Raiden
-
Compteur de contenus
8 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par Raiden
-
[RESOLU] Antivirus XP 2008, une fois de plus.
Raiden a répondu à un(e) sujet de Raiden dans Analyses et éradication malwares
Merci beaucoup pour tous ces liens et l'aide apportée pour exterminer ce virus. Je vais aller voir tout ça et si j'ai besoin d'aide, je n'hésiterais pas. Je vais de ce pas éditer le titre du sujet. Une nouvelle fois, merci. -
[RESOLU] Antivirus XP 2008, une fois de plus.
Raiden a répondu à un(e) sujet de Raiden dans Analyses et éradication malwares
Hmm, il me semblait l'avoir désinstaller mais je viens de trouver des dossiers Norton (et Symantec), effectivement. Je l'avais simplement mis de côté dès l'acquisition de mon ordinateur. Il s'agit en fait d'un sous-dossier dans mon dossier Adobe, je n'pense pas qu'il soit à sa place d'ailleurs. J'imagine que je dois supprimer toutes traces de Norton, donc ? -
[RESOLU] Antivirus XP 2008, une fois de plus.
Raiden a répondu à un(e) sujet de Raiden dans Analyses et éradication malwares
Hmm, d'accord. Je viens donc de les supprimer, plus rien de suspect ! -
[RESOLU] Antivirus XP 2008, une fois de plus.
Raiden a répondu à un(e) sujet de Raiden dans Analyses et éradication malwares
Le virus a l'air totalement inactif, je n'ai plus aucun messages de fausses infections, ni celui qui me dit d'acheter le faux antivirus, wallpaper redevenu normal également. Cependant, je constate toujours la présence d'un dossier Antivirus XP 2008 dans le menu des "Tous les programmes" de démarrer, ce qui veut sans doute dire qu'il est toujours sur mon ordinateur, bien qu'il soit inactif (pour le moment?). -
[RESOLU] Antivirus XP 2008, une fois de plus.
Raiden a répondu à un(e) sujet de Raiden dans Analyses et éradication malwares
Et voici le second. ___________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:59:15, on 13/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\TODDSrv.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\WINDOWS\system32\ZoomingHook.exe C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\LVComS.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Alex\Mes documents\Dl de FireFox\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://http//www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: LUMIX Simple Viewer.lnk = ? O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing) O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing) O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -
[RESOLU] Antivirus XP 2008, une fois de plus.
Raiden a répondu à un(e) sujet de Raiden dans Analyses et éradication malwares
Voici le rapport de MBAM. Je poste celui de HijackThis une fois le reboot effectué. _____________________ Malwarebytes' Anti-Malware 1.24 Version de la base de données: 1045 Windows 5.1.2600 Service Pack 2 18:47:57 13/08/2008 mbam-log-8-13-2008 (18-47-57).txt Type de recherche: Examen rapide Eléments examinés: 47473 Temps écoulé: 8 minute(s), 22 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 4 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\contexttool (Adware.PlayaZ) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\xrt_patch (Backdoor.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Program Files\contexttool (Adware.PlayaZ) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Program Files\contexttool\ContextHelper.dat (Adware.PlayaZ) -> Quarantined and deleted successfully. C:\Program Files\contexttool\pcre3.dll (Adware.PlayaZ) -> Quarantined and deleted successfully. C:\Program Files\contexttool\uninstall.exe (Adware.PlayaZ) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winlogon.old (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. -
[RESOLU] Antivirus XP 2008, une fois de plus.
Raiden a répondu à un(e) sujet de Raiden dans Analyses et éradication malwares
Etape enfin finie. Je vous poste donc les rapports d'analyse. En espérant avoir bien compris. __________________________ SDFix: Version 1.215 Run by Alex on 13/08/2008 at 15:44 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Restoring Default Desktop Wallpaper Restoring Default ScreenSaver value Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\lphc9g1j0e9ae.exe - Deleted C:\WINDOWS\system32\pphc9g1j0e9ae.exe - Deleted C:\Program Files\rhccg1j0e9ae\database.dat - Deleted C:\Program Files\rhccg1j0e9ae\license.txt - Deleted C:\Program Files\rhccg1j0e9ae\MFC71.dll - Deleted C:\Program Files\rhccg1j0e9ae\MFC71ENU.DLL - Deleted C:\Program Files\rhccg1j0e9ae\msvcp71.dll - Deleted C:\Program Files\rhccg1j0e9ae\msvcr71.dll - Deleted C:\Program Files\rhccg1j0e9ae\rhccg1j0e9ae.exe - Deleted C:\Program Files\rhccg1j0e9ae\rhccg1j0e9ae.exe.local - Deleted C:\Program Files\rhccg1j0e9ae\Uninstall.exe - Deleted C:\WINDOWS\SYSTEM32\PPHC9G~1.EXE - Deleted C:\WINDOWS\SYSTEM32\PHC9G1~1.BMP - Deleted C:\WINDOWS\system32\blphc9g1j0e9ae.scr - Deleted C:\Documents and Settings\Alex\xrt_hbal.exe - Deleted C:\DOCUME~1\Alex\LOCALS~1\Temp\.tt1.tmp - Deleted C:\DOCUME~1\Alex\LOCALS~1\Temp\.tt16.tmp - Deleted C:\DOCUME~1\Alex\LOCALS~1\Temp\.tt19.tmp - Deleted C:\DOCUME~1\Alex\LOCALS~1\Temp\.tt1A.tmp - Deleted C:\DOCUME~1\Alex\LOCALS~1\Temp\.tt1B.tmp - Deleted C:\DOCUME~1\Alex\LOCALS~1\Temp\.tt1C.tmp - Deleted C:\DOCUME~1\Alex\LOCALS~1\Temp\.tt1E.tmp - Deleted C:\DOCUME~1\Alex\LOCALS~1\Temp\.tt2.tmp - Deleted C:\DOCUME~1\Alex\LOCALS~1\Temp\.tt2C.tmp - Deleted C:\DOCUME~1\Alex\LOCALS~1\Temp\.tt3.tmp - Deleted C:\DOCUME~1\Alex\LOCALS~1\Temp\.tt4.tmp - Deleted C:\DOCUME~1\Alex\LOCALS~1\Temp\.tt5.tmp - Deleted C:\DOCUME~1\Alex\LOCALS~1\Temp\.tt6.tmp - Deleted C:\DOCUME~1\Alex\LOCALS~1\Temp\.tt6F.tmp - Deleted C:\DOCUME~1\Alex\LOCALS~1\Temp\.tt7.tmp - Deleted C:\DOCUME~1\Alex\LOCALS~1\Temp\.tt9.tmp - Deleted C:\DOCUME~1\Alex\LOCALS~1\Temp\.ttA.tmp - Deleted C:\DOCUME~1\Alex\LOCALS~1\Temp\.ttF.tmp - Deleted C:\DOCUME~1\Alex\LOCALS~1\Temp\tmpA.tmp - Deleted C:\DOCUME~1\Alex\LOCALS~1\Temp\tmpB.tmp - Deleted C:\DOCUME~1\Alex\LOCALS~1\Temp\tmp31.tmp - Deleted C:\DOCUME~1\Alex\LOCALS~1\Temp\tmp32.tmp - Deleted C:\DOCUME~1\Alex\LOCALS~1\Temp\tmpA.tmp - Deleted C:\DOCUME~1\Alex\LOCALS~1\Temp\tmpB.tmp - Deleted C:\Documents and Settings\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk - Deleted C:\WINDOWS\system32\drivers\svchost.exe - Deleted Folder C:\Program Files\rhccg1j0e9ae - Removed Folder C:\Documents and Settings\Alex\Application Data\rhccg1j0e9ae - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-13 16:01:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer" "C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer" "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver" "C:\\WINDOWS\\system32\\drivers\\svchost.exe"="C:\\WINDOWS\\system32\\drivers\\svchost.exe:*:Disabled:svchost" "C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Windows Explorer" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Sun 7 Jan 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Wed 14 May 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP380\A0087210.sys" Thu 15 May 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP381\A0087313.sys" Fri 16 May 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP382\A0087370.sys" Sat 17 May 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP383\A0087416.sys" Sun 18 May 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP384\A0087460.sys" Sun 18 May 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP384\A0087584.sys" Sun 18 May 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP384\A0087630.sys" Mon 19 May 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP385\A0087707.sys" Tue 20 May 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP385\A0087750.sys" Wed 21 May 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP387\A0088099.sys" Wed 21 May 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP387\A0088118.sys" Thu 22 May 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP388\A0088208.sys" Fri 23 May 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP389\A0088235.sys" Sat 24 May 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP390\A0088326.sys" Sun 25 May 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP390\A0088377.sys" Mon 26 May 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP391\A0088464.sys" Tue 27 May 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP392\A0088492.sys" Wed 28 May 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP393\A0088532.sys" Thu 29 May 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP394\A0088557.sys" Thu 29 May 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP394\A0088586.sys" Fri 30 May 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP395\A0088661.sys" Sat 31 May 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP396\A0088762.sys" Sun 1 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP396\A0088834.sys" Mon 2 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP398\A0088925.sys" Tue 3 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP398\A0088969.sys" Wed 4 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP399\A0089020.sys" Thu 5 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP399\A0089046.sys" Fri 6 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP400\A0089118.sys" Sat 7 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP400\A0089175.sys" Sat 7 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP400\A0089214.sys" Sun 8 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP401\A0089300.sys" Mon 9 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP402\A0089359.sys" Tue 10 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP403\A0089426.sys" Wed 11 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP403\A0089469.sys" Thu 12 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP405\A0089613.sys" Fri 13 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP405\A0089642.sys" Sat 14 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP406\A0089692.sys" Sat 14 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP406\A0089716.sys" Sun 15 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP407\A0089812.sys" Mon 16 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP407\A0089878.sys" Tue 17 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP408\A0089975.sys" Wed 18 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP408\A0090025.sys" Thu 19 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP409\A0090103.sys" Fri 20 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP410\A0090180.sys" Sat 21 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP411\A0090205.sys" Sat 21 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP411\A0090238.sys" Sat 21 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP411\A0090264.sys" Sun 22 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP413\A0090342.sys" Sun 22 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP413\A0090385.sys" Sun 22 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP413\A0090413.sys" Mon 23 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP414\A0090506.sys" Tue 24 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP414\A0090567.sys" Wed 25 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP414\A0090595.sys" Wed 25 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP415\A0090666.sys" Thu 26 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP416\A0090700.sys" Thu 26 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP416\A0090764.sys" Fri 27 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP417\A0091763.sys" Fri 27 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP417\A0092762.sys" Sat 28 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP417\A0092808.sys" Sun 29 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP418\A0093807.sys" Mon 30 Jun 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP419\A0093916.sys" Tue 1 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP419\A0093951.sys" Wed 2 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP420\A0094055.sys" Thu 3 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP421\A0094137.sys" Fri 4 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP422\A0094173.sys" Sat 5 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP422\A0094216.sys" Sun 6 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP422\A0094309.sys" Mon 7 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP422\A0094349.sys" Tue 8 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP423\A0094415.sys" Wed 9 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP424\A0094464.sys" Wed 9 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP424\A0095461.sys" Thu 10 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP425\A0095539.sys" Fri 11 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP425\A0095610.sys" Sat 12 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP426\A0095698.sys" Sun 13 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP427\A0095742.sys" Mon 14 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP427\A0095774.sys" Tue 15 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP427\A0095793.sys" Tue 15 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP428\A0095832.sys" Tue 15 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP428\A0095879.sys" Wed 16 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP429\A0095941.sys" Wed 16 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP429\A0096026.sys" Thu 17 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP429\A0096077.sys" Fri 18 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP430\A0096138.sys" Sat 19 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP431\A0096211.sys" Sun 20 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP432\A0096273.sys" Mon 21 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP432\A0096356.sys" Tue 22 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP432\A0096496.sys" Wed 23 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP433\A0096562.sys" Thu 24 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP434\A0096641.sys" Fri 25 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP435\A0096731.sys" Sat 26 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP436\A0096819.sys" Sun 27 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP436\A0096861.sys" Mon 28 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP436\A0096920.sys" Tue 29 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP437\A0097917.sys" Wed 30 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP438\A0097982.sys" Wed 30 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP440\A0098025.sys" Thu 31 Jul 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP443\A0099027.sys" Fri 1 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP443\A0099039.sys" Fri 1 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP444\A0099130.sys" Sat 2 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP444\A0099153.sys" Sun 3 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP445\A0099256.sys" Mon 4 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP446\A0099353.sys" Tue 5 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP446\A0099375.sys" Tue 5 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP446\A0099434.sys" Wed 6 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP447\A0099531.sys" Thu 7 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP448\A0099597.sys" Fri 8 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP449\A0099668.sys" Sat 9 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP450\A0099728.sys" Sun 10 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP450\A0099783.sys" Mon 11 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP451\A0099831.sys" Tue 12 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP452\A0099932.sys" Tue 12 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP452\A0099951.sys" Wed 13 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP452\A0099973.sys" Wed 13 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP453\A0100125.sys" Wed 13 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP453\A0100140.sys" Wed 13 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP453\A0100146.sys" Wed 13 Aug 2008 72 A..H. --- "C:\System Volume Information\_restore{FC4A8A4B-3B07-473D-A1E6-91A5CF5F2B02}\RP453\A0100177.sys" Thu 29 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Wed 13 Aug 2008 72 A..H. --- "C:\Program Files\Common Files\X10\Common\x10prod.sys" Tue 3 Oct 2006 50,280 ...H. --- "C:\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe" Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT3.tmp" Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\71fa8e4b1f1c72b0e3a5d30a0a049f55\BIT1.tmp" Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\afa5528a2269b5106016bdbc1ea3037f\BIT2.tmp" Finished! __________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:24:31, on 13/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\TODDSrv.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\WINDOWS\system32\ZoomingHook.exe C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\LVComS.exe C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\livecall.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Alex\Mes documents\Dl de FireFox\HiJackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://http//www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdskg.exe] C:\WINDOWS\SYSTEM32\kdskg.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: LUMIX Simple Viewer.lnk = ? O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing) O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing) O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -
[RESOLU] Antivirus XP 2008, une fois de plus.
Raiden a posté un sujet dans Analyses et éradication malwares
Bonsoir à tous =) J'ai lu attentivement de nombreux sujets en cherchant une solution pour me débarrasser de ce satané virus (Antivirus XP 2008), sans succès. Du moins, j'ai remarqué qu'il fallait à chaque fois donner des résultats de rapports effectués grâce à divers programmes. Ceux-ci variant pour chaque PC, je ne peux pas m'inspirer des cas déjà traités. N'étant pas une pro dans ce domaine, j'avoue ne pas savoir comment déchiffrer tout ceci, c'est pourquoi j'en viens à demander un peu d'aide. Je ne sais pas trop comment j'ai réussi à l'avoir, peut-être via des torrents mais je n'en ai pas utilisé depuis un moment et le virus n'est apparu que tard dans la soirée d'hier. J'ai aussi fait l'erreur d'avoir fait confiance à Avast!, chose que je ne referais plus. Merci d'avance de l'attention que vous porterez à mon problème. J'ai fais le premier rapport comme ça avait pu être indiqué dans les autres topics. Le voici. ____________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:59:43, on 13/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\TODDSrv.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\WINDOWS\system32\ZoomingHook.exe C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\lphc9g1j0e9ae.exe C:\Program Files\rhccg1j0e9ae\rhccg1j0e9ae.exe C:\WINDOWS\system32\LVComS.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\drivers\svchost.exe C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\WINDOWS\system32\pphc9g1j0e9ae.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN Messenger\livecall.exe C:\Documents and Settings\Alex\Mes documents\Dl de FireFox\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://http//www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [lphc9g1j0e9ae] C:\WINDOWS\system32\lphc9g1j0e9ae.exe O4 - HKLM\..\Run: [sMrhccg1j0e9ae] C:\Program Files\rhccg1j0e9ae\rhccg1j0e9ae.exe O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdskg.exe] C:\WINDOWS\SYSTEM32\kdskg.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [sVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: LUMIX Simple Viewer.lnk = ? O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Service de configuration Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing) O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing) O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe