Aller au contenu

Westzup

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    29

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Westzup

  1. Westzup

    probleme de Lecteur/Graveur

    Westzup a répondu à un(e) sujet de Westzup dans Hardware

    Ouai mais le probleme c'est que jai deja essayer d'ouvrir mon laptop pendant au moin 2h et je n'est pas reussi Mais si il na plus rien a faire est ce que l'achat d'un Graveur dvd externe fera l'affaire ?
  2. Westzup

    probleme de Lecteur/Graveur

    Westzup a répondu à un(e) sujet de Westzup dans Hardware

    Pour faire plus simple croyer vous que si j'achete un graveur externe come celui-ci http://www.bestbuy.ca/catalog/proddetail.a...p;test_cookie=1 je vais pouvoir de nouveau graver et écouter des films sur mon laptop ?
  3. Westzup

    probleme de Lecteur/Graveur

    Westzup a répondu à un(e) sujet de Westzup dans Hardware

    Voila jai fais démarrer> Exécuter... tape .. diskmgmt.msc , et ceci apparait je doit faire quoi maintenant ?
  4. Westzup

    probleme de Lecteur/Graveur

    Westzup a répondu à un(e) sujet de Westzup dans Hardware

    Oui j'ai fais la manip de Angelique et j'ai afficher le resultat dans mon dernier message . Voici le seul truc qui possede un ?et! dans le gestionnaire des périphérique.
  5. Westzup

    probleme de Lecteur/Graveur

    Westzup a répondu à un(e) sujet de Westzup dans Hardware

    Voila ce que jai eu pendant l'installation .
  6. Westzup

    probleme de Lecteur/Graveur

    Westzup a répondu à un(e) sujet de Westzup dans Hardware

    Voila jai fais ce que tu m'as demandé et bizarement l'icone D: est apparu une dizaine de secondes au redémarrage de mon laptop et a disparu de nouveau . edit: je n'avait pas vu ton dernier message je post un nouveau message apres avoir fini .
  7. Westzup

    probleme de Lecteur/Graveur

    Westzup a répondu à un(e) sujet de Westzup dans Hardware

    Est ce que quand je fais ''installler'' quelque chose est supposé apparaitre ? comme l'installation d'un logiciel
  8. Westzup
    Bonjour , je reviens sur ce forum car jai encore un probleme , mais cette fois-ci ce n'est pas un virus . Le probleme viens de mon Lecteur/Graveur il ne lis et grave plus les cd et dvd , meme que le D: qui est normalment dans ''Poste de travail'' a disparu aussi . Le plus étrange dans tout ca est que jai écouté un cd audio hier avant les problemes . Voila j'espere que quelqun pourra m'aider avec mon probleme Merci .
  9. Westzup
    Ok , je vais voir ca merci encore .
  10. Westzup
    Voila jai fais ce que tu a dit a la lettre et puis cela a marcher a la perfection ! je te remerci BEAUCOUP c'est vraiment bien d'aider les gens en plus gratuitement merci encore J'ai une autre question , Parfoit mon laptop ce ferme tout seul quand il fait trop chaud , alors je suis obliger de mettre un ventilateur a coté est ce que je doit l'ouvrir et nettoyer la poussiere ? ou il y a une autre solution ?
  11. Westzup
    Et voici le nouveau rapport de HiJackThis . Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 04:53:58, on 2009-07-13 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UTSCSI.EXE C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\ZoomingHook.exe C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe C:\WINDOWS\system32\TPSMain.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\TPSBattM.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Program Files\Ares\Ares.exe C:\Documents and Settings\guillaume\Bureau\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.shoptoshiba.ca/welcome R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://rapstarsgx.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://pse-esd.ainc-inac.gc.ca/nstp2/Repor...tivexviewer.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Système d'événements de COM+_Untrusted_BZ (EventSystem_Untrusted_BZ) - Unknown owner - C:\Virtual\Untrusted\C_\WINDOWS\system32\svchost.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe (file missing) O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: USBest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE -- End of file - 8296 bytes
  12. Westzup
    Ok d'accord voici le rapport de kaspersky . -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Monday, July 13, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Monday, July 13, 2009 07:35:31 Records in database: 2464837 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Files scanned: 70670 Threat name: 7 Infected objects: 10 Suspicious objects: 0 Duration of the scan: 02:42:21 File name / Threat name / Threats count C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACmpulkxejbakftivrt.sys.vir Infected: Rootkit.Win32.Agent.mih 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\sopidkc.exe.vir Infected: Trojan.Win32.Koblu.aaz 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\tpsaxyd.exe.vir Infected: Trojan-Downloader.Win32.DlfBfkg.jt 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACdgrcwdmfrsujmlysd.dll.vir Infected: Trojan.Win32.TDSS.aekg 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACqltpqlxbwqgifmyde.dll.vir Infected: Packed.Win32.Tdss.m 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACsmmrwkoibifdfgxtp.dll.vir Infected: Trojan.Win32.TDSS.adzz 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACxrudffpvvbormnxoc.dll.vir Infected: Packed.Win32.Tdss.m 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\wiawow32.sys.vir Infected: Trojan.Win32.VBimay.fw 1 C:\System Volume Information\_restore{3C65DFA9-AEF0-4FD8-9C57-7C4F8C2DAB52}\RP755\A0209231.exe Infected: Trojan.Win32.Koblu.aaz 1 C:\System Volume Information\_restore{3C65DFA9-AEF0-4FD8-9C57-7C4F8C2DAB52}\RP755\A0209234.exe Infected: Trojan-Downloader.Win32.DlfBfkg.jt 1 The selected area was scanned.
  13. Westzup
    Voici le nouveau rapport de Combofix ComboFix 09-07-12.03 - guillaume 2009-07-13 1:01.2.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.2.1036.18.502.153 [GMT -5:00] Running from: c:\documents and settings\guillaume\Bureau\123456.exe Command switches used :: c:\documents and settings\guillaume\Bureau\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: "c:\windows\fonts\services.exe" "c:\windows\msb.exe" "c:\windows\system32\flashd32.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\fonts\services.exe c:\windows\msb.exe c:\windows\system32\flashd32.dll . ((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 ))))))))))))))))))))))))))))))) . 2009-07-12 09:30 . 2009-07-12 09:30 -------- d-----w- C:\Lop SD 2009-07-12 05:35 . 2009-07-12 05:35 -------- d-sh--w- c:\documents and settings\guillaume\IECompatCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-13 04:22 . 2008-06-05 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-07-12 08:12 . 2008-10-09 15:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-12 08:01 . 2008-07-08 18:17 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard 2009-07-12 08:01 . 2007-12-02 10:02 -------- d-----w- c:\program files\Lavasoft 2009-07-12 06:14 . 2009-07-12 05:22 4 ---h--w- c:\windows\Fonts\mlog 2009-07-12 05:05 . 2007-12-02 09:32 -------- d-----w- c:\documents and settings\guillaume\Application Data\uTorrent 2009-07-11 08:50 . 2008-09-10 23:42 -------- d-----w- c:\documents and settings\guillaume\Application Data\gtk-2.0 2009-06-25 18:43 . 2008-06-05 16:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-06-25 18:43 . 2008-06-05 16:57 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-06-25 18:43 . 2007-12-02 10:27 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-12 23:23 . 2009-06-10 06:33 -------- d-----w- c:\program files\Fichiers communs\DVDVideoSoft 2009-06-11 23:04 . 2009-05-28 04:11 -------- d-----w- c:\documents and settings\guillaume\Application Data\Research In Motion 2009-06-11 22:56 . 2009-05-28 04:12 256 ----a-w- c:\windows\system32\pool.bin 2009-06-10 07:17 . 2009-05-28 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com 2009-06-10 06:28 . 2005-04-19 18:57 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-14 21:17 . 2008-06-05 16:57 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-05-13 05:04 . 2005-04-19 19:12 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-07 15:33 . 2005-04-19 19:12 348672 ----a-w- c:\windows\system32\localspl.dll 2009-05-01 05:27 . 2009-01-14 14:37 2967799 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-04-19 22:22 . 2005-04-19 19:13 77236 ----a-w- c:\windows\system32\perfc00C.dat 2009-04-19 22:22 . 2005-04-19 19:13 474554 ----a-w- c:\windows\system32\perfh00C.dat 2009-04-19 19:50 . 2005-04-19 19:12 1847296 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:53 . 2005-04-19 19:12 585216 ----a-w- c:\windows\system32\rpcrt4.dll . ((((((((((((((((((((((((((((( SnapShot@2009-07-13_05.26.31 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-13 06:11 . 2009-07-13 06:11 16384 c:\windows\Temp\Perflib_Perfdata_7f8.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-03-02 65536] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 3587120] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-23 339968] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976] "SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-25 65536] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-30 192512] "TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-30 53248] "CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-01-22 675840] "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 1077327] "HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-23 28672] "TOSHIBA Accessibility"="c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe" [2004-12-08 24576] "Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2004-11-12 73728] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-12-06 184320] "SmoothView"="c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2004-11-15 118784] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-04-09 98304] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-25 1948440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "NDSTray.exe"="NDSTray.exe" [bU] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2004-12-06 88363] "Zooming"="ZoomingHook.exe" - c:\windows\system32\ZoomingHook.exe [2004-07-14 24576] "TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-01-21 266240] "TCtryIOHook"="TCtrlIOHook.exe" - c:\windows\system32\TCtrlIOHook.exe [2005-02-16 28672] "TFncKy"="TFncKy.exe" [bU] "CFSServ.exe"="CFSServ.exe" [bU] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-06-25 18:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Ares\\Ares.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "%windir%\\system32\\drivers\\svchost.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-06-05 327688] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-06-05 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-06 906520] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-06 298776] S3 EventSystem_Untrusted_BZ;Système d'événements de COM+_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe -k netsvcs --> c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe [?] S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" --> c:\program files\ma-config.com\maconfservice.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2005-09-13 c:\windows\Tasks\Rappel d'enregistrement 1.job - c:\windows\system32\OOBE\oobebaln.exe [2005-04-19 02:34] 2005-09-13 c:\windows\Tasks\Rappel d'enregistrement 2.job - c:\windows\system32\OOBE\oobebaln.exe [2005-04-19 02:34] 2005-09-13 c:\windows\Tasks\Rappel d'enregistrement 3.job - c:\windows\system32\OOBE\oobebaln.exe [2005-04-19 02:34] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = hxxp://www.shoptoshiba.ca/welcome IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: myspace.com\www DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab FF - ProfilePath - c:\documents and settings\guillaume\Application Data\Mozilla\Firefox\Profiles\x13y1clk.default\ FF - prefs.js: browser.startup.homepage - http:myspace.com/dynxx FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-13 01:13 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\CurrentControlSet] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ [HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\LocalSystem] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,90,f4,2b,87,a7, 60,4d,47,2e,e8,e1,00,eb,16,2b,de,52,ac,78,cd,dd,3d,5a,f8,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,dc,b5,94,0b,0a, 2f,bd,70,46,47,15,b0,92,4b,c7,ef,ec,19,78,89,64,49,cd,f1,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,e0,eb,6f,50,f8, df,4d,5f,7a,45,05,fd,91,e8,6f,31,5b,4b,75,9e,f4,ef,d9,71,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,c0,64,6a,6c,c8, 65,23,2c,6b,65,49,6a,7e,99,74,f7,a8,da,78,1e,a0,9e,f6,36,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,c6,98,1b,41,6d, eb,4d,79,e9,02,6c,fa,fb,1d,47,57,46,07,6a,c3,b8,68,99,ae,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,99,10,0e,45,31, c6,ea,b8,50,93,e5,ab,ec,6a,4e,ab,70,33,76,de,ae,6d,30,ab,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,7c,cf,ce,21,e7, 72,18,59,97,20,4e,9a,c7,f1,35,ee,bb,6e,35,27,4c,4b,9e,19,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,33,2e,e0,ce,d1, ed,25,be,aa,52,c6,00,84,3c,26,64,2c,e9,dc,14,f8,37,f3,ea,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,d5,28,ff,36,26, c4,6f,ae,b2,46,9a,e2,1b,fe,1b,94,d8,df,2a,82,ee,ee,ca,06,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,d7,c0,4b,0e,0b, 12,be,4b,37,a4,aa,c3,a6,15,56,0a,50,40,37,7c,5f,df,ed,a9,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,e2,56,18,e0,0a, 78,0f,f8,f8,31,0f,a9,5f,a0,ec,fb,ae,50,43,0f,ae,a8,57,70,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,17,2c,12,e0,ef, 29,69,bf,05,73,21,dd,54,d8,4a,c5,16,2d,7a,d0,a8,91,74,54,6c,43,2d,1e,aa,22,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(564) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(4024) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\TPwrCfg.DLL c:\windows\system32\TPwrReg.dll c:\windows\system32\TPSTrace.DLL c:\windows\system32\eappprxy.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Toshiba\ConfigFree\CFSvcs.exe c:\windows\system32\DVDRAMSV.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\UTSCSI.EXE c:\program files\AVG\AVG8\avgcsrvx.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\Apoint2K\ApntEx.exe c:\windows\system32\TPSBattM.exe . ************************************************************************** . Completion time: 2009-07-13 1:21 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-13 06:21 ComboFix2.txt 2009-07-13 05:34 Pre-Run: 43 461 451 776 octets libres Post-Run: 43 447 132 160 octets libres 252 --- E O F --- 2009-06-11 22:50
  14. Westzup
    Voila le rapport de combofix ComboFix 09-07-12.03 - guillaume 2009-07-13 0:08.1.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.2.1036.18.502.199 [GMT -5:00] Running from: c:\documents and settings\guillaume\Bureau\123456.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ADS - system32: deleted 0 bytes in 1 streams. ADS - WINDOWS: deleted 0 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\guillaume\Local Settings\Temporary Internet Files\fbk.sts c:\recycler\S-1-5-21-1275210071-884357618-725345543-1003 c:\recycler\S-1-5-21-2387214342-4241202629-2210294573-1003 c:\recycler\S-1-5-21-2853906509-1115524753-1472958294-1003 c:\recycler\S-1-5-21-3213045905-957709740-1519076581-1005 c:\windows\Install.txt c:\windows\Installer\ced6a.msi c:\windows\msa.exe c:\windows\system32\404Fix.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\certstore.dat c:\windows\system32\comsa32.sys c:\windows\system32\drivers\UACmpulkxejbakftivrt.sys c:\windows\system32\dumphive.exe c:\windows\system32\FInstall.sys c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\Install.txt c:\windows\system32\msaag.exe c:\windows\system32\mscerr.exe c:\windows\system32\mscffmpo.exe c:\windows\system32\mscggc.exe c:\windows\system32\mscggx.exe c:\windows\system32\mscguv.exe c:\windows\system32\mschj.exe c:\windows\system32\mscirco.exe c:\windows\system32\mscjiujy.exe c:\windows\system32\msclcr.exe c:\windows\system32\mscmdm.exe c:\windows\system32\mscmir.exe c:\windows\system32\mscmz.exe c:\windows\system32\mscpf.exe c:\windows\system32\msctonlg.exe c:\windows\system32\mscudbx.exe c:\windows\system32\mscxoj.exe c:\windows\system32\mscxwtc.exe c:\windows\system32\msdao.exe c:\windows\system32\msdberkp.exe c:\windows\system32\msdegtm.exe c:\windows\system32\msdfdj.exe c:\windows\system32\msdinr.exe c:\windows\system32\msdjg.exe c:\windows\system32\msdjjixh.exe c:\windows\system32\msdkv.exe c:\windows\system32\msdljkpz.exe c:\windows\system32\msdlmkrt.exe c:\windows\system32\msdmbd.exe c:\windows\system32\msdopzqs.exe c:\windows\system32\msdqqwg.exe c:\windows\system32\msdui.exe c:\windows\system32\msduutel.exe c:\windows\system32\msdvnsd.exe c:\windows\system32\msebfxb.exe c:\windows\system32\msecqelq.exe c:\windows\system32\msecvl.exe c:\windows\system32\msedit.exe c:\windows\system32\msedxt.exe c:\windows\system32\mseekp.exe c:\windows\system32\mseev.exe c:\windows\system32\msefj.exe c:\windows\system32\msegat.exe c:\windows\system32\msehxjqp.exe c:\windows\system32\mselwwj.exe c:\windows\system32\msemmcz.exe c:\windows\system32\msenolf.exe c:\windows\system32\mseor.exe c:\windows\system32\mseqfhpz.exe c:\windows\system32\mserww.exe c:\windows\system32\msesp.exe c:\windows\system32\msetgb.exe c:\windows\system32\mseudhev.exe c:\windows\system32\mseunzg.exe c:\windows\system32\msexl.exe c:\windows\system32\msfand.exe c:\windows\system32\msfaq.exe c:\windows\system32\msfaug.exe c:\windows\system32\msfcpjow.exe c:\windows\system32\msfdabs.exe c:\windows\system32\msfdib.exe c:\windows\system32\msfexqzv.exe c:\windows\system32\msffpv.exe c:\windows\system32\msfgsw.exe c:\windows\system32\msfhggqn.exe c:\windows\system32\msfhu.exe c:\windows\system32\msfjtzm.exe c:\windows\system32\msfmplnv.exe c:\windows\system32\msfndk.exe c:\windows\system32\msfnpnvh.exe c:\windows\system32\msfqbej.exe c:\windows\system32\msfrjenp.exe c:\windows\system32\msfsghh.exe c:\windows\system32\msfxwa.exe c:\windows\system32\msfydydc.exe c:\windows\system32\msgadd.exe c:\windows\system32\msgcpcau.exe c:\windows\system32\msgfhh.exe c:\windows\system32\msggws.exe c:\windows\system32\msgktdc.exe c:\windows\system32\msgmhduo.exe c:\windows\system32\msgnc.exe c:\windows\system32\msgnyx.exe c:\windows\system32\msgps.exe c:\windows\system32\msgpstp.exe c:\windows\system32\msgqj.exe c:\windows\system32\msgrihf.exe c:\windows\system32\msgrqnka.exe c:\windows\system32\msgtm.exe c:\windows\system32\msgtqv.exe c:\windows\system32\msgwq.exe c:\windows\system32\mshdtbrf.exe c:\windows\system32\mshhgz.exe c:\windows\system32\mshib.exe c:\windows\system32\mshiyq.exe c:\windows\system32\mshkt.exe c:\windows\system32\mshleemt.exe c:\windows\system32\mshpmc.exe c:\windows\system32\mshqfeyr.exe c:\windows\system32\mshtsoye.exe c:\windows\system32\mshyiu.exe c:\windows\system32\mshyngwa.exe c:\windows\system32\msialtry.exe c:\windows\system32\msibkg.exe c:\windows\system32\msifp.exe c:\windows\system32\msifyae.exe c:\windows\system32\msihu.exe c:\windows\system32\msihyqe.exe c:\windows\system32\msikjj.exe c:\windows\system32\msino.exe c:\windows\system32\msirsmvn.exe c:\windows\system32\msiyme.exe c:\windows\system32\msjay.exe c:\windows\system32\msjbbswe.exe c:\windows\system32\msjbtxvz.exe c:\windows\system32\msjbwn.exe c:\windows\system32\msjihew.exe c:\windows\system32\msjoqd.exe c:\windows\system32\msjpsrt.exe c:\windows\system32\msjqgmxu.exe c:\windows\system32\msjso.exe c:\windows\system32\msjtwoh.exe c:\windows\system32\msjvp.exe c:\windows\system32\msjvyoqk.exe c:\windows\system32\msjwhyz.exe c:\windows\system32\msjzoygv.exe c:\windows\system32\mskaywf.exe c:\windows\system32\mskcliea.exe c:\windows\system32\mskhddbj.exe c:\windows\system32\mskhotm.exe c:\windows\system32\mskmbb.exe c:\windows\system32\mskmkg.exe c:\windows\system32\msknnefm.exe c:\windows\system32\msknvq.exe c:\windows\system32\mskoqjl.exe c:\windows\system32\mskos.exe c:\windows\system32\mskqvfwl.exe c:\windows\system32\mskrxqg.exe c:\windows\system32\mskryj.exe c:\windows\system32\mskvygfp.exe c:\windows\system32\mskxpjoy.exe c:\windows\system32\mskybxv.exe c:\windows\system32\mslccx.exe c:\windows\system32\mslclxt.exe c:\windows\system32\mslfcrgz.exe c:\windows\system32\msllao.exe c:\windows\system32\mslmsr.exe c:\windows\system32\mslpvw.exe c:\windows\system32\mslql.exe c:\windows\system32\mslrlw.exe c:\windows\system32\mslslj.exe c:\windows\system32\mslsosa.exe c:\windows\system32\mslsuy.exe c:\windows\system32\msltic.exe c:\windows\system32\msltirgw.exe c:\windows\system32\mslwh.exe c:\windows\system32\mslzyax.exe c:\windows\system32\msmafxvk.exe c:\windows\system32\msmcxcu.exe c:\windows\system32\msmdhnh.exe c:\windows\system32\msmdvsnd.exe c:\windows\system32\msmgderk.exe c:\windows\system32\msmgtytw.exe c:\windows\system32\msmhlcz.exe c:\windows\system32\msmiic.exe c:\windows\system32\msmlrid.exe c:\windows\system32\msmmow.exe c:\windows\system32\msmrgxv.exe c:\windows\system32\msmvhzp.exe c:\windows\system32\msmvzatp.exe c:\windows\system32\msmynfo.exe c:\windows\system32\msmzogx.exe c:\windows\system32\msnacdi.exe c:\windows\system32\msnbnh.exe c:\windows\system32\msnbqe.exe c:\windows\system32\msnbuf.exe c:\windows\system32\msncache.dll c:\windows\system32\msndwp.exe c:\windows\system32\msnedbu.exe c:\windows\system32\msngkz.exe c:\windows\system32\msnjlo.exe c:\windows\system32\msnlv.exe c:\windows\system32\msnmdfsg.exe c:\windows\system32\msnmey.exe c:\windows\system32\msnnfcw.exe c:\windows\system32\msnoajqr.exe c:\windows\system32\msnphd.exe c:\windows\system32\msnpmbqe.exe c:\windows\system32\msnpryr.exe c:\windows\system32\msnry.exe c:\windows\system32\msnsf.exe c:\windows\system32\msntkb.exe c:\windows\system32\msnuacl.exe c:\windows\system32\msnws.exe c:\windows\system32\msnza.exe c:\windows\system32\msoaicq.exe c:\windows\system32\msoelaa.exe c:\windows\system32\msogodvn.exe c:\windows\system32\msogpni.exe c:\windows\system32\msoih.exe c:\windows\system32\msojunw.exe c:\windows\system32\msomwq.exe c:\windows\system32\msonl.exe c:\windows\system32\msonnmr.exe c:\windows\system32\msonnq.exe c:\windows\system32\msophg.exe c:\windows\system32\msorotp.exe c:\windows\system32\msose.exe c:\windows\system32\msovctm.exe c:\windows\system32\msoyuqq.exe c:\windows\system32\mspansd.exe c:\windows\system32\mspdi.exe c:\windows\system32\mspijscu.exe c:\windows\system32\mspkppra.exe c:\windows\system32\msplp.exe c:\windows\system32\mspnzl.exe c:\windows\system32\msppmv.exe c:\windows\system32\msppptlu.exe c:\windows\system32\mspsr.exe c:\windows\system32\msptdld.exe c:\windows\system32\mspusyzz.exe c:\windows\system32\mspuuji.exe c:\windows\system32\mspxk.exe c:\windows\system32\mspxqkrw.exe c:\windows\system32\mspyjexv.exe c:\windows\system32\mspyp.exe c:\windows\system32\mspzg.exe c:\windows\system32\msqba.exe c:\windows\system32\msqccfbp.exe c:\windows\system32\msqdljps.exe c:\windows\system32\msqeej.exe c:\windows\system32\msqepeei.exe c:\windows\system32\msqfidg.exe c:\windows\system32\msqgo.exe c:\windows\system32\msqlcpt.exe c:\windows\system32\msqlhvf.exe c:\windows\system32\msqmj.exe c:\windows\system32\msqmjt.exe c:\windows\system32\msqmw.exe c:\windows\system32\msqmxnt.exe c:\windows\system32\msqnuy.exe c:\windows\system32\msqoh.exe c:\windows\system32\msqpmus.exe c:\windows\system32\msqqlb.exe c:\windows\system32\msqqyrnd.exe c:\windows\system32\msqrqri.exe c:\windows\system32\msqtb.exe c:\windows\system32\msqvkzt.exe c:\windows\system32\msqvw.exe c:\windows\system32\msrdi.exe c:\windows\system32\msrfbvom.exe c:\windows\system32\msrgudnk.exe c:\windows\system32\msriqsh.exe c:\windows\system32\msrjfr.exe c:\windows\system32\msrley.exe c:\windows\system32\msrlrwm.exe c:\windows\system32\msrpbsox.exe c:\windows\system32\msruowhn.exe c:\windows\system32\msruwbcj.exe c:\windows\system32\msrvok.exe c:\windows\system32\msrxv.exe c:\windows\system32\msrzpgzc.exe c:\windows\system32\mssck.exe c:\windows\system32\mssimp.exe c:\windows\system32\mssiog.exe c:\windows\system32\msspa.exe c:\windows\system32\mssqga.exe c:\windows\system32\mssqwk.exe c:\windows\system32\mssst.exe c:\windows\system32\msssusa.exe c:\windows\system32\mssvdc.exe c:\windows\system32\msszxhi.exe c:\windows\system32\mstbof.exe c:\windows\system32\mstbol.exe c:\windows\system32\mstdmlmj.exe c:\windows\system32\mstflauw.exe c:\windows\system32\mstitzj.exe c:\windows\system32\mstjqbce.exe c:\windows\system32\mstjsys.exe c:\windows\system32\mstkb.exe c:\windows\system32\mstkoj.exe c:\windows\system32\mstokuaf.exe c:\windows\system32\mstoxdj.exe c:\windows\system32\mstsqdqp.exe c:\windows\system32\mstzjd.exe c:\windows\system32\msuaiy.exe c:\windows\system32\msuei.exe c:\windows\system32\msufgti.exe c:\windows\system32\msufi.exe c:\windows\system32\msuku.exe c:\windows\system32\msulhjm.exe c:\windows\system32\msulw.exe c:\windows\system32\msungzxd.exe c:\windows\system32\msunkhv.exe c:\windows\system32\msuoiyxj.exe c:\windows\system32\msuoxpf.exe c:\windows\system32\msupxqy.exe c:\windows\system32\msuqn.exe c:\windows\system32\msuyu.exe c:\windows\system32\msvbchf.exe c:\windows\system32\msvbu.exe c:\windows\system32\msvcce.exe c:\windows\system32\msvgmxi.exe c:\windows\system32\msvhhhhs.exe c:\windows\system32\msvhk.exe c:\windows\system32\msvkxks.exe c:\windows\system32\msvmixu.exe c:\windows\system32\msvrt.exe c:\windows\system32\msvsc.exe c:\windows\system32\msvtwe.exe c:\windows\system32\msvuu.exe c:\windows\system32\msvzwz.exe c:\windows\system32\mswhci.exe c:\windows\system32\mswhzwg.exe c:\windows\system32\mswjtz.exe c:\windows\system32\mswkfowq.exe c:\windows\system32\mswkm.exe c:\windows\system32\mswlkxwn.exe c:\windows\system32\mswlyn.exe c:\windows\system32\mswnp.exe c:\windows\system32\mswppnt.exe c:\windows\system32\mswqv.exe c:\windows\system32\mswrea.exe c:\windows\system32\mswvyk.exe c:\windows\system32\mswzfb.exe c:\windows\system32\mswzuvk.exe c:\windows\system32\msxagqf.exe c:\windows\system32\msxaj.exe c:\windows\system32\msxandto.exe c:\windows\system32\msxbtc.exe c:\windows\system32\msxcgv.exe c:\windows\system32\msxejm.exe c:\windows\system32\msxfa.exe c:\windows\system32\msxgud.exe c:\windows\system32\msxjjzc.exe c:\windows\system32\msxjthrx.exe c:\windows\system32\msxloeqn.exe c:\windows\system32\msxnl.exe c:\windows\system32\msxrjli.exe c:\windows\system32\msxuo.exe c:\windows\system32\msxupuna.exe c:\windows\system32\msxuzpe.exe c:\windows\system32\msxxacu.exe c:\windows\system32\msxxkp.exe c:\windows\system32\msxxsxwv.exe c:\windows\system32\msxxyanh.exe c:\windows\system32\msyamg.exe c:\windows\system32\msydkn.exe c:\windows\system32\msydtye.exe c:\windows\system32\msyhomq.exe c:\windows\system32\msyjwt.exe c:\windows\system32\msylgdbd.exe c:\windows\system32\msyopmy.exe c:\windows\system32\msyowkkm.exe c:\windows\system32\msyqrazs.exe c:\windows\system32\msywwog.exe c:\windows\system32\mszalg.exe c:\windows\system32\mszdw.exe c:\windows\system32\mszearx.exe c:\windows\system32\mszimcab.exe c:\windows\system32\mszja.exe c:\windows\system32\mszjhj.exe c:\windows\system32\mszkvx.exe c:\windows\system32\mszmdn.exe c:\windows\system32\msznfz.exe c:\windows\system32\mszpjz.exe c:\windows\system32\mszwn.exe c:\windows\system32\mszwpvui.exe c:\windows\system32\mszyh.exe c:\windows\system32\mszym.exe c:\windows\system32\mszyrt.exe c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\sopidkc.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\tpsaxyd.exe c:\windows\system32\UACdcdqhufncexjguhyl.dat c:\windows\system32\UACdgrcwdmfrsujmlysd.dll c:\windows\system32\uacinit.dll c:\windows\system32\UACqltpqlxbwqgifmyde.dll c:\windows\system32\UACsmmrwkoibifdfgxtp.dll c:\windows\system32\uactmp.db c:\windows\system32\UACvblaxfnpanqjcwjrn.dll c:\windows\system32\UACvflatqrntoklypxrl.db c:\windows\system32\UACxrudffpvvbormnxoc.dll c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\wiawow32.sys c:\windows\system32\WS2Fix.exe c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job c:\windows\Tasks\rrljvoxz.job c:\windows\TEMP\mpj93748.dll c:\windows\TEMP\mta76801.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys -------\Legacy_6TO4 -------\Legacy_AT1394 -------\Legacy_MSNCACHE -------\Legacy_PCMSTUB -------\Legacy_SOPIDKC -------\Service_6to4 -------\Service_at1394 -------\Service_msncache -------\Service_pcmstub -------\Service_sopidkc ((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 ))))))))))))))))))))))))))))))) . 2009-07-12 09:30 . 2009-07-12 09:30 -------- d-----w- C:\Lop SD 2009-07-12 05:35 . 2009-07-12 05:35 -------- d-sh--w- c:\documents and settings\guillaume\IECompatCache 2009-07-12 05:29 . 2009-07-12 05:21 135680 ----a-w- c:\windows\msb.exe 2009-07-12 05:21 . 2009-07-12 05:21 40960 --sh--r- c:\windows\system32\flashd32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-13 04:22 . 2008-06-05 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-07-12 08:12 . 2008-10-09 15:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-12 08:01 . 2008-07-08 18:17 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard 2009-07-12 08:01 . 2007-12-02 10:02 -------- d-----w- c:\program files\Lavasoft 2009-07-12 06:14 . 2009-07-12 05:22 4 ---h--w- c:\windows\Fonts\mlog 2009-07-12 05:05 . 2007-12-02 09:32 -------- d-----w- c:\documents and settings\guillaume\Application Data\uTorrent 2009-07-11 08:50 . 2008-09-10 23:42 -------- d-----w- c:\documents and settings\guillaume\Application Data\gtk-2.0 2009-06-25 18:43 . 2008-06-05 16:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-06-25 18:43 . 2008-06-05 16:57 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-06-25 18:43 . 2007-12-02 10:27 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-12 23:23 . 2009-06-10 06:33 -------- d-----w- c:\program files\Fichiers communs\DVDVideoSoft 2009-06-11 23:04 . 2009-05-28 04:11 -------- d-----w- c:\documents and settings\guillaume\Application Data\Research In Motion 2009-06-11 22:56 . 2009-05-28 04:12 256 ----a-w- c:\windows\system32\pool.bin 2009-06-10 07:17 . 2009-05-28 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com 2009-06-10 06:28 . 2005-04-19 18:57 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-14 21:17 . 2008-06-05 16:57 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-05-13 05:04 . 2005-04-19 19:12 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-07 15:33 . 2005-04-19 19:12 348672 ----a-w- c:\windows\system32\localspl.dll 2009-05-01 05:27 . 2009-01-14 14:37 2967799 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-04-19 22:22 . 2005-04-19 19:13 77236 ----a-w- c:\windows\system32\perfc00C.dat 2009-04-19 22:22 . 2005-04-19 19:13 474554 ----a-w- c:\windows\system32\perfh00C.dat 2009-04-19 19:50 . 2005-04-19 19:12 1847296 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:53 . 2005-04-19 19:12 585216 ----a-w- c:\windows\system32\rpcrt4.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-03-02 65536] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "ares"="c:\program files\Ares\Ares.exe" [2008-12-01 882176] "Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 3587120] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-23 339968] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976] "SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-25 65536] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-30 192512] "TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-30 53248] "CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-01-22 675840] "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 1077327] "HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-23 28672] "TOSHIBA Accessibility"="c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe" [2004-12-08 24576] "Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2004-11-12 73728] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-12-06 184320] "SmoothView"="c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2004-11-15 118784] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-04-09 98304] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-25 1948440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "NDSTray.exe"="NDSTray.exe" [bU] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2004-12-06 88363] "Zooming"="ZoomingHook.exe" - c:\windows\system32\ZoomingHook.exe [2004-07-14 24576] "TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-01-21 266240] "TCtryIOHook"="TCtrlIOHook.exe" - c:\windows\system32\TCtrlIOHook.exe [2005-02-16 28672] "TFncKy"="TFncKy.exe" [bU] "CFSServ.exe"="CFSServ.exe" [bU] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{38101905-D80F-4788-96F6-986A8186178A}"= "c:\windows\system32\flashd32.dll" [2009-07-12 40960] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-06-25 18:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Ares\\Ares.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\WINDOWS\\fonts\\services.exe"= "%windir%\\system32\\drivers\\svchost.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-06-05 327688] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-06-05 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-06 906520] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-06 298776] S3 EventSystem_Untrusted_BZ;Système d'événements de COM+_Untrusted_BZ;c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe -k netsvcs --> c:\virtual\Untrusted\C_\WINDOWS\system32\svchost.exe [?] S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" --> c:\program files\ma-config.com\maconfservice.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2005-09-13 c:\windows\Tasks\Rappel d'enregistrement 1.job - c:\windows\system32\OOBE\oobebaln.exe [2005-04-19 02:34] 2005-09-13 c:\windows\Tasks\Rappel d'enregistrement 2.job - c:\windows\system32\OOBE\oobebaln.exe [2005-04-19 02:34] 2005-09-13 c:\windows\Tasks\Rappel d'enregistrement 3.job - c:\windows\system32\OOBE\oobebaln.exe [2005-04-19 02:34] . - - - - ORPHANS REMOVED - - - - HKLM-Run-MotiveReportAgent - c:\program files\Fichiers communs\Motive\McciBootStrapper.exe . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = hxxp://www.shoptoshiba.ca/welcome IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: myspace.com\www DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab FF - ProfilePath - c:\documents and settings\guillaume\Application Data\Mozilla\Firefox\Profiles\x13y1clk.default\ FF - prefs.js: browser.startup.homepage - http:myspace.com/dynxx FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-13 00:26 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\Machine\System\CurrentControlSet] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ [HKEY_LOCAL_MACHINE\software\BufferZone\Virtual\Untrusted\USER\LocalSystem] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,90,f4,2b,87,a7, 60,4d,47,2e,e8,e1,00,eb,16,2b,de,52,ac,78,cd,dd,3d,5a,f8,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,dc,b5,94,0b,0a, 2f,bd,70,46,47,15,b0,92,4b,c7,ef,ec,19,78,89,64,49,cd,f1,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,e0,eb,6f,50,f8, df,4d,5f,7a,45,05,fd,91,e8,6f,31,5b,4b,75,9e,f4,ef,d9,71,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,c0,64,6a,6c,c8, 65,23,2c,6b,65,49,6a,7e,99,74,f7,a8,da,78,1e,a0,9e,f6,36,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,c6,98,1b,41,6d, eb,4d,79,e9,02,6c,fa,fb,1d,47,57,46,07,6a,c3,b8,68,99,ae,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,99,10,0e,45,31, c6,ea,b8,50,93,e5,ab,ec,6a,4e,ab,70,33,76,de,ae,6d,30,ab,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,7c,cf,ce,21,e7, 72,18,59,97,20,4e,9a,c7,f1,35,ee,bb,6e,35,27,4c,4b,9e,19,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,33,2e,e0,ce,d1, ed,25,be,aa,52,c6,00,84,3c,26,64,2c,e9,dc,14,f8,37,f3,ea,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,d5,28,ff,36,26, c4,6f,ae,b2,46,9a,e2,1b,fe,1b,94,d8,df,2a,82,ee,ee,ca,06,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,d7,c0,4b,0e,0b, 12,be,4b,37,a4,aa,c3,a6,15,56,0a,50,40,37,7c,5f,df,ed,a9,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,e2,56,18,e0,0a, 78,0f,f8,f8,31,0f,a9,5f,a0,ec,fb,ae,50,43,0f,ae,a8,57,70,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,17,2c,12,e0,ef, 29,69,bf,05,73,21,dd,54,d8,4a,c5,16,2d,7a,d0,a8,91,74,54,6c,43,2d,1e,aa,22,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(564) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2636) c:\windows\system32\flashd32.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\TPwrCfg.DLL c:\windows\system32\TPwrReg.dll c:\windows\system32\TPSTrace.DLL c:\windows\system32\eappprxy.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Toshiba\ConfigFree\CFSvcs.exe c:\windows\system32\DVDRAMSV.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\UTSCSI.EXE c:\program files\AVG\AVG8\avgcsrvx.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\Apoint2K\ApntEx.exe c:\program files\Toshiba\ConfigFree\CFSServ.exe c:\windows\system32\TPSBattM.exe . ************************************************************************** . Completion time: 2009-07-13 0:34 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-13 05:33 Pre-Run: 41 504 153 600 octets libres Post-Run: 43 452 571 648 octets libres 677 --- E O F --- 2009-06-11 22:50
  15. Westzup
    Ceci apparais Pourtant jai pas modifier le nom de combofix ...
  16. Westzup
    J'ai beau tout decocher mais combo fix dit toujour que avg l'empeche .
  17. Westzup
    Mon AV interfere avec combo fix j'essais de le desactiver mais je ne sais pas comment faire ( J'ai AVG free 8.5 )
  18. Westzup
    Voici le rapport de SmitfraudFix je fais Hijackthis maitenant . SmitFraudFix v2.423 Rapport fait à 22:38:55,43, 2009-07-12 Executé à partir de C:\Documents and Settings\guillaume\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.2.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{806D99F9-D6D0-40D8-8B67-80CB2D0564A9}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{806D99F9-D6D0-40D8-8B67-80CB2D0564A9}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{806D99F9-D6D0-40D8-8B67-80CB2D0564A9}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! "System"="" »»»»»»»»»»»»»»»»»»»»»»»» RK.2 »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage du registre non souhaité. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin
  19. Westzup
    Bonjours tout le monde , j'ai malheureusement un probleme avec mon laptop je croit que c'est un virus quand j'ouvre mon ordi ceci apparais http://i486.photobucket.com/albums/rr223/Westzup/ereur1.jpg mon internet est extrement lent , bizarment je ne peu plus rien graver car mes dvd ne sont pas reconnu . et parfois des pop-ups s'ouvre meme si aucune page web n'est ouverte comme ceux-ci http://i486.photobucket.com/albums/rr223/Westzup/error3.jpg http://i486.photobucket.com/albums/rr223/Westzup/error2.jpg Alors est ce que quelqun peut m'aider Svp , je possede deja AVG Free 8.5 , HiJackthis , LopSD , ATF-Cleaner . Merci . Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:16:35, on 2009-07-12 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\WINDOWS\msb.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\UTSCSI.EXE C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\ltmoh\Ltmoh.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe C:\WINDOWS\system32\ZoomingHook.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\Ares\Ares.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\fonts\services.exe C:\WINDOWS\system32\TPSBattM.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wiwow64.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\sopidkc.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\b.exe C:\Documents and Settings\guillaume\Bureau\HiJackThis.exe C:\WINDOWS\system32\wiawow32.sys R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/dynxx R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.shoptoshiba.ca/welcome R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F3 - REG:win.ini: load=C:\WINDOWS\system32\msmmow.exe F3 - REG:win.ini: run=C:\WINDOWS\system32\mskmbb.exe O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Fichiers communs\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Fichiers communs\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\motivebrowser.exe" /hidden O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\b.exe O4 - HKLM\..\Policies\Explorer\Run: [exec] C:\WINDOWS\system32\msrjfr.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://rapstarsgx.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://pse-esd.ainc-inac.gc.ca/nstp2/Repor...tivexviewer.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: ftexzj.dll,C:\WINDOWS\system32\modigege.dll,C:\WINDOWS\system32\ruvaluno.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Système d'événements de COM+_Untrusted_BZ (EventSystem_Untrusted_BZ) - Unknown owner - C:\Virtual\Untrusted\C_\WINDOWS\system32\svchost.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe (file missing) O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: sopidkc Service (sopidkc) - NewYork DVD LT - C:\WINDOWS\system32\sopidkc.exe O23 - Service: USBest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE -- End of file - 10270 bytes
  20. Westzup
    Oui jai réussi à installer la 6 Update 7 , et oui mon AVG dispose deja d'un firewall , et puis jai fais le scan en ligne Kaspersky mais il na rien trouvé du tout . Je pense que mes problemes on disparu car depuis un moment jai plus aucun pop up , en tk je te re merci beaucoup Apollo sans toi j'aurait été capable de rien . ps) si par malheure les pop up revient , je sais ou revenir , merci encore .
  21. Westzup
    Voici le rapport que jai recu > JavaRa 1.11 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Thu Oct 09 13:18:47 2008 Found and removed: C:\Windows\System32\jpicpl32.cpl Found and removed: Software\JavaSoft\Java2D\1.5.0 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510000 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510000 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510000 Found and removed: SOFTWARE\Classes\JavaPlugin.150 Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510000 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510000 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150000} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0\ Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 ------------------------------------ Finished reporting.
  22. Westzup
    Voila > Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:06:28, on 2008-10-09 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UTSCSI.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\ZoomingHook.exe C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe C:\WINDOWS\system32\TPSMain.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Ares\Ares.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\RAMASST.exe C:\Documents and Settings\guillaume\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.shoptoshiba.ca/welcome R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Fichiers communs\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Fichiers communs\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\motivebrowser.exe" /hidden O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Documents and Settings\marilou hayes\Bureau\PsnLite.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://rapstarsgx.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://pse-esd.ainc-inac.gc.ca/nstp2/Repor...tivexviewer.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: USBest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE -- End of file - 8928 bytes
  23. Westzup
    Ok d'accord , Merci beaucoup
  24. Westzup
    Voila > Search Navipromo version 3.6.6 commencé le 2008-10-09 à 12:30:43,85 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "guillaume" Mise à jour le 29.09.2008 à 17h30 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.11 Système de fichiers : NTFS Recherche executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans "C:\WINDOWS" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\guillaume\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\guillaume\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\guillaume\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\menudm~1\progra~1" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\WINDOWS\system32" * * Recherche dans "C:\Documents and Settings\guillaume\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\WINDOWS\system32" : * Dans "C:\Documents and Settings\guillaume\locals~1\applic~1" : * Dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat Montorgueil absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : *** Analyse terminée le 2008-10-09 à 12:41:03,42 ***
  25. Westzup
    Voici le nouveau rapport de Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:21:37, on 2008-10-09 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UTSCSI.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\ZoomingHook.exe C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\TPSMain.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Ares\Ares.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\AVG\AVG8\aAvgApi.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\guillaume\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.shoptoshiba.ca/welcome R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Fichiers communs\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Fichiers communs\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\motivebrowser.exe" /hidden O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Policies\Explorer\Run: [zw12ZFYQ7k] C:\Documents and Settings\All Users\Application Data\zgtafeng\bgnotahq.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: .security O4 - Global Startup: .security O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Documents and Settings\marilou hayes\Bureau\PsnLite.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://rapstarsgx.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://pse-esd.ainc-inac.gc.ca/nstp2/Repor...tivexviewer.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: BufferZone Service (BufferZoneSvc) - Unknown owner - C:\Program Files\BufferZone\CLNTSVC.EXE (file missing) O23 - Service: BufferZone DCOM Helper (BZDcomLaunch) - Unknown owner - C:\Program Files\BufferZone\BZDCOMLAUNCH.EXE (file missing) O23 - Service: BufferZone RPC Helper (BZRpcSs) - Unknown owner - C:\Program Files\BufferZone\BZRPCSS.EXE (file missing) O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: USBest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE -- End of file - 9793 bytes
×
×
  • Créer...