Webuser Forums: conhook.d removal

I apologize in using the same thread.. but I've had the same problem and followed the same procedure.. unfortunately, I haven't been able to move past the administrative issues. It seems like the spyware has been removed as I'm not getting any more problems with the laptop.. but I cannot fix the administrative issues anymore, and cannot save any files in restrictive directories liek Program Files.

Can you help?

here is my latest hijackthis log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:35:39, on 2008-04-23
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.montrealwebcam.com
O16 - DPF: {597F9140-0DC6-4657-A162-76EC0E7AEE81} (ActiveBroadcast Control) - http://www.meetstream.com/activex/28081/activebroadcast.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
O16 - DPF: {BFD90062-6B5E-4F8F-87B1-5F022C14E32F} (ActiveReceiver Control) - http://www.meetstream.com/activex/28081/activereceiver.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FA30EC32-668B-4B60-B13C-4C84EB90C3C9} (ActiveID Control) - http://www.meetstream.com/activex/28081/activeid.cab
O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ImpotRapide 2007\ic2007pp.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9487 bytes

and this was the last ComboFix log

ComboFix 08-04-22.5 - Marco 2008-04-23 19:05:20.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1220 [GMT -4:00]
Endroit: C:\Users\Marco\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-23 to 2008-04-23 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 20:46 --------- d-----w C:\Program Files\Trend Micro
2008-04-20 19:46 --------- d-----w C:\Users\Marco\AppData\Roaming\mIRC
2008-04-19 19:35 --------- d-----w C:\Users\Marco\AppData\Roaming\LimeWire
2008-04-18 22:00 --------- d-----w C:\Program Files\NeroInstall.bak
2008-04-18 21:59 --------- d-----w C:\Users\Marco\AppData\Roaming\Nero
2008-04-18 21:58 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-18 21:56 --------- d-----w C:\ProgramData\Nero
2008-04-18 21:56 --------- d-----w C:\Program Files\Nero
2008-04-18 21:04 --------- d-----w C:\Program Files\ImpotRapide 2007
2008-04-18 13:02 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-18 04:29 --------- d-----w C:\Users\Martine\AppData\Roaming\ATI
2008-04-18 02:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-18 02:27 --------- d-----w C:\Program Files\WON
2008-04-18 02:19 --------- d-----w C:\ProgramData\Apple Computer
2008-04-18 02:19 --------- d-----w C:\Program Files\QuickTime
2008-04-18 02:18 --------- d-----w C:\ProgramData\Apple
2008-04-18 02:18 --------- d-----w C:\Program Files\Apple Software Update
2008-04-18 01:56 --------- d-----w C:\Users\Marco\AppData\Roaming\Lavasoft
2008-04-18 01:38 --------- d-----w C:\Program Files\Lavasoft RegHance
2008-04-18 01:37 --------- d-----w C:\Program Files\Lavasoft
2008-04-18 01:33 --------- d-----w C:\Program Files\LimeWire
2008-04-18 01:32 --------- d-----w C:\Program Files\mIRC
2008-04-18 01:22 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-18 01:18 --------- d-----w C:\Program Files\Writer's Cafe
2008-04-18 01:14 --------- d-----w C:\Program Files\BlogJet
2008-04-18 01:11 --------- d-----w C:\Program Files\Web Page Maker V2
2008-04-18 01:06 --------- d-----w C:\Users\Marco\AppData\Roaming\Ipswitch
2008-04-18 01:06 --------- d-----w C:\Program Files\Ipswitch
2008-04-18 01:03 --------- d-----w C:\ProgramData\Lavasoft
2008-04-18 01:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-17 21:08 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
2008-04-17 00:32 --------- d-----w C:\Users\Marco\AppData\Roaming\Intuit Canada
2008-04-17 00:31 --------- d-----w C:\Program Files\Common Files\Intuit
2008-04-17 00:31 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2008-04-17 00:30 --------- d-----w C:\ProgramData\Intuit Canada
2008-04-16 23:55 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-16 23:32 --------- d-----w C:\Program Files\Hp
2008-04-16 23:20 --------- d-----w C:\Program Files\Microsoft FrontPage
2008-04-16 23:19 --------- d-----w C:\Users\Marco\AppData\Roaming\Microsoft Web Folders
2008-04-16 22:53 --------- d-----w C:\Program Files\Alwil Software
2008-04-16 21:49 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-16 08:22 --------- d-----w C:\Users\Marco\AppData\Roaming\ATI
2008-04-16 08:20 --------- d-----w C:\ProgramData\Toshiba
2008-04-16 08:20 --------- d-----w C:\Program Files\TOSHIBA
2008-04-16 08:20 --------- d-----w C:\Program Files\Common Files\Toshiba Shared
2008-04-16 08:19 --------- d-----w C:\ProgramData\Roaming
2008-04-16 08:19 --------- d-----w C:\Program Files\ltmoh
2008-04-16 08:18 --------- d-----w C:\ProgramData\Intel
2008-04-16 08:18 --------- d-----w C:\Program Files\Intel
2008-04-16 08:13 --------- d-sh--w C:\ProgramData\Modèles
2008-04-16 08:13 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-04-16 08:13 --------- d-sh--w C:\ProgramData\Favoris
2008-04-16 08:13 --------- d-sh--w C:\ProgramData\Bureau
2008-04-16 08:13 --------- d-sh--w C:\Program Files\Fichiers communs
2008-04-16 02:17 --------- d-----w C:\Users\Marco\AppData\Roaming\TOSHIBA
2008-04-15 22:05 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-15 22:05 --------- d-----w C:\Program Files\Windows Live
2008-04-15 22:00 --------- d-----w C:\ProgramData\WLInstaller
2008-04-15 21:23 174 --sha-w C:\Program Files\desktop.ini
2008-04-15 21:18 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-15 21:18 --------- d-----w C:\Program Files\Windows Mail
2008-04-15 21:18 --------- d-----w C:\Program Files\Windows Calendar
2008-04-15 21:14 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-04-15 21:14 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-04-15 21:14 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-04-15 21:14 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-04-15 21:14 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-04-15 21:14 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-04-15 21:14 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-04-15 21:14 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-04-15 21:14 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2008-04-15 21:13 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-04-15 21:13 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-04-15 21:13 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-04-15 21:13 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-04-15 21:13 299,008 ----a-w C:\Windows\System32\wlansec.dll
2008-04-15 21:13 289,280 ----a-w C:\Windows\System32\wlanmsm.dll
2008-04-15 21:13 2,923,520 ----a-w C:\Windows\explorer.exe
2008-04-15 21:13 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-04-15 21:13 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-04-15 21:10 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-04-15 21:10 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-04-15 21:09 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-04-15 21:09 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-04-15 21:09 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-04-15 21:09 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-04-15 21:09 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-04-15 21:08 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-04-15 21:08 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-04-15 21:08 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-04-15 21:08 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-04-15 21:08 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-04-15 21:08 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-04-15 21:08 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-04-15 21:08 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-04-15 21:08 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-04-15 21:07 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-04-15 21:07 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-04-15 21:07 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-04-15 21:07 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
.

((((((((((((((((((((((((((((( snapshot_2008-04-23_17.56.05,69 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-23 21:49:55 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-23 23:03:11 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-04-23 21:48:24 828,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-04-23 23:01:54 828,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-04-23 21:49:59 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-04-23 23:03:14 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-04-23 21:49:59 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-04-23 23:03:14 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-04-23 21:51:16 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-23 22:59:11 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-23 21:51:59 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-23 23:05:18 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-23 23:05:18 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-04-23 21:53:01 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-23 22:59:11 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-23 21:51:54 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-23 23:05:13 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-04-23 21:50:59 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-23 22:03:38 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-23 21:50:59 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-23 22:03:38 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-23 21:50:59 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-23 22:03:38 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-23 21:48:03 103,924 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-23 22:09:30 103,924 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-23 21:48:03 117,572 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-04-23 22:09:30 117,572 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-04-23 21:48:03 610,142 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-23 22:09:30 610,142 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-23 21:48:03 690,832 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-04-23 22:09:30 690,832 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-04-23 21:52:18 5,392 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-754959004-2149648827-1362092406-1000_UserData.bin
+ 2008-04-23 23:05:43 5,870 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-754959004-2149648827-1362092406-1000_UserData.bin
- 2008-04-23 21:52:18 61,170 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-23 23:05:42 61,514 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-23 21:52:17 45,036 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-23 23:05:38 45,140 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-15 16:58 1232896]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 13:01 413696]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-29 11:31 1006264]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-06-06 11:02 77824]
"NDSTray.exe"="NDSTray.exe" []
"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 17:14 34352]
"HWSetup"="\HWSetup.exe" [ ]
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 21:42 438272]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 01:11 4489216 C:\Windows\RtHDVCpl.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 16:40 413696]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 10:39 411192]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 16:49 55416]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-05-23 15:57 509496]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 16:32 538744]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-27 06:32 898344]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2007-01-08 22:23 191552]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 06:00 204800]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 14:37 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2007-01-08 22:23 191552]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DCBF09EE-3ECA-4007-B375-AD5B6B73C518}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{F2E28BA2-68BB-4465-897D-E11AAE9EE358}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{2DB43B3C-B906-4BA4-8400-32A62C22EE2A}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{CE32C3DE-D16E-4516-957F-5797507BD92E}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{01F94962-334D-4E5A-B59A-046ED3266C50}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{25319E49-BB9E-48A4-9ABE-83158887C115}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{0330E9EF-7DBC-4677-9F4A-1277F9502024}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"UDP Query User{DDA1309A-5526-492D-986D-401CD568EF4F}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"TCP Query User{5B5F79AB-AE8A-48B9-A429-9777A4D3103F}C:\\program files\\web page maker v2\\webpagemaker.exe"= UDP:C:\program files\web page maker v2\webpagemaker.exe:WebPageMaker
"UDP Query User{5A3007EC-B2F6-4632-952A-CF3463296DD3}C:\\program files\\web page maker v2\\webpagemaker.exe"= TCP:C:\program files\web page maker v2\webpagemaker.exe:WebPageMaker

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 LPCFilter;LPC Lower Filter Driver;C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 16:25]
R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-04-27 20:13]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 14:31]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 14:32]
R2 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-05-17 20:12]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-21 05:36]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 11:50]
R3 UVCFTR;UVCFTR;C:\Windows\system32\Drivers\UVCFTR_S.SYS [2007-04-16 10:19]

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 19:07:54
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????R?C?b??? ??? ?? ???0???P?

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-23 19:08:43
ComboFix-quarantined-files.txt 2008-04-23 23:08:34
ComboFix2.txt 2008-04-23 21:56:27
ComboFix3.txt 2008-04-23 21:38:28

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

236 --- E O F --- 2008-04-22 20:31:22

Edited by Hello_There (Thu Apr 24 2008 06:09 AM)

Post Extras