|20:14] C:\Program Files\Toshiba TEMPRO
[16/08/2008|15:55] C:\Program Files\Total War
[17/08/2008|20:31] C:\Program Files\Trend Micro
[16/04/2008|13:58] C:\Program Files\Ulead Systems
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[16/08/2008|10:47] C:\Program Files\VideoLAN
[17/08/2008|20:06] C:\Program Files\Vstplugins
[21/01/2008|04:35] C:\Program Files\Windows Calendar
[21/01/2008|04:35] C:\Program Files\Windows Collaboration
[21/01/2008|04:35] C:\Program Files\Windows Defender
[21/01/2008|04:35] C:\Program Files\Windows Journal
[16/08/2008|09:48] C:\Program Files\Windows Live
[15/08/2008|23:07] C:\Program Files\Windows Mail
[16/04/2008|14:00] C:\Program Files\Windows Media Components
[21/01/2008|04:35] C:\Program Files\Windows Media Player
[15/08/2008|17:39] C:\Program Files\Windows NT
[21/01/2008|04:35] C:\Program Files\Windows Photo Gallery
[21/01/2008|04:35] C:\Program Files\Windows Sidebar
[17/08/2008|18:16] C:\Program Files\WinRAR
[17/08/2008|18:11] C:\Program Files\Zero G Registry
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[16/08/2008|18:38] C:\Program Files\Common Files\Adobe
[15/08/2008|19:52] C:\Program Files\Common Files\BitDefender
[16/08/2008|16:01] C:\Program Files\Common Files\InstallShield
[16/04/2008|13:24] C:\Program Files\Common Files\Java
[15/08/2008|21:02] C:\Program Files\Common Files\microsoft shared
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[15/08/2008|23:04] C:\Program Files\Common Files\Steam
[21/01/2008|04:35] C:\Program Files\Common Files\System
[17/08/2008|11:48] C:\Program Files\Common Files\Toshiba Shared
[16/04/2008|14:01] C:\Program Files\Common Files\Ulead Systems
[15/08/2008|20:50] C:\Program Files\Common Files\WindowsLiveInstaller
[19/08/2008|20:07] C:\Program Files\Common Files\Wise Installation Wizard
--------------------\\ Process
( 77 Processus )
iexplore.exe ~ [PID:4328] ~ [Threads:23]
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies\nardini_jean@www.adserver5[1].txt
C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies\nardini_jean@advertising[1].txt
C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies\nardini_jean@adopt.euroclick[1].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-21 11:42:37
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 4
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:72][D:8]-> C:\Users\NARDIN~1\AppData\Local\Temp
[F:398][D:1]-> C:\Users\NARDIN~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:496][D:10]-> C:\Users\NARDIN~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:20][D:1]-> C:\$Recycle.Bin
--------------------\\ Fin du rapport a 11:43:46,62
[ UAC => 1 ]
le rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:04, on 21/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/r [...] &site=home (file missing)
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 8736 bytes
Re,
Toujours pas de pubs ?
Sécurité / Prévention
Répondre à Egwene
non toujours pas ! je te remercie énormément pour ce que tu as fait ! le gros calibre a fait effet
Alors voilà comme je te l'ai dis , sans vouloir trop t'en demander , je voulais savoir si tu pouvais jeter un coup d'oeil à mon autre pc : celui ci rame depuis pas mal de temps , alors j'aimerais faire une vérification si tu peux le faire bien sûr !
si tu es partant , je poste un rapport hickjathis de mon pc dès demain . qu'en dis tu ?
Re,
Bonne nouvelle 
On finit d'abord celui-là
Poste un nouveau rapport HijackThis.
Sécurité / Prévention
Répondre à Egwene
voila le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:16, on 22/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/r [...] &site=home (file missing)
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 8704 bytes
Re,
Prévention :
- Nettoyage des fichiers temporaires :
Télécharge Ccleaner sur ton Bureau.
- Clique sur "download the latest version"
- Installe-le en laissant seulement les options suivantes cochées :
- Ajouter un raccourci sur le Bureau
- Contrôler automatiquement les mises à jour de CCleaner
- Lance le Nettoyage
- Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.
Aide : Comment utiliser CCleaner.
Telecharge ATFcleaner sur ton Bureau.
- Double-clique sur l'exécutable téléchargé.
- Dans l'onglet Main, coche simplement la case Select All (toutes les cases vont se cocher) puis sur le bouton Empty Selected.
- Si tu possèdes Firefox ou Opera comme navigateur, pense à choisir ton navigateur en haut a gauche avant de sélectionner Select All puis Empty Selected.
- Puis réponds Non au message qui s'affiche, si tu ne souhaites pas perdre tes mots de passe.
Aide : Comment utiliser AFTCleaner.
-- Restauration Système :
Désactive-Réactive la restauration système.
Méthode XP :
Clique sur Démarrer, fais un clique droit sur le Poste de travail puis clique sur Propiétés. Sélectionne l'onglet Restauration du Système.
Dans cet onglet, coche la case Désactiver la Restauration du système sur tous les lecteurs.
Un message de confirmation va apparaître. Clique sur Oui, puis OK. Fais redémarrer ton ordinateur pour que les changements soient bien pris en compte.
Pour réactiver la restauration système, il suffit de décocher cette même case et de faire redémarrer ton ordinateur (en ayant suivi les mêmes étapes).
Méthode Vista :
Clique sur Démarrer, fais un clique droit sur Ordinateur, puis clique sur Propriétés. Clique à gauche sur Paramètres système avancés. Sélectionne l'onglet Protection du Système.
Dans cet onglet, décoche (une par une) tes partitions, un message de confirmation va apparaître, clique sur Désactiver la protection du système, Clique sur Appliquer, puis OK.
Fais redémarrer ton ordinateur pour que les changements soient bien pris en compte.
Pour réactiver la restauration système, il suffit de décocher cette même case et de faire redémarrer ton ordinateur (en ayant suivi les mêmes étapes).
Aide : Comment Désactiver-Réactiver la Restauration Système.
--- Affichage normal des fichiers :
Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
- Décoche Afficher les fichiers et dossiers cachés
- Coche Masquer les fichiers protégés du système d'exploitation (recommandé)
clique sur Appliquer, puis OK.
---- Suppression des outils installés :
Télécharge ToolsCleaner2 (de A.Rothstein)
- Installe le sur ton Bureau.
- Clique sur Recherche pour lancer le scan.
- Clique sur Supprimer pour nettoyer les outils utilisés.
- Clique sur Quitter.
- Supprime maintenant ToolsCleaner.
----- Remise en place des protections, protection du système avec les Mises à Jour ! :
Je t'invite maintenant à (ré)activer toutes tes protections résidentes (Antivirus, Antispyware, Firewall..).
Tu dois avoir accès à tes protections dans la zone systray à côté de la barre des tâches. Si tu as des difficultés, n'hésite pas à me questionner !
Si ce n'est pas fait, assure-toi que les Mises à jour Automatiques Windows soient activées !
Mets tes Softwares correctement à jour (Java, Adobe, Flash ..) grâce à Sotware Inspector (chez Secunia)
Un petit mot à propos de Java :
Une fois la nouvelle version téléchargée, installe-la et fais redémarrer ton ordinateur.
Hélas, les anciennes version de Java (qui contiennent des failles, donc dangereuses !) sont toujours présentes !
C'est donc très important que tu désinstalles les anciennes versions de Java.
- Va dans Démarrer, Panneau de Configuration, Ajout/Suppression de Programmes
- Déinstalles toutes les versions de Java exceptée la plus récente.
Aide : Comment utiliser Secunia Software Inspector.
------ Ton infection, tu la dénonces ? :
Tu n'es pas obligé mais ce serait bien que tu rapportes ton infection sur Malware Complaints
- Ton(tes) infection(s) : Lop.com ( Pubs CiD ).
- Si tu ne la trouves pas dans la liste, poste dans Autres infections.
Aide : Comment dénoncer mon infection sur Malware Complaints.
Ajoute maintenant [Résolu] au titre. Pour cela :
* Clique, dans ton premier message, sur le bouton "Editer" 
* Rajoute la mention [Résolu] au titre
* Clique ensuite sur "Valider votre message"
Je t'invite maintenant à regarder ces dossiers très instructifs en terme de prévention !
- Sécurité/Prévention
- Conséquences de la multi-protection
- Toolbars : Inutilité et ralentissements
Bonne journée/soirée
(Merci à XmichouX pour ce message de fin de désinfection)
Une fois tout cela fait, on pourra passer à l'autre PC.
Sécurité / Prévention
Répondre à Egwene
je fais tout cela dès ce soir
Re,
Essaye ça pour java Lance cet outil en faisant un clic droit sur l'exécutable et en choisissant "lancer en tant qu'administrateur".
Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries.
- Décompresse le fichier sur le bureau (clic droit > Extraire tout)
- Double-cliquer sur le répertoire JavaRa.
- Puis double-cliquer sur le fichier JavaRa.exe (le exe peut ne pas s'afficher)
- Clique sur Search For Updates.
- Sélectionner Update Using jucheck.exe puis cliquer sur Search.
- Autorise le processus à se connecter s'il le demande, cliquer sur Install et suivre les instructions d'installation qui prennent quelques minutes.
- L'installation est terminée, revenez à l'écran de JavaRa et clique sur Remove Older Versions.
- Clique sur Oui pour confirmer. Laisse travailler et cliquez ensuite sur Ok, puis une deuxième fois sur Ok.
- Un rapport va s'ouvrir à copier-coller dans la prochaine réponse.
- Fermer l'application
Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log
Sécurité / Prévention
Répondre à Egwene
| Jejedu13 a écrit : toujours la meme erreur lors de l'installation :
|
Je n'ai pas vraiment d'idée là, fais une recherche sur google
Tu peux me poster le HijackThis du deuxième PC.
Sécurité / Prévention
Répondre à Egwene
ok pas de problème , je te le poste demain .
merci à toi
pour java , j'ai trouvé le problème , il venait de mon antivirus bitdefender , qui bloquait l'installation . Je te le dis au cas ou ça pourrait aider quelqu'un d'autre la prochaine fois
Re,
Oki, ça arrive souvent les antivirus qui bloquent certains programmes.
Sécurité / Prévention
Répondre à Egwene
Re,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
- Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
Sécurité / Prévention
Répondre à Egwene
Re,
~Fais une analyse antivirus en ligne sur le site de Kaspersky
http://www.kaspersky.com/kos/eng/p [...] bscan.html
- Clique sur Accept
- Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
- clique une nouvelle fois sur "Accept"
- Les bases de mises à jour vont s'installer, patiente un moment
- Clique sur Next.
- Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
Sécurité / Prévention
Répondre à Egwene
