Avast WEBforum
Other => Viruses and worms => Topic started by: marie-therese on February 17, 2008, 03:04:36 PM
-
Hello,
Yesterday i chat on messenger, and a friend send me a spyware: imageshare.cogia.net
I gave it to all my other contacts through messenger, of course.
I did not find any info on the internet, except messages in russian or in griek.... the only thing I understood from these messages is "avast" and "testicle breaker", because these words were in our letters...
I run avast thoroughly and got for the first time : win32:bancos.AUK and VBS:malware.gen.
The files were put in quarantine.
About messenger, I desinstal it and install it again.
My friends still got the first message (spyware) from my messenger. I don't.
Should I do something else?
Thanks a lot.
Marie-Thérèse
-
Hi marie-therese lets have a look to make sure it is gone
Download & Run HijackThis.exe
- Download HJTInstall.exe (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to your Desktop.
- Doubleclick HJTInstall.exe to install it.
- By default it will install to C:\Program Files\Trend Micro\HijackThis .
- Click on Install.
- It will create a HijackThis icon on the desktop.
- Once installed, it will launch Hijackthis.
- Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
- Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
-
thanks, here it comes:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:09:17, on 17/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\EXPLORER.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\MSN Messenger\msn.com
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\gtsrp\gtsrp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Microsoft Encarta\Encarta World English Dictionary 2001\QSHLFED.EXE
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Octoshape Streaming Services\User\OctoshapeClient.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?tab=mn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=EXPLORER.EXE \854144.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: My FB Toolbar - {A057A204-BACC-4D26-8988-34A187E2698B} - C:\PROGRA~1\MYFBTO~1\MYFBTO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: My FB Toolbar - {A057A204-BACC-4D26-8988-34A187E2698B} - C:\PROGRA~1\MYFBTO~1\MYFBTO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gtsrp] C:\Program Files\gtsrp\gtsrp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSN Messenger] msn.com
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\User\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Quick Shelf.lnk = ?
-
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_BE&c=64&bd=pavilion&pf=laptop
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://paris.ville.orange.fr/CO/activex/AxisCamControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - http://www.musica.gulbenkian.pt/template/fonts/clearadj.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6E0B510-AF89-41AB-9548-37E138BEFDBC}: NameServer = 212.217.0.13 212.217.1.17
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 13578 bytes
-
Hi again - a few bits to remove there
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
F2 - REG:system.ini: Shell=EXPLORER.EXE \854144.exe
O4 - HKLM\..\Run: [gtsrp] C:\Program Files\gtsrp\gtsrp.exe
O4 - HKLM\..\Run: [MSN Messenger] msn.com
Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.
THEN
Download ComboFix from Here (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe) or Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.
- Double click combofix.exe and follow the prompts.
- When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
-
my god! this computer is getting me mad! lolol! I had so many things to do and I am fighting with this virus... well, I did what you said, but I had trouble at the end... I had to restart the computer and the internet several times before I could be on this forum.
Here the combofix log:
ComboFix 08-02-17.2 - User 2008-02-17 16:57:49.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1361 [GMT 0:00]
Endroit: C:\Documents and Settings\User\Bureau\ComboFix(2).exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\056226.exe
C:\067170.exe
C:\162543.exe
C:\166321.exe
C:\213540.exe
C:\300688.exe
C:\386327.exe
C:\414673.exe
C:\425111.exe
C:\531675.exe
C:\567016.exe
C:\578680.exe
C:\588478.exe
C:\653745.exe
C:\656431.exe
C:\680768.exe
C:\707704.exe
C:\740876.exe
C:\776858.exe
C:\823583.exe
C:\854144.exe
C:\Autorun.inf
C:\Documents and Settings\User\Mes documents\Divers - Pen Drive\Personnels\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Divers - Pen Drive\Personnels\Plan interactif de Rabat en 2006_fichiers\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\Documents intéressants\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\Gender\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\guide psychosocial\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\Migrants\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\Personnels\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\Personnels\Plan interactif de Rabat en 2006_fichiers\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\SIDA\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\SIDA\Gender\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\SIDA\guide psychosocial\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\SIDA\HARPAS\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\SIDA\HARPAS\Droits des Femmes\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\SIDA\HARPAS\Human rights\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\SIDA\HARPAS\Secteur privé\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\SIDA\HARPAS\TRIPS\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\SIDA\Mainstreaming\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\SIDA\Mainstreaming\Documents Raphaelle\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\SIDA\Mainstreaming\Gouvernement Local\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\SIDA\Mainstreaming\Gouvernement Local\toolkittocfr_fichiers\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\SIDA\Migrants\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\SIDA\ONGs\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\SIDA\Prison\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\Documents intéressants\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\Gender\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\Migrants\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\PNUD MAROC\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\RBAS\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\santé maternelle\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\5TH HIV FP MEETING POPOINTS & INFO\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\Appui au PNLS\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\Cours Interne NNUU\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\Documents intéressants\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\Gender\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\guide psychosocial\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\HARPAS\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\HARPAS\Droits des Femmes\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\HARPAS\Human rights\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\HARPAS\Secteur privé\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\HARPAS\TRIPS\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\Mainstreaming\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\Mainstreaming\Documents Raphaelle\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\Mainstreaming\Gouvernement Local\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\Mainstreaming\Gouvernement Local\toolkittocfr_fichiers\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\Migrants\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\ONGs\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\Prison\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\Société Civile\Desktop_.ini
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))))))))
.
2008-02-17 15:08 . 2008-02-17 15:08 <REP> d-------- C:\Program Files\Trend Micro
2008-02-17 12:22 . 2008-02-17 12:22 <REP> d-------- C:\WINDOWS\LastGood
2008-02-17 12:10 . 2008-02-17 12:22 <REP> d-------- C:\Program Files\Windows Live
2008-02-17 12:10 . 2008-02-17 12:22 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-17 12:09 . 2008-02-17 12:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-16 21:20 . 2008-02-17 06:43 32 --a------ C:\WINDOWS\system32\0.bat
2008-02-16 21:19 . 2008-02-17 12:07 32 --a------ C:\WINDOWS\system32\2.bat
2008-02-16 21:19 . 2008-02-17 11:30 32 --a------ C:\WINDOWS\system32\1.bat
2008-02-13 20:04 . 2008-02-13 20:04 197 --a------ C:\WINDOWS\system32\MRT.INI
2008-01-19 12:50 . 2008-02-17 12:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-19 12:50 . 2008-01-19 12:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-19 12:49 . 2008-01-19 12:49 <REP> d-------- C:\Program Files\iTunes
2008-01-19 12:49 . 2008-01-19 12:49 <REP> d-------- C:\Program Files\iPod
2008-01-19 12:47 . 2008-01-19 12:48 <REP> d-------- C:\Program Files\QuickTime
-
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 16:53 --------- d-----w C:\Program Files\Mozilla Firefox
2008-02-17 16:44 --------- d-----w C:\Documents and Settings\User\Application Data\myfbtoolbar
2008-02-17 12:23 --------- d-----w C:\Program Files\Fichiers communs\Microsoft Shared
2008-02-17 12:10 --------- d-----w C:\Program Files\Fichiers communs
2008-02-17 12:09 --------- d-----w C:\Documents and Settings\User\Application Data\Skype
2008-02-17 12:06 2,145,386,496 --sha-w C:\pagefile.sys
2008-02-17 11:59 --------- d-----w C:\Program Files\MSN Messenger
2008-02-15 18:13 --------- d-----w C:\Program Files\Weight Watchers FlexiPoints
2008-02-14 06:11 --------- d-----w C:\Program Files\gtsrp
2008-02-13 20:35 --------- d-----w C:\Program Files\Internet Explorer
2008-02-06 12:27 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-06 12:27 --------- d-----w C:\Program Files\Adobe
2008-02-04 23:09 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
2008-01-13 13:08 --------- d-----w C:\Program Files\WinSnap
2008-01-12 15:07 --------- d-----w C:\Documents and Settings\User\Application Data\Talkback
2008-01-11 21:36 42,777 ----a-w C:\WINDOWS\system32\imagens111.exe
2008-01-11 20:05 22,528 ----a-w C:\WINDOWS\system32\Partizan.exe
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-06 10:41 8,158,547 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-01-05 08:53 --------- d-----w C:\Program Files\LaLibre NewsBar
2008-01-05 08:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-01 10:01 20,286 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
2008-01-01 08:53 --------- d-----w C:\Program Files\Zero G Registry
2007-12-22 15:21 --------- d-----w C:\Program Files\WordUninstaller
2007-12-22 15:20 --------- d-----w C:\Program Files\ScenicReflections
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-19 05:27 --------- d-----w C:\Program Files\myfbtoolbar
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-18 07:18 --------- d-----w C:\Program Files\RadioXpi
2007-12-17 20:42 --------- d-----w C:\Documents and Settings\User\Application Data\NASA
2007-12-08 10:38 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
2007-12-08 10:38 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:03 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:02 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
2007-12-06 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-25 23:43 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
2007-11-24 22:25 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll
2007-11-24 22:24 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
2007-11-24 22:24 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
2007-11-24 22:24 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
2007-08-08 08:34 468 ----a-w C:\Documents and Settings\User\Application Data\wklnhst.dat
2007-01-30 08:33 251 ----a-w C:\Program Files\wt3d.ini
2005-09-24 06:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
-
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8988-34A187E2698B}]
2007-12-14 21:33 1974512 --a------ C:\PROGRA~1\MYFBTO~1\MYFBTO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{A057A204-BACC-4D26-8988-34A187E2698B}
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8988-34a187e2698b}]
[HKEY_CLASSES_ROOT\myfbtoolbar.MYFBTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-8988-34A187E2698B}"= C:\PROGRA~1\MYFBTO~1\MYFBTO~1.DLL [2007-12-14 21:33 1974512]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8988-34a187e2698b}]
[HKEY_CLASSES_ROOT\myfbtoolbar.MYFBTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-25 04:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 07:04 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-04-19 05:39 3297280]
"Octoshape Streaming Services"="C:\Program Files\Octoshape Streaming Services\User\OctoshapeClient.exe" [2006-02-13 16:33 214648]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 19:34 64512]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 20:58 458752]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 08:00 7585792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-18 08:00 86016]
"nwiz"="nwiz.exe" [2006-08-18 08:00 1617920 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-26 22:44 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:27 1015808]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-11 19:55 102400]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 21:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 09:33 163840]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 14:02 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 08:23 1187840]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00 79224]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02 919280]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
"EoEngine"="" []
"EoSudoku"="" []
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-24 22:24 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-25 04:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264]
C:\Documents and Settings\User\Menu D‚marrer\Programmes\D‚marrage\
Outil de d‚tection de support de Cyber-shot Viewer.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-01-28 17:08:01 155648]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-28 16:57:29 113664]
DSLMON.lnk - C:\Program Files\Menara\dslmon.exe [2007-04-23 21:23:41 839680]
D‚marrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 07:39:30 73728]
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-10-06 08:21:09 57344]
Quick Shelf.lnk - C:\WINDOWS\Installer\{08001201-5D65-445A-B3B4-3DCE72BA0C6C}\ENCICONS.EXE [2007-01-30 09:28:13 11264]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 20:39]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 17:20]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-05 23:49]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-02 17:55]
*Newly Created Service* - USNJSVC
*Newly Created Service* - WLSETUPSVC
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-16 11:53:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-17 16:40:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-17 16:13:19 C:\WINDOWS\Tasks\User_Feed_Synchronization-{80BB2F36-6F5B-4A4B-ACD0-E54ACD0C284C}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 16:59:22
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ????W??????Y?@?????<?@
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28, on 2008-02-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Microsoft Encarta\Encarta World English Dictionary 2001\QSHLFED.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Octoshape Streaming Services\User\OctoshapeClient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
-
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?tab=mn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: My FB Toolbar - {A057A204-BACC-4D26-8988-34A187E2698B} - C:\PROGRA~1\MYFBTO~1\MYFBTO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: My FB Toolbar - {A057A204-BACC-4D26-8988-34A187E2698B} - C:\PROGRA~1\MYFBTO~1\MYFBTO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\User\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Quick Shelf.lnk = ?
-
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_BE&c=64&bd=pavilion&pf=laptop
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://paris.ville.orange.fr/CO/activex/AxisCamControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - http://www.musica.gulbenkian.pt/template/fonts/clearadj.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6E0B510-AF89-41AB-9548-37E138BEFDBC}: NameServer = 212.217.0.13 212.217.1.17
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 13037 bytes
-
BY THE WAY, WHEN TRYING TO RESTART THE COMPUTER I SAW THIS IMAGESHARE STUFF WAS STILL RUNNING....
Please thanks for more help....
-
Sorry my fault I forgot to say that combofix will disconnect you from the net and you may need to reboot to get the connection back :'(
1. Please open Notepad- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
File::
C:\WINDOWS\system32\0.bat
C:\WINDOWS\system32\2.bat
C:\WINDOWS\system32\1.bat
3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
4. Save the above as CFScript.txt
5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
(http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif)
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:- Combofix.txt
- A new HijackThis log.
-
ComboFix 08-02-17.2 - User 2008-02-17 18:01:24.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1378 [GMT 0:00]
Endroit: C:\Documents and Settings\User\Bureau\ComboFix(2).exe
Command switches used :: C:\Documents and Settings\User\Mes documents\Emails\Envoyés\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
C:\WINDOWS\system32\0.bat
C:\WINDOWS\system32\1.bat
C:\WINDOWS\system32\2.bat
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\0.bat
C:\WINDOWS\system32\1.bat
C:\WINDOWS\system32\2.bat
.
---- Previous Run -------
.
C:\056226.exe
C:\067170.exe
C:\162543.exe
C:\166321.exe
C:\213540.exe
C:\300688.exe
C:\386327.exe
C:\414673.exe
C:\425111.exe
C:\531675.exe
C:\567016.exe
C:\578680.exe
C:\588478.exe
C:\653745.exe
C:\656431.exe
C:\680768.exe
C:\707704.exe
C:\740876.exe
C:\776858.exe
C:\823583.exe
C:\854144.exe
C:\Autorun.inf
C:\Documents and Settings\User\Mes documents\Divers - Pen Drive\Personnels\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Divers - Pen Drive\Personnels\Plan interactif de Rabat en 2006_fichiers\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\Documents intéressants\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\Gender\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\guide psychosocial\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\Migrants\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\Personnels\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\Personnels\Plan interactif de Rabat en 2006_fichiers\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\SIDA\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\SIDA\Gender\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\SIDA\guide psychosocial\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\SIDA\HARPAS\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\SIDA\HARPAS\Droits des Femmes\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\SIDA\HARPAS\Human rights\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\SIDA\HARPAS\Secteur privé\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\SIDA\HARPAS\TRIPS\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\SIDA\Mainstreaming\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\SIDA\Mainstreaming\Documents Raphaelle\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\SIDA\Mainstreaming\Gouvernement Local\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\SIDA\Mainstreaming\Gouvernement Local\toolkittocfr_fichiers\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\SIDA\Migrants\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\SIDA\ONGs\Desktop_.ini
C:\Documents and Settings\User\Mes documents\HIVSIDA\Maroc\SIDA\Prison\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\Documents intéressants\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\Gender\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\Migrants\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\PNUD MAROC\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\RBAS\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\santé maternelle\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\5TH HIV FP MEETING POPOINTS & INFO\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\Appui au PNLS\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\Cours Interne NNUU\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\Documents intéressants\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\Gender\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\guide psychosocial\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\HARPAS\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\HARPAS\Droits des Femmes\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\HARPAS\Human rights\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\HARPAS\Secteur privé\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\HARPAS\TRIPS\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\Mainstreaming\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\Mainstreaming\Documents Raphaelle\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\Mainstreaming\Gouvernement Local\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\Mainstreaming\Gouvernement Local\toolkittocfr_fichiers\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\Migrants\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\ONGs\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\SIDA\Prison\Desktop_.ini
C:\Documents and Settings\User\Mes documents\Travail\Maroc\Société Civile\Desktop_.ini
D:\Autorun.inf
-
((((((((((((((((((((((((((((( Fichiers créés 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))))))))
.
2008-02-17 15:08 . 2008-02-17 15:08 <REP> d-------- C:\Program Files\Trend Micro
2008-02-17 12:10 . 2008-02-17 12:22 <REP> d-------- C:\Program Files\Windows Live
2008-02-17 12:10 . 2008-02-17 12:22 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-17 12:09 . 2008-02-17 12:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-13 20:04 . 2008-02-13 20:04 197 --a------ C:\WINDOWS\system32\MRT.INI
2008-01-19 12:50 . 2008-02-17 17:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-19 12:50 . 2008-01-19 12:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-19 12:49 . 2008-01-19 12:49 <REP> d-------- C:\Program Files\iTunes
2008-01-19 12:49 . 2008-01-19 12:49 <REP> d-------- C:\Program Files\iPod
2008-01-19 12:47 . 2008-01-19 12:48 <REP> d-------- C:\Program Files\QuickTime
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 17:22 --------- d-----w C:\Program Files\Mozilla Firefox
2008-02-17 17:20 --------- d-----w C:\Documents and Settings\User\Application Data\myfbtoolbar
2008-02-17 17:14 --------- d-----w C:\Documents and Settings\User\Application Data\Skype
2008-02-17 17:09 2,145,386,496 --sha-w C:\pagefile.sys
2008-02-17 17:02 2,356,736 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-17 12:23 --------- d-----w C:\Program Files\Fichiers communs\Microsoft Shared
2008-02-17 12:10 --------- d-----w C:\Program Files\Fichiers communs
2008-02-17 11:59 --------- d-----w C:\Program Files\MSN Messenger
2008-02-15 18:13 --------- d-----w C:\Program Files\Weight Watchers FlexiPoints
2008-02-14 06:11 --------- d-----w C:\Program Files\gtsrp
2008-02-13 20:35 --------- d-----w C:\Program Files\Internet Explorer
2008-02-06 12:27 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-06 12:27 --------- d-----w C:\Program Files\Adobe
2008-02-04 23:09 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
2008-01-13 13:08 --------- d-----w C:\Program Files\WinSnap
2008-01-12 15:07 --------- d-----w C:\Documents and Settings\User\Application Data\Talkback
2008-01-11 21:36 42,777 ----a-w C:\WINDOWS\system32\imagens111.exe
2008-01-11 20:05 22,528 ----a-w C:\WINDOWS\system32\Partizan.exe
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-06 10:41 8,158,547 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-01-05 08:53 --------- d-----w C:\Program Files\LaLibre NewsBar
2008-01-05 08:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-01 10:01 20,286 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
2008-01-01 08:53 --------- d-----w C:\Program Files\Zero G Registry
2007-12-22 15:21 --------- d-----w C:\Program Files\WordUninstaller
2007-12-22 15:20 --------- d-----w C:\Program Files\ScenicReflections
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-19 05:27 --------- d-----w C:\Program Files\myfbtoolbar
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-18 07:18 --------- d-----w C:\Program Files\RadioXpi
2007-12-17 20:42 --------- d-----w C:\Documents and Settings\User\Application Data\NASA
2007-12-08 10:38 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
2007-12-08 10:38 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:03 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:02 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
2007-12-06 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-25 23:43 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
2007-11-24 22:25 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll
2007-11-24 22:24 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
2007-11-24 22:24 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
2007-11-24 22:24 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
2007-08-08 08:34 468 ----a-w C:\Documents and Settings\User\Application Data\wklnhst.dat
2007-01-30 08:33 251 ----a-w C:\Program Files\wt3d.ini
2005-09-24 06:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
(((((((((((((((((((((((((((
-
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8988-34A187E2698B}]
2007-12-14 21:33 1974512 --a------ C:\PROGRA~1\MYFBTO~1\MYFBTO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{A057A204-BACC-4D26-8988-34A187E2698B}
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8988-34a187e2698b}]
[HKEY_CLASSES_ROOT\myfbtoolbar.MYFBTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-8988-34A187E2698B}"= C:\PROGRA~1\MYFBTO~1\MYFBTO~1.DLL [2007-12-14 21:33 1974512]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8988-34a187e2698b}]
[HKEY_CLASSES_ROOT\myfbtoolbar.MYFBTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-25 04:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 07:04 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-04-19 05:39 3297280]
"Octoshape Streaming Services"="C:\Program Files\Octoshape Streaming Services\User\OctoshapeClient.exe" [2006-02-13 16:33 214648]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 19:34 64512]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 20:58 458752]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 08:00 7585792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-18 08:00 86016]
"nwiz"="nwiz.exe" [2006-08-18 08:00 1617920 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-26 22:44 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:27 1015808]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-11 19:55 102400]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 21:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 09:33 163840]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 14:02 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 08:23 1187840]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00 79224]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02 919280]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
"EoEngine"="" []
"EoSudoku"="" []
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-24 22:24 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-25 04:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264]
C:\Documents and Settings\User\Menu D‚marrer\Programmes\D‚marrage\
Outil de d‚tection de support de Cyber-shot Viewer.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-01-28 17:08:01 155648]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-28 16:57:29 113664]
DSLMON.lnk - C:\Program Files\Menara\dslmon.exe [2007-04-23 21:23:41 839680]
D‚marrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 07:39:30 73728]
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-10-06 08:21:09 57344]
Quick Shelf.lnk - C:\WINDOWS\Installer\{08001201-5D65-445A-B3B4-3DCE72BA0C6C}\ENCICONS.EXE [2007-01-30 09:28:13 11264]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 20:39]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 17:20]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-05 23:49]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-02 17:55]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-16 11:53:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-17 17:40:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-17 16:13:19 C:\WINDOWS\Tasks\User_Feed_Synchronization-{80BB2F36-6F5B-4A4B-ACD0-E54ACD0C284C}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 18:04:10
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ???0X??????Y?@?????<?@
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13, on 2008-02-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\Microsoft Encarta\Encarta World English Dictionary 2001\QSHLFED.EXE
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Octoshape Streaming Services\User\OctoshapeClient.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
-
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?tab=mn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: My FB Toolbar - {A057A204-BACC-4D26-8988-34A187E2698B} - C:\PROGRA~1\MYFBTO~1\MYFBTO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: My FB Toolbar - {A057A204-BACC-4D26-8988-34A187E2698B} - C:\PROGRA~1\MYFBTO~1\MYFBTO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\User\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Quick Shelf.lnk = ?
-
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_BE&c=64&bd=pavilion&pf=laptop
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://paris.ville.orange.fr/CO/activex/AxisCamControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - http://www.musica.gulbenkian.pt/template/fonts/clearadj.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6E0B510-AF89-41AB-9548-37E138BEFDBC}: NameServer = 212.217.0.13 212.217.1.17
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 13213 bytes
-
WHEN I TRIED TO REBOOT I SAW THE IMAGESHARE.COGIA.NET IS STILL RUNNING ON FIREFOX
-
I TOOK A BREAK AND GOT AN ILLUMINATION!!!!!!
when i see the running of the imageshare blabla with firefox.... it must be this forum, isn't it? with the title of my post??? or no????
-
I TOOK A BREAK AND GOT AN ILLUMINATION!!!!!!
when i see the running of the imageshare blabla with firefox.... it must be this forum, isn't it? with the title of my post??? or no?
Yes it does appear on the top. I must admit I did not think of that so I did another full search of your logs in case I had missed something :-*
Having said that, your logs now appear clear - how is your computer running now ?
-
my computer seems OK now... I still have problems sometimes to access all products related to google (gmail, news, etc), but it might come from my provider, as it had happened before and came back "alone"... (Is there any virus doing that by the way?).
I asked to all my running messenger contacts to see if they received again the message and they say now... But the ones infected are getting mad trying to take it out... (they have other antivirus...).
I spent my whole Sunday on my computer... Happily it was a rainy day!
Thanks a lot, it is nice to know my computer clean anyway.
Marie-Thérèse
-
Now the best part of the day ----- Your log now appears clean :thumbsup:
You may delete all the programmes I had you download
Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:
1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE
You now have a clean restore point, to get rid of the bad ones:
1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done
Now that you are clean, to help protect your computer in the future I recommend that you get the following free program: - SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) to help prevent spyware from installing in the first place.
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To keep your operating system up to date visit - Microsoft Windows Update (http://windowsupdate.microsoft.com)
To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place? (http://forums.spywareinfo.com/index.php?showtopic=60955)
Keep safe :wave:
-
i have antivirus and firewall... and windows updated. At least, i think so....
I did what you said, cleaning, and restore points, etc.
About spywareblaster, if I understood well, I should update it every week, or use the autoupdate, but for that feature, I should pay the licence, right?
-
No need to pay for the licence, a manual update monthly should suffice