Aller au contenu

Westzup

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    29

  • Inscription

  • Dernière visite

À propos de Westzup

  • Date de naissance 03/02/1990

Profile Information

  • Sexe
    Male
  • Localisation
    Canada

Autres informations

  • Mes langues
    Francais

Westzup's Achievements

Member

Member (4/12)

0

Réputation sur la communauté

  1. Westzup

    probleme de Lecteur/Graveur

    Westzup a répondu à un(e) sujet de Westzup dans Hardware

    Ouai mais le probleme c'est que jai deja essayer d'ouvrir mon laptop pendant au moin 2h et je n'est pas reussi Mais si il na plus rien a faire est ce que l'achat d'un Graveur dvd externe fera l'affaire ?
  2. Westzup

    probleme de Lecteur/Graveur

    Westzup a répondu à un(e) sujet de Westzup dans Hardware

    Pour faire plus simple croyer vous que si j'achete un graveur externe come celui-ci http://www.bestbuy.ca/catalog/proddetail.a...p;test_cookie=1 je vais pouvoir de nouveau graver et écouter des films sur mon laptop ?
  3. Westzup

    probleme de Lecteur/Graveur

    Westzup a répondu à un(e) sujet de Westzup dans Hardware

    Voila jai fais démarrer> Exécuter... tape .. diskmgmt.msc , et ceci apparait je doit faire quoi maintenant ?
  4. Westzup

    probleme de Lecteur/Graveur

    Westzup a répondu à un(e) sujet de Westzup dans Hardware

    Oui j'ai fais la manip de Angelique et j'ai afficher le resultat dans mon dernier message . Voici le seul truc qui possede un ?et! dans le gestionnaire des périphérique.
  5. Westzup

    probleme de Lecteur/Graveur

    Westzup a répondu à un(e) sujet de Westzup dans Hardware

    Voila ce que jai eu pendant l'installation .
  6. Westzup

    probleme de Lecteur/Graveur

    Westzup a répondu à un(e) sujet de Westzup dans Hardware

    Voila jai fais ce que tu m'as demandé et bizarement l'icone D: est apparu une dizaine de secondes au redémarrage de mon laptop et a disparu de nouveau . edit: je n'avait pas vu ton dernier message je post un nouveau message apres avoir fini .
  7. Westzup

    probleme de Lecteur/Graveur

    Westzup a répondu à un(e) sujet de Westzup dans Hardware

    Est ce que quand je fais ''installler'' quelque chose est supposé apparaitre ? comme l'installation d'un logiciel
  8. Westzup
    Bonjour , je reviens sur ce forum car jai encore un probleme , mais cette fois-ci ce n'est pas un virus . Le probleme viens de mon Lecteur/Graveur il ne lis et grave plus les cd et dvd , meme que le D: qui est normalment dans ''Poste de travail'' a disparu aussi . Le plus étrange dans tout ca est que jai écouté un cd audio hier avant les problemes . Voila j'espere que quelqun pourra m'aider avec mon probleme Merci .
  9. Westzup
    Ok , je vais voir ca merci encore .
  10. Westzup
    Voila jai fais ce que tu a dit a la lettre et puis cela a marcher a la perfection ! je te remerci BEAUCOUP c'est vraiment bien d'aider les gens en plus gratuitement merci encore J'ai une autre question , Parfoit mon laptop ce ferme tout seul quand il fait trop chaud , alors je suis obliger de mettre un ventilateur a coté est ce que je doit l'ouvrir et nettoyer la poussiere ? ou il y a une autre solution ?
  11. Westzup
    Et voici le nouveau rapport de HiJackThis . Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 04:53:58, on 2009-07-13 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UTSCSI.EXE C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\ZoomingHook.exe C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe C:\WINDOWS\system32\TPSMain.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\TPSBattM.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Program Files\Ares\Ares.exe C:\Documents and Settings\guillaume\Bureau\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.shoptoshiba.ca/welcome R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://rapstarsgx.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://pse-esd.ainc-inac.gc.ca/nstp2/Repor...tivexviewer.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Système d'événements de COM+_Untrusted_BZ (EventSystem_Untrusted_BZ) - Unknown owner - C:\Virtual\Untrusted\C_\WINDOWS\system32\svchost.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe (file missing) O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: USBest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE -- End of file - 8296 bytes
  12. Westzup
    Ok d'accord voici le rapport de kaspersky . -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Monday, July 13, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Monday, July 13, 2009 07:35:31 Records in database: 2464837 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Files scanned: 70670 Threat name: 7 Infected objects: 10 Suspicious objects: 0 Duration of the scan: 02:42:21 File name / Threat name / Threats count C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACmpulkxejbakftivrt.sys.vir Infected: Rootkit.Win32.Agent.mih 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\sopidkc.exe.vir Infected: Trojan.Win32.Koblu.aaz 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\tpsaxyd.exe.vir Infected: Trojan-Downloader.Win32.DlfBfkg.jt 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACdgrcwdmfrsujmlysd.dll.vir Infected: Trojan.Win32.TDSS.aekg 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACqltpqlxbwqgifmyde.dll.vir Infected: Packed.Win32.Tdss.m 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACsmmrwkoibifdfgxtp.dll.vir Infected: Trojan.Win32.TDSS.adzz 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACxrudffpvvbormnxoc.dll.vir Infected: Packed.Win32.Tdss.m 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\wiawow32.sys.vir Infected: Trojan.Win32.VBimay.fw 1 C:\System Volume Information\_restore{3C65DFA9-AEF0-4FD8-9C57-7C4F8C2DAB52}\RP755\A0209231.exe Infected: Trojan.Win32.Koblu.aaz 1 C:\System Volume Information\_restore{3C65DFA9-AEF0-4FD8-9C57-7C4F8C2DAB52}\RP755\A0209234.exe Infected: Trojan-Downloader.Win32.DlfBfkg.jt 1 The selected area was scanned.
  13. Westzup
    Voici le nouveau rapport de Combofix ComboFix 09-07-12.03 - guillaume 2009-07-13 1:01.2.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.2.1036.18.502.153 [GMT -5:00] Running from: c:\documents and settings\guillaume\Bureau\123456.exe Command switches used :: c:\documents and settings\guillaume\Bureau\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: "c:\windows\fonts\services.exe" "c:\windows\msb.exe" "c:\windows\system32\flashd32.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\fonts\services.exe c:\windows\msb.exe c:\windows\system32\flashd32.dll . ((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 ))))))))))))))))))))))))))))))) . 2009-07-12 09:30 . 2009-07-12 09:30 -------- d-----w- C:\Lop SD 2009-07-12 05:35 . 2009-07-12 05:35 -------- d-sh--w- c:\documents and settings\guillaume\IECompatCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-13 04:22 . 2008-06-05 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-07-12 08:12 . 2008-10-09 15:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-12 08:01 . 2008-07-08 18:17 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard 2009-07-12 08:01 . 2007-12-02 10:02 -------- d-----w- c:\program files\Lavasoft 2009-07-12 06:14 . 2009-07-12 05:22 4 ---h--w- c:\windows\Fonts\mlog 2009-07-12 05:05 . 2007-12-02 09:32 -------- d-----w- c:\documents and settings\guillaume\Application Data\uTorrent 2009-07-11 08:50 . 2008-09-10 23:42 -------- d-----w- c:\documents and settings\guillaume\Application Data\gtk-2.0 2009-06-25 18:43 . 2008-06-05 16:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-06-25 18:43 . 2008-06-05 16:57 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-06-25 18:43 . 2007-12-02 10:27 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-12 23:23 . 2009-06-10 06:33 -------- d-----w- c:\program files\Fichiers communs\DVDVideoSoft 2009-06-11 23:04 . 2009-05-28 04:11 -------- d-----w- c:\documents and settings\guillaume\Application Data\Research In Motion 2009-06-11 22:56 . 2009-05-28 04:12 256 ----a-w- c:\windows\system32\pool.bin 2009-06-10 07:17 . 2009-05-28 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com 2009-06-10 06:28 . 2005-04-19 18:57 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-14 21:17 . 2008-06-05 16:57 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-05-13 05:04 . 2005-04-19 19:12 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-07 15:33 . 2005-04-19 19:12 348672 ----a-w- c:\windows\system32\localspl.dll 2009-05-01 05:27 . 2009-01-14 14:37 2967799 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-04-19 22:22 . 2005-04-19 19:13 77236 ----a-w- c:\windows\system32\perfc00C.dat 2009-04-19 22:22 . 2005-04-19 19:13 474554 ----a-w- c:\windows\system32\perfh00C.dat 2009-04-19 19:50 . 2005-04-19 19:12 1847296 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:53 . 2005-04-19 19:12 585216 ----a-w- c:\windows\system32\rpcrt4.dll . ((((((((((((((((((((((((((((( SnapShot@2009-07-13_05.26.31 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-13 06:11 . 2009-07-13 06:11 16384 c:\windows\Temp\Perflib_Perfdata_7f8.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-03-02 65536] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 3587120] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-23 339968] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976] "SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-25 65536] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-30 192512] "TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-30 53248] "CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-01-22 675840] "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 1077327] "HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-23 28672] "TOSHIBA Accessibility"="c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe" [2004-12-08 24576] "Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2004-11-12 73728] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-12-06 184320] "SmoothView"="c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2004-11-15 118784] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-04-09 98304] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-25 1948440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "NDSTray.exe"="NDSTray.exe" [bU] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2004-12-06 88363] "Zooming"="ZoomingHook.exe" - c:\windows\system32\ZoomingHook.exe [2004-07-14 24576] "TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-01-21 266240] "TCtryIOHook"="TCtrlIOHook.exe" - c:\windows\system32\TCtrlIOHook.exe [2005-02-16 28672] "TFncKy"="TFncKy.exe" [bU] "CFSServ.exe"="CFSServ.exe" [bU] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-06-25 18:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Ares\\Ares.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "%windir%\\system32\\drivers\\svchost.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-06-05 327688] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-06-05 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-06 906520] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-06 298776] S3 EventSystem_Untrusted_BZ;Système d'événements de COM+_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe -k netsvcs --> c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe [?] S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" --> c:\program files\ma-config.com\maconfservice.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2005-09-13 c:\windows\Tasks\Rappel d'enregistrement 1.job - c:\windows\system32\OOBE\oobebaln.exe [2005-04-19 02:34] 2005-09-13 c:\windows\Tasks\Rappel d'enregistrement 2.job - c:\windows\system32\OOBE\oobebaln.exe [2005-04-19 02:34] 2005-09-13 c:\windows\Tasks\Rappel d'enregistrement 3.job - c:\windows\system32\OOBE\oobebaln.exe [2005-04-19 02:34] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = hxxp://www.shoptoshiba.ca/welcome IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: myspace.com\www DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab FF - ProfilePath - c:\documents and settings\guillaume\Application Data\Mozilla\Firefox\Profiles\x13y1clk.default\ FF - prefs.js: browser.startup.homepage - http:myspace.com/dynxx FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-13 01:13 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\CurrentControlSet] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ [HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\LocalSystem] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,90,f4,2b,87,a7, 60,4d,47,2e,e8,e1,00,eb,16,2b,de,52,ac,78,cd,dd,3d,5a,f8,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,dc,b5,94,0b,0a, 2f,bd,70,46,47,15,b0,92,4b,c7,ef,ec,19,78,89,64,49,cd,f1,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,e0,eb,6f,50,f8, df,4d,5f,7a,45,05,fd,91,e8,6f,31,5b,4b,75,9e,f4,ef,d9,71,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,c0,64,6a,6c,c8, 65,23,2c,6b,65,49,6a,7e,99,74,f7,a8,da,78,1e,a0,9e,f6,36,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,c6,98,1b,41,6d, eb,4d,79,e9,02,6c,fa,fb,1d,47,57,46,07,6a,c3,b8,68,99,ae,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,99,10,0e,45,31, c6,ea,b8,50,93,e5,ab,ec,6a,4e,ab,70,33,76,de,ae,6d,30,ab,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,7c,cf,ce,21,e7, 72,18,59,97,20,4e,9a,c7,f1,35,ee,bb,6e,35,27,4c,4b,9e,19,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,33,2e,e0,ce,d1, ed,25,be,aa,52,c6,00,84,3c,26,64,2c,e9,dc,14,f8,37,f3,ea,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,d5,28,ff,36,26, c4,6f,ae,b2,46,9a,e2,1b,fe,1b,94,d8,df,2a,82,ee,ee,ca,06,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,d7,c0,4b,0e,0b, 12,be,4b,37,a4,aa,c3,a6,15,56,0a,50,40,37,7c,5f,df,ed,a9,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,e2,56,18,e0,0a, 78,0f,f8,f8,31,0f,a9,5f,a0,ec,fb,ae,50,43,0f,ae,a8,57,70,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,17,2c,12,e0,ef, 29,69,bf,05,73,21,dd,54,d8,4a,c5,16,2d,7a,d0,a8,91,74,54,6c,43,2d,1e,aa,22,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(564) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(4024) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\TPwrCfg.DLL c:\windows\system32\TPwrReg.dll c:\windows\system32\TPSTrace.DLL c:\windows\system32\eappprxy.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Toshiba\ConfigFree\CFSvcs.exe c:\windows\system32\DVDRAMSV.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\UTSCSI.EXE c:\program files\AVG\AVG8\avgcsrvx.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\Apoint2K\ApntEx.exe c:\windows\system32\TPSBattM.exe . ************************************************************************** . Completion time: 2009-07-13 1:21 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-13 06:21 ComboFix2.txt 2009-07-13 05:34 Pre-Run: 43 461 451 776 octets libres Post-Run: 43 447 132 160 octets libres 252 --- E O F --- 2009-06-11 22:50
  14. Westzup
    Voila le rapport de combofix ComboFix 09-07-12.03 - guillaume 2009-07-13 0:08.1.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.2.1036.18.502.199 [GMT -5:00] Running from: c:\documents and settings\guillaume\Bureau\123456.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ADS - system32: deleted 0 bytes in 1 streams. ADS - WINDOWS: deleted 0 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\guillaume\Local Settings\Temporary Internet Files\fbk.sts c:\recycler\S-1-5-21-1275210071-884357618-725345543-1003 c:\recycler\S-1-5-21-2387214342-4241202629-2210294573-1003 c:\recycler\S-1-5-21-2853906509-1115524753-1472958294-1003 c:\recycler\S-1-5-21-3213045905-957709740-1519076581-1005 c:\windows\Install.txt c:\windows\Installer\ced6a.msi c:\windows\msa.exe c:\windows\system32\404Fix.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\certstore.dat c:\windows\system32\comsa32.sys c:\windows\system32\drivers\UACmpulkxejbakftivrt.sys c:\windows\system32\dumphive.exe c:\windows\system32\FInstall.sys c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\Install.txt c:\windows\system32\msaag.exe c:\windows\system32\mscerr.exe c:\windows\system32\mscffmpo.exe c:\windows\system32\mscggc.exe c:\windows\system32\mscggx.exe c:\windows\system32\mscguv.exe c:\windows\system32\mschj.exe c:\windows\system32\mscirco.exe c:\windows\system32\mscjiujy.exe c:\windows\system32\msclcr.exe c:\windows\system32\mscmdm.exe c:\windows\system32\mscmir.exe c:\windows\system32\mscmz.exe c:\windows\system32\mscpf.exe c:\windows\system32\msctonlg.exe c:\windows\system32\mscudbx.exe c:\windows\system32\mscxoj.exe c:\windows\system32\mscxwtc.exe c:\windows\system32\msdao.exe c:\windows\system32\msdberkp.exe c:\windows\system32\msdegtm.exe c:\windows\system32\msdfdj.exe c:\windows\system32\msdinr.exe c:\windows\system32\msdjg.exe c:\windows\system32\msdjjixh.exe c:\windows\system32\msdkv.exe c:\windows\system32\msdljkpz.exe c:\windows\system32\msdlmkrt.exe c:\windows\system32\msdmbd.exe c:\windows\system32\msdopzqs.exe c:\windows\system32\msdqqwg.exe c:\windows\system32\msdui.exe c:\windows\system32\msduutel.exe c:\windows\system32\msdvnsd.exe c:\windows\system32\msebfxb.exe c:\windows\system32\msecqelq.exe c:\windows\system32\msecvl.exe c:\windows\system32\msedit.exe c:\windows\system32\msedxt.exe c:\windows\system32\mseekp.exe c:\windows\system32\mseev.exe c:\windows\system32\msefj.exe c:\windows\system32\msegat.exe c:\windows\system32\msehxjqp.exe c:\windows\system32\mselwwj.exe c:\windows\system32\msemmcz.exe c:\windows\system32\msenolf.exe c:\windows\system32\mseor.exe c:\windows\system32\mseqfhpz.exe c:\windows\system32\mserww.exe c:\windows\system32\msesp.exe c:\windows\system32\msetgb.exe c:\windows\system32\mseudhev.exe c:\windows\system32\mseunzg.exe c:\windows\system32\msexl.exe c:\windows\system32\msfand.exe c:\windows\system32\msfaq.exe c:\windows\system32\msfaug.exe c:\windows\system32\msfcpjow.exe c:\windows\system32\msfdabs.exe c:\windows\system32\msfdib.exe c:\windows\system32\msfexqzv.exe c:\windows\system32\msffpv.exe c:\windows\system32\msfgsw.exe c:\windows\system32\msfhggqn.exe c:\windows\system32\msfhu.exe c:\windows\system32\msfjtzm.exe c:\windows\system32\msfmplnv.exe c:\windows\system32\msfndk.exe c:\windows\system32\msfnpnvh.exe c:\windows\system32\msfqbej.exe c:\windows\system32\msfrjenp.exe c:\windows\system32\msfsghh.exe c:\windows\system32\msfxwa.exe c:\windows\system32\msfydydc.exe c:\windows\system32\msgadd.exe c:\windows\system32\msgcpcau.exe c:\windows\system32\msgfhh.exe c:\windows\system32\msggws.exe c:\windows\system32\msgktdc.exe c:\windows\system32\msgmhduo.exe c:\windows\system32\msgnc.exe c:\windows\system32\msgnyx.exe c:\windows\system32\msgps.exe c:\windows\system32\msgpstp.exe c:\windows\system32\msgqj.exe c:\windows\system32\msgrihf.exe c:\windows\system32\msgrqnka.exe c:\windows\system32\msgtm.exe c:\windows\system32\msgtqv.exe c:\windows\system32\msgwq.exe c:\windows\system32\mshdtbrf.exe c:\windows\system32\mshhgz.exe c:\windows\system32\mshib.exe c:\windows\system32\mshiyq.exe c:\windows\system32\mshkt.exe c:\windows\system32\mshleemt.exe c:\windows\system32\mshpmc.exe c:\windows\system32\mshqfeyr.exe c:\windows\system32\mshtsoye.exe c:\windows\system32\mshyiu.exe c:\windows\system32\mshyngwa.exe c:\windows\system32\msialtry.exe c:\windows\system32\msibkg.exe c:\windows\system32\msifp.exe c:\windows\system32\msifyae.exe c:\windows\system32\msihu.exe c:\windows\system32\msihyqe.exe c:\windows\system32\msikjj.exe c:\windows\system32\msino.exe c:\windows\system32\msirsmvn.exe c:\windows\system32\msiyme.exe c:\windows\system32\msjay.exe c:\windows\system32\msjbbswe.exe c:\windows\system32\msjbtxvz.exe c:\windows\system32\msjbwn.exe c:\windows\system32\msjihew.exe c:\windows\system32\msjoqd.exe c:\windows\system32\msjpsrt.exe c:\windows\system32\msjqgmxu.exe c:\windows\system32\msjso.exe c:\windows\system32\msjtwoh.exe c:\windows\system32\msjvp.exe c:\windows\system32\msjvyoqk.exe c:\windows\system32\msjwhyz.exe c:\windows\system32\msjzoygv.exe c:\windows\system32\mskaywf.exe c:\windows\system32\mskcliea.exe c:\windows\system32\mskhddbj.exe c:\windows\system32\mskhotm.exe c:\windows\system32\mskmbb.exe c:\windows\system32\mskmkg.exe c:\windows\system32\msknnefm.exe c:\windows\system32\msknvq.exe c:\windows\system32\mskoqjl.exe c:\windows\system32\mskos.exe c:\windows\system32\mskqvfwl.exe c:\windows\system32\mskrxqg.exe c:\windows\system32\mskryj.exe c:\windows\system32\mskvygfp.exe c:\windows\system32\mskxpjoy.exe c:\windows\system32\mskybxv.exe c:\windows\system32\mslccx.exe c:\windows\system32\mslclxt.exe c:\windows\system32\mslfcrgz.exe c:\windows\system32\msllao.exe c:\windows\system32\mslmsr.exe c:\windows\system32\mslpvw.exe c:\windows\system32\mslql.exe c:\windows\system32\mslrlw.exe c:\windows\system32\mslslj.exe c:\windows\system32\mslsosa.exe c:\windows\system32\mslsuy.exe c:\windows\system32\msltic.exe c:\windows\system32\msltirgw.exe c:\windows\system32\mslwh.exe c:\windows\system32\mslzyax.exe c:\windows\system32\msmafxvk.exe c:\windows\system32\msmcxcu.exe c:\windows\system32\msmdhnh.exe c:\windows\system32\msmdvsnd.exe c:\windows\system32\msmgderk.exe c:\windows\system32\msmgtytw.exe c:\windows\system32\msmhlcz.exe c:\windows\system32\msmiic.exe c:\windows\system32\msmlrid.exe c:\windows\system32\msmmow.exe c:\windows\system32\msmrgxv.exe c:\windows\system32\msmvhzp.exe c:\windows\system32\msmvzatp.exe c:\windows\system32\msmynfo.exe c:\windows\system32\msmzogx.exe c:\windows\system32\msnacdi.exe c:\windows\system32\msnbnh.exe c:\windows\system32\msnbqe.exe c:\windows\system32\msnbuf.exe c:\windows\system32\msncache.dll c:\windows\system32\msndwp.exe c:\windows\system32\msnedbu.exe c:\windows\system32\msngkz.exe c:\windows\system32\msnjlo.exe c:\windows\system32\msnlv.exe c:\windows\system32\msnmdfsg.exe c:\windows\system32\msnmey.exe c:\windows\system32\msnnfcw.exe c:\windows\system32\msnoajqr.exe c:\windows\system32\msnphd.exe c:\windows\system32\msnpmbqe.exe c:\windows\system32\msnpryr.exe c:\windows\system32\msnry.exe c:\windows\system32\msnsf.exe c:\windows\system32\msntkb.exe c:\windows\system32\msnuacl.exe c:\windows\system32\msnws.exe c:\windows\system32\msnza.exe c:\windows\system32\msoaicq.exe c:\windows\system32\msoelaa.exe c:\windows\system32\msogodvn.exe c:\windows\system32\msogpni.exe c:\windows\system32\msoih.exe c:\windows\system32\msojunw.exe c:\windows\system32\msomwq.exe c:\windows\system32\msonl.exe c:\windows\system32\msonnmr.exe c:\windows\system32\msonnq.exe c:\windows\system32\msophg.exe c:\windows\system32\msorotp.exe c:\windows\system32\msose.exe c:\windows\system32\msovctm.exe c:\windows\system32\msoyuqq.exe c:\windows\system32\mspansd.exe c:\windows\system32\mspdi.exe c:\windows\system32\mspijscu.exe c:\windows\system32\mspkppra.exe c:\windows\system32\msplp.exe c:\windows\system32\mspnzl.exe c:\windows\system32\msppmv.exe c:\windows\system32\msppptlu.exe c:\windows\system32\mspsr.exe c:\windows\system32\msptdld.exe c:\windows\system32\mspusyzz.exe c:\windows\system32\mspuuji.exe c:\windows\system32\mspxk.exe c:\windows\system32\mspxqkrw.exe c:\windows\system32\mspyjexv.exe c:\windows\system32\mspyp.exe c:\windows\system32\mspzg.exe c:\windows\system32\msqba.exe c:\windows\system32\msqccfbp.exe c:\windows\system32\msqdljps.exe c:\windows\system32\msqeej.exe c:\windows\system32\msqepeei.exe c:\windows\system32\msqfidg.exe c:\windows\system32\msqgo.exe c:\windows\system32\msqlcpt.exe c:\windows\system32\msqlhvf.exe c:\windows\system32\msqmj.exe c:\windows\system32\msqmjt.exe c:\windows\system32\msqmw.exe c:\windows\system32\msqmxnt.exe c:\windows\system32\msqnuy.exe c:\windows\system32\msqoh.exe c:\windows\system32\msqpmus.exe c:\windows\system32\msqqlb.exe c:\windows\system32\msqqyrnd.exe c:\windows\system32\msqrqri.exe c:\windows\system32\msqtb.exe c:\windows\system32\msqvkzt.exe c:\windows\system32\msqvw.exe c:\windows\system32\msrdi.exe c:\windows\system32\msrfbvom.exe c:\windows\system32\msrgudnk.exe c:\windows\system32\msriqsh.exe c:\windows\system32\msrjfr.exe c:\windows\system32\msrley.exe c:\windows\system32\msrlrwm.exe c:\windows\system32\msrpbsox.exe c:\windows\system32\msruowhn.exe c:\windows\system32\msruwbcj.exe c:\windows\system32\msrvok.exe c:\windows\system32\msrxv.exe c:\windows\system32\msrzpgzc.exe c:\windows\system32\mssck.exe c:\windows\system32\mssimp.exe c:\windows\system32\mssiog.exe c:\windows\system32\msspa.exe c:\windows\system32\mssqga.exe c:\windows\system32\mssqwk.exe c:\windows\system32\mssst.exe c:\windows\system32\msssusa.exe c:\windows\system32\mssvdc.exe c:\windows\system32\msszxhi.exe c:\windows\system32\mstbof.exe c:\windows\system32\mstbol.exe c:\windows\system32\mstdmlmj.exe c:\windows\system32\mstflauw.exe c:\windows\system32\mstitzj.exe c:\windows\system32\mstjqbce.exe c:\windows\system32\mstjsys.exe c:\windows\system32\mstkb.exe c:\windows\system32\mstkoj.exe c:\windows\system32\mstokuaf.exe c:\windows\system32\mstoxdj.exe c:\windows\system32\mstsqdqp.exe c:\windows\system32\mstzjd.exe c:\windows\system32\msuaiy.exe c:\windows\system32\msuei.exe c:\windows\system32\msufgti.exe c:\windows\system32\msufi.exe c:\windows\system32\msuku.exe c:\windows\system32\msulhjm.exe c:\windows\system32\msulw.exe c:\windows\system32\msungzxd.exe c:\windows\system32\msunkhv.exe c:\windows\system32\msuoiyxj.exe c:\windows\system32\msuoxpf.exe c:\windows\system32\msupxqy.exe c:\windows\system32\msuqn.exe c:\windows\system32\msuyu.exe c:\windows\system32\msvbchf.exe c:\windows\system32\msvbu.exe c:\windows\system32\msvcce.exe c:\windows\system32\msvgmxi.exe c:\windows\system32\msvhhhhs.exe c:\windows\system32\msvhk.exe c:\windows\system32\msvkxks.exe c:\windows\system32\msvmixu.exe c:\windows\system32\msvrt.exe c:\windows\system32\msvsc.exe c:\windows\system32\msvtwe.exe c:\windows\system32\msvuu.exe c:\windows\system32\msvzwz.exe c:\windows\system32\mswhci.exe c:\windows\system32\mswhzwg.exe c:\windows\system32\mswjtz.exe c:\windows\system32\mswkfowq.exe c:\windows\system32\mswkm.exe c:\windows\system32\mswlkxwn.exe c:\windows\system32\mswlyn.exe c:\windows\system32\mswnp.exe c:\windows\system32\mswppnt.exe c:\windows\system32\mswqv.exe c:\windows\system32\mswrea.exe c:\windows\system32\mswvyk.exe c:\windows\system32\mswzfb.exe c:\windows\system32\mswzuvk.exe c:\windows\system32\msxagqf.exe c:\windows\system32\msxaj.exe c:\windows\system32\msxandto.exe c:\windows\system32\msxbtc.exe c:\windows\system32\msxcgv.exe c:\windows\system32\msxejm.exe c:\windows\system32\msxfa.exe c:\windows\system32\msxgud.exe c:\windows\system32\msxjjzc.exe c:\windows\system32\msxjthrx.exe c:\windows\system32\msxloeqn.exe c:\windows\system32\msxnl.exe c:\windows\system32\msxrjli.exe c:\windows\system32\msxuo.exe c:\windows\system32\msxupuna.exe c:\windows\system32\msxuzpe.exe c:\windows\system32\msxxacu.exe c:\windows\system32\msxxkp.exe c:\windows\system32\msxxsxwv.exe c:\windows\system32\msxxyanh.exe c:\windows\system32\msyamg.exe c:\windows\system32\msydkn.exe c:\windows\system32\msydtye.exe c:\windows\system32\msyhomq.exe c:\windows\system32\msyjwt.exe c:\windows\system32\msylgdbd.exe c:\windows\system32\msyopmy.exe c:\windows\system32\msyowkkm.exe c:\windows\system32\msyqrazs.exe c:\windows\system32\msywwog.exe c:\windows\system32\mszalg.exe c:\windows\system32\mszdw.exe c:\windows\system32\mszearx.exe c:\windows\system32\mszimcab.exe c:\windows\system32\mszja.exe c:\windows\system32\mszjhj.exe c:\windows\system32\mszkvx.exe c:\windows\system32\mszmdn.exe c:\windows\system32\msznfz.exe c:\windows\system32\mszpjz.exe c:\windows\system32\mszwn.exe c:\windows\system32\mszwpvui.exe c:\windows\system32\mszyh.exe c:\windows\system32\mszym.exe c:\windows\system32\mszyrt.exe c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\sopidkc.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\tpsaxyd.exe c:\windows\system32\UACdcdqhufncexjguhyl.dat c:\windows\system32\UACdgrcwdmfrsujmlysd.dll c:\windows\system32\uacinit.dll c:\windows\system32\UACqltpqlxbwqgifmyde.dll c:\windows\system32\UACsmmrwkoibifdfgxtp.dll c:\windows\system32\uactmp.db c:\windows\system32\UACvblaxfnpanqjcwjrn.dll c:\windows\system32\UACvflatqrntoklypxrl.db c:\windows\system32\UACxrudffpvvbormnxoc.dll c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\wiawow32.sys c:\windows\system32\WS2Fix.exe c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job c:\windows\Tasks\rrljvoxz.job c:\windows\TEMP\mpj93748.dll c:\windows\TEMP\mta76801.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys -------\Legacy_6TO4 -------\Legacy_AT1394 -------\Legacy_MSNCACHE -------\Legacy_PCMSTUB -------\Legacy_SOPIDKC -------\Service_6to4 -------\Service_at1394 -------\Service_msncache -------\Service_pcmstub -------\Service_sopidkc ((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 ))))))))))))))))))))))))))))))) . 2009-07-12 09:30 . 2009-07-12 09:30 -------- d-----w- C:\Lop SD 2009-07-12 05:35 . 2009-07-12 05:35 -------- d-sh--w- c:\documents and settings\guillaume\IECompatCache 2009-07-12 05:29 . 2009-07-12 05:21 135680 ----a-w- c:\windows\msb.exe 2009-07-12 05:21 . 2009-07-12 05:21 40960 --sh--r- c:\windows\system32\flashd32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-13 04:22 . 2008-06-05 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-07-12 08:12 . 2008-10-09 15:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-12 08:01 . 2008-07-08 18:17 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard 2009-07-12 08:01 . 2007-12-02 10:02 -------- d-----w- c:\program files\Lavasoft 2009-07-12 06:14 . 2009-07-12 05:22 4 ---h--w- c:\windows\Fonts\mlog 2009-07-12 05:05 . 2007-12-02 09:32 -------- d-----w- c:\documents and settings\guillaume\Application Data\uTorrent 2009-07-11 08:50 . 2008-09-10 23:42 -------- d-----w- c:\documents and settings\guillaume\Application Data\gtk-2.0 2009-06-25 18:43 . 2008-06-05 16:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-06-25 18:43 . 2008-06-05 16:57 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-06-25 18:43 . 2007-12-02 10:27 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-12 23:23 . 2009-06-10 06:33 -------- d-----w- c:\program files\Fichiers communs\DVDVideoSoft 2009-06-11 23:04 . 2009-05-28 04:11 -------- d-----w- c:\documents and settings\guillaume\Application Data\Research In Motion 2009-06-11 22:56 . 2009-05-28 04:12 256 ----a-w- c:\windows\system32\pool.bin 2009-06-10 07:17 . 2009-05-28 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com 2009-06-10 06:28 . 2005-04-19 18:57 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-14 21:17 . 2008-06-05 16:57 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-05-13 05:04 . 2005-04-19 19:12 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-07 15:33 . 2005-04-19 19:12 348672 ----a-w- c:\windows\system32\localspl.dll 2009-05-01 05:27 . 2009-01-14 14:37 2967799 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-04-19 22:22 . 2005-04-19 19:13 77236 ----a-w- c:\windows\system32\perfc00C.dat 2009-04-19 22:22 . 2005-04-19 19:13 474554 ----a-w- c:\windows\system32\perfh00C.dat 2009-04-19 19:50 . 2005-04-19 19:12 1847296 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:53 . 2005-04-19 19:12 585216 ----a-w- c:\windows\system32\rpcrt4.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-03-02 65536] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "ares"="c:\program files\Ares\Ares.exe" [2008-12-01 882176] "Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 3587120] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-23 339968] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976] "SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-25 65536] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-30 192512] "TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-30 53248] "CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-01-22 675840] "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 1077327] "HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-23 28672] "TOSHIBA Accessibility"="c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe" [2004-12-08 24576] "Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2004-11-12 73728] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-12-06 184320] "SmoothView"="c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2004-11-15 118784] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-04-09 98304] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-25 1948440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "NDSTray.exe"="NDSTray.exe" [bU] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2004-12-06 88363] "Zooming"="ZoomingHook.exe" - c:\windows\system32\ZoomingHook.exe [2004-07-14 24576] "TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-01-21 266240] "TCtryIOHook"="TCtrlIOHook.exe" - c:\windows\system32\TCtrlIOHook.exe [2005-02-16 28672] "TFncKy"="TFncKy.exe" [bU] "CFSServ.exe"="CFSServ.exe" [bU] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{38101905-D80F-4788-96F6-986A8186178A}"= "c:\windows\system32\flashd32.dll" [2009-07-12 40960] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-06-25 18:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Ares\\Ares.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\WINDOWS\\fonts\\services.exe"= "%windir%\\system32\\drivers\\svchost.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-06-05 327688] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-06-05 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-06 906520] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-06 298776] S3 EventSystem_Untrusted_BZ;Système d'événements de COM+_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe -k netsvcs --> c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe [?] S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" --> c:\program files\ma-config.com\maconfservice.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2005-09-13 c:\windows\Tasks\Rappel d'enregistrement 1.job - c:\windows\system32\OOBE\oobebaln.exe [2005-04-19 02:34] 2005-09-13 c:\windows\Tasks\Rappel d'enregistrement 2.job - c:\windows\system32\OOBE\oobebaln.exe [2005-04-19 02:34] 2005-09-13 c:\windows\Tasks\Rappel d'enregistrement 3.job - c:\windows\system32\OOBE\oobebaln.exe [2005-04-19 02:34] . - - - - ORPHANS REMOVED - - - - HKLM-Run-MotiveReportAgent - c:\program files\Fichiers communs\Motive\McciBootStrapper.exe . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = hxxp://www.shoptoshiba.ca/welcome IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: myspace.com\www DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab FF - ProfilePath - c:\documents and settings\guillaume\Application Data\Mozilla\Firefox\Profiles\x13y1clk.default\ FF - prefs.js: browser.startup.homepage - http:myspace.com/dynxx FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-13 00:26 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\CurrentControlSet] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ [HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\LocalSystem] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,90,f4,2b,87,a7, 60,4d,47,2e,e8,e1,00,eb,16,2b,de,52,ac,78,cd,dd,3d,5a,f8,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,dc,b5,94,0b,0a, 2f,bd,70,46,47,15,b0,92,4b,c7,ef,ec,19,78,89,64,49,cd,f1,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,e0,eb,6f,50,f8, df,4d,5f,7a,45,05,fd,91,e8,6f,31,5b,4b,75,9e,f4,ef,d9,71,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,c0,64,6a,6c,c8, 65,23,2c,6b,65,49,6a,7e,99,74,f7,a8,da,78,1e,a0,9e,f6,36,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,c6,98,1b,41,6d, eb,4d,79,e9,02,6c,fa,fb,1d,47,57,46,07,6a,c3,b8,68,99,ae,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,99,10,0e,45,31, c6,ea,b8,50,93,e5,ab,ec,6a,4e,ab,70,33,76,de,ae,6d,30,ab,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,7c,cf,ce,21,e7, 72,18,59,97,20,4e,9a,c7,f1,35,ee,bb,6e,35,27,4c,4b,9e,19,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,33,2e,e0,ce,d1, ed,25,be,aa,52,c6,00,84,3c,26,64,2c,e9,dc,14,f8,37,f3,ea,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,d5,28,ff,36,26, c4,6f,ae,b2,46,9a,e2,1b,fe,1b,94,d8,df,2a,82,ee,ee,ca,06,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,d7,c0,4b,0e,0b, 12,be,4b,37,a4,aa,c3,a6,15,56,0a,50,40,37,7c,5f,df,ed,a9,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,e2,56,18,e0,0a, 78,0f,f8,f8,31,0f,a9,5f,a0,ec,fb,ae,50,43,0f,ae,a8,57,70,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,17,2c,12,e0,ef, 29,69,bf,05,73,21,dd,54,d8,4a,c5,16,2d,7a,d0,a8,91,74,54,6c,43,2d,1e,aa,22,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(564) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2636) c:\windows\system32\flashd32.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\TPwrCfg.DLL c:\windows\system32\TPwrReg.dll c:\windows\system32\TPSTrace.DLL c:\windows\system32\eappprxy.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Toshiba\ConfigFree\CFSvcs.exe c:\windows\system32\DVDRAMSV.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\UTSCSI.EXE c:\program files\AVG\AVG8\avgcsrvx.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\Apoint2K\ApntEx.exe c:\program files\Toshiba\ConfigFree\CFSServ.exe c:\windows\system32\TPSBattM.exe . ************************************************************************** . Completion time: 2009-07-13 0:34 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-13 05:33 Pre-Run: 41 504 153 600 octets libres Post-Run: 43 452 571 648 octets libres 677 --- E O F --- 2009-06-11 22:50
  15. Westzup
    Ceci apparais Pourtant jai pas modifier le nom de combofix ...
×
×
  • Créer...