enlever antispywareexpert
Forum Sécurité - Virus : enlever antispywareexpert
Merci de m'aider a desintaller antispywaerexpert
Un bonjour ?
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Répondre à Angeldark
voila j'espere que ca va aider-merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:16:59, on 30/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark 6300 Series\lxcdmon.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxcdcoms.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Bat Wave Base Dale] C:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave\SCR SLOW.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcdmon.exe] "C:\Program Files\Lexmark 6300 Series\lxcdmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [28a2f2bf] rundll32.exe "C:\WINDOWS\system32\sntettmv.dll",b
O4 - HKLM\..\Run: [AntiSpywareExpert] C:\Program Files\AntiSpywareExpert\ase.exe
O4 - HKLM\..\Run: [BM2b91c123] Rundll32.exe "C:\WINDOWS\system32\xxwnftyi.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BM2b91c123] Rundll32.exe "C:\WINDOWS\system32\xxwnftyi.dll",s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Eric Chevalier\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/control [...] oader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-G [...] E_UNO1.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcd_device - Unknown owner - C:\WINDOWS\system32\lxcdcoms.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
--
End of file - 10344 bytes
Oups desole
Bonjour et merci, c'est la 1ere fois que suis sur 1 forum et n'y connait pas grand chose en PC...
que dois je faire maintenant ?
merci de m'aider
Commence par être patient 
! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
- Télécharge ComboFix (sUBs) sur ton Bureau.
- Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
- Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Répondre à Angeldark
ouf ....
voici le rapport
Merci
ComboFix 08-10-30.09 - Eric Chevalier 2008-10-30 19:59:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.145 [GMT 1:00]
Running from: C:\Documents and Settings\Eric Chevalier\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Eric Chevalier\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareExpert
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareExpert\AntiSpywareExpert.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareExpert\Uninstall AntiSpywareExpert.lnk
C:\Documents and Settings\Eric Chevalier\Desktop\AntiSpywareExpert.lnk
C:\Program Files\AntiSpywareExpert
C:\Program Files\AntiSpywareExpert\ase.exe
C:\Program Files\AntiSpywareExpert\ASEFreeUpdate_fr.exe
C:\Program Files\AntiSpywareExpert\BL.dat
C:\Program Files\AntiSpywareExpert\WL.dat
C:\WINDOWS\BM2b91c123.txt
C:\WINDOWS\BM2b91c123.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\abhfxdge.dll
C:\WINDOWS\system32\aepeutqd.dll
C:\WINDOWS\system32\afwcyqtd.dll
C:\WINDOWS\system32\akmedpff.dll
C:\WINDOWS\system32\alcmyz.dll
C:\WINDOWS\system32\apdluudi.dll
C:\WINDOWS\system32\apvhmd.dll
C:\WINDOWS\system32\atnsewqo.ini
C:\WINDOWS\system32\aylmosxp.ini
C:\WINDOWS\system32\ayplpxmx.dll
C:\WINDOWS\system32\aypqhgwr.ini
C:\WINDOWS\system32\btftuhbu.dll
C:\WINDOWS\system32\byewuame.dll
C:\WINDOWS\system32\cvrintre.dll
C:\WINDOWS\system32\cvyiydat.ini
C:\WINDOWS\system32\daoclf.dll
C:\WINDOWS\system32\dgxxsmgg.dll
C:\WINDOWS\system32\dhqkqshm.ini
C:\WINDOWS\system32\DJRuFfhk.ini
C:\WINDOWS\system32\dshgrz.dll
C:\WINDOWS\system32\durmsj.dll
C:\WINDOWS\system32\eagmaefe.dll
C:\WINDOWS\system32\ejvowd.dll
C:\WINDOWS\system32\emauweyb.ini
C:\WINDOWS\system32\engnwxia.ini
C:\WINDOWS\system32\ersiyh.dll
C:\WINDOWS\system32\euwhuuvf.dll
C:\WINDOWS\system32\eyvpkecv.ini
C:\WINDOWS\system32\fjnfix.dll
C:\WINDOWS\system32\fvbonxrn.dll
C:\WINDOWS\system32\fwbseogp.dll
C:\WINDOWS\system32\fwumjo.dll
C:\WINDOWS\system32\gdsmbi.dll
C:\WINDOWS\system32\goglpp.dll
C:\WINDOWS\system32\gohoflpo.ini
C:\WINDOWS\system32\gtieos.dll
C:\WINDOWS\system32\gwdkdoqv.ini
C:\WINDOWS\system32\gydqpmpv.dll
C:\WINDOWS\system32\hbhfcg.dll
C:\WINDOWS\system32\hdfjna.dll
C:\WINDOWS\system32\hgpqivou.ini
C:\WINDOWS\system32\hvtpuouh.ini
C:\WINDOWS\system32\hxrkeiey.ini
C:\WINDOWS\system32\iupnhhrd.dll
C:\WINDOWS\system32\jdmootkv.dll
C:\WINDOWS\system32\jiwxlbah.dll
C:\WINDOWS\system32\jkqeth.dll
C:\WINDOWS\system32\jmocrkth.ini
C:\WINDOWS\system32\joteklyw.dll
C:\WINDOWS\system32\jovjijjv.ini
C:\WINDOWS\system32\jttidxaj.dll
C:\WINDOWS\system32\kbmnef.dll
C:\WINDOWS\system32\kbppjswt.ini
C:\WINDOWS\system32\kncfpa.dll
C:\WINDOWS\system32\koeggwas.dll
C:\WINDOWS\system32\krmriqeh.dll
C:\WINDOWS\system32\kvlymz.dll
C:\WINDOWS\system32\kxesijqd.dll
C:\WINDOWS\system32\kxgwvgbc.dll
C:\WINDOWS\system32\lkSAaccf.ini
C:\WINDOWS\system32\ltgaxg.dll
C:\WINDOWS\system32\mapycssd.dll
C:\WINDOWS\system32\mbkranmn.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mfnehrgq.ini
C:\WINDOWS\system32\mhkunkmr.ini
C:\WINDOWS\system32\mnryuofv.ini
C:\WINDOWS\system32\mpcysawp.ini
C:\WINDOWS\system32\mqgfqj.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\njfnyqbs.dll
C:\WINDOWS\system32\nmoxefao.ini
C:\WINDOWS\system32\nqxkvp.dll
C:\WINDOWS\system32\nslmxtea.ini
C:\WINDOWS\system32\ntahmbbr.dll
C:\WINDOWS\system32\obcsnwiv.ini
C:\WINDOWS\system32\obqrohur.dll
C:\WINDOWS\system32\okacjykq.dll
C:\WINDOWS\system32\ophvbrxr.dll
C:\WINDOWS\system32\oycigwpr.dll
C:\WINDOWS\system32\pckxpj.dll
C:\WINDOWS\system32\pdaaxagn.ini
C:\WINDOWS\system32\pgoesbwf.ini
C:\WINDOWS\system32\pltvhpfn.dll
C:\WINDOWS\system32\psjaas.dll
C:\WINDOWS\system32\qcjltvvq.ini
C:\WINDOWS\system32\qkkvrr.dll
C:\WINDOWS\system32\qleeipkn.ini
C:\WINDOWS\system32\qnmmgh.dll
C:\WINDOWS\system32\qqxxzc.dll
C:\WINDOWS\system32\qtoxfncd.dll
C:\WINDOWS\system32\rpwgicyo.ini
C:\WINDOWS\system32\rqufuyjq.dll
C:\WINDOWS\system32\RsCfOqru.ini
C:\WINDOWS\system32\RsCfOqru.ini2
C:\WINDOWS\system32\rtoklxbx.ini
C:\WINDOWS\system32\rvmlmjbf.ini
C:\WINDOWS\system32\sescxiev.exe
C:\WINDOWS\system32\sfehlats.dll
C:\WINDOWS\system32\skkkqjtr.dll
C:\WINDOWS\system32\sntettmv.dll
C:\WINDOWS\system32\spghdmqi.ini
C:\WINDOWS\system32\sxbxfj.dll
C:\WINDOWS\system32\sydfve.dll
C:\WINDOWS\system32\taxssjsl.dll
C:\WINDOWS\system32\tepscdlc.dll
C:\WINDOWS\system32\tgsmqxbn.dll
C:\WINDOWS\system32\tjgptpbq.ini
C:\WINDOWS\system32\tlncyvxh.dll
C:\WINDOWS\system32\tmewanpe.dll
C:\WINDOWS\system32\tuvUMeBu.dll
C:\WINDOWS\system32\twsjppbk.dll
C:\WINDOWS\system32\txucyajc.ini
C:\WINDOWS\system32\uBeMUvut.ini
C:\WINDOWS\system32\uBeMUvut.ini2
C:\WINDOWS\system32\ucxnfl.dll
C:\WINDOWS\system32\ujckbwgw.dll
C:\WINDOWS\system32\ulitnfao.dll
C:\WINDOWS\system32\uoviqpgh.dll
C:\WINDOWS\system32\UwHikUtv.ini
C:\WINDOWS\system32\uwpddmya.ini
C:\WINDOWS\system32\uxnugr.dll
C:\WINDOWS\system32\uxogfgan.dll
C:\WINDOWS\system32\vbaryosh.ini
C:\WINDOWS\system32\vcekpvye.dll
C:\WINDOWS\system32\vmttetns.ini
C:\WINDOWS\system32\vpjvyijp.dll
C:\WINDOWS\system32\vpmpqdyg.ini
C:\WINDOWS\system32\WDdJRqss.ini
C:\WINDOWS\system32\weheqhle.ini
C:\WINDOWS\system32\wfnthxds.dll
C:\WINDOWS\system32\wgurwj.dll
C:\WINDOWS\system32\wgwbkcju.ini
C:\WINDOWS\system32\wmafuyai.dll
C:\WINDOWS\system32\wmlhgruc.ini
C:\WINDOWS\system32\wvUoMeFX.dll
C:\WINDOWS\system32\wynpkc.dll
C:\WINDOWS\system32\xbwoxvgr.dll
C:\WINDOWS\system32\xbxlkotr.dll
C:\WINDOWS\system32\xcgnsp.dll
C:\WINDOWS\system32\xeibjduu.ini
C:\WINDOWS\system32\xjnjnqlm.ini
C:\WINDOWS\system32\xmwxisau.dll
C:\WINDOWS\system32\xwrwmpjx.dll
C:\WINDOWS\system32\xxwnftyi.dll
C:\WINDOWS\system32\yeiekrxh.dll
C:\WINDOWS\system32\ykmvco.dll
C:\WINDOWS\system32\yuhqhosx.ini
C:\WINDOWS\system32\yxegsoil.dll
C:\WINDOWS\system32\yxjsnive.dll
C:\WINDOWS\system32\zedkcq.dll
.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-30 )))))))))))))))))))))))))))))))
.
2008-10-30 13:15 . 2008-10-30 13:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-30 09:55 . 2008-10-30 09:55 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-10-29 09:27 . 2008-10-29 09:27 <DIR> d-------- C:\Program Files\Symantec
2008-10-29 09:27 . 2008-10-29 09:27 124,464 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-10-29 09:27 . 2008-10-29 09:27 60,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-29 09:27 . 2008-10-29 09:25 35,888 -ra------ C:\WINDOWS\system32\drivers\SymIM.sys
2008-10-29 09:24 . 2008-10-29 09:24 <DIR> d-------- C:\WINDOWS\system32\drivers\NIS
2008-10-29 09:24 . 2008-10-29 09:24 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-10-29 09:24 . 2008-10-29 09:24 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-10-29 08:59 . 2008-10-29 08:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCSettings
2008-10-29 08:59 . 2008-10-29 09:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Norton
2008-10-29 08:58 . 2008-10-29 08:58 <DIR> d-------- C:\Program Files\NortonInstaller
2008-10-29 08:58 . 2008-10-29 08:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-29 08:52 . 2008-10-29 08:52 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-10-21 18:19 . 2008-10-21 18:19 268 --ah----- C:\sqmdata12.sqm
2008-10-21 18:19 . 2008-10-21 18:19 244 --ah----- C:\sqmnoopt11.sqm
2008-10-21 16:30 . 2008-10-21 16:30 268 --ah----- C:\sqmdata11.sqm
2008-10-21 16:30 . 2008-10-21 16:30 244 --ah----- C:\sqmnoopt10.sqm
2008-10-21 06:02 . 2008-10-21 06:02 268 --ah----- C:\sqmdata10.sqm
2008-10-21 06:02 . 2008-10-21 06:02 244 --ah----- C:\sqmnoopt09.sqm
2008-10-04 10:35 . 2008-10-04 10:37 <DIR> d-------- C:\Need4Video files
2008-10-04 10:22 . 2008-10-04 10:27 <DIR> d-------- C:\Documents and Settings\Eric Chevalier\Application Data\vlc
2008-10-04 10:20 . 2008-10-04 10:20 <DIR> d-------- C:\Program Files\VideoLAN
2008-09-20 06:06 . 2008-09-20 06:06 221,184 --a------ C:\WINDOWS\system32\lsfmbphk.dll
2008-09-20 06:06 . 2008-09-20 06:06 108,544 --a------ C:\WINDOWS\system32\yayyAQhg.dll
2008-09-20 06:04 . 2008-09-20 06:04 115,200 --a------ C:\WINDOWS\system32\qybjocww.dll
2008-09-20 06:04 . 2008-09-20 06:04 115,200 --a------ C:\WINDOWS\system32\bgtsho.dll
2008-09-20 06:04 . 2008-09-20 06:04 95,744 --a------ C:\WINDOWS\system32\jyrwifew.dll
2008-09-19 06:09 . 2008-09-19 06:09 115,200 --a------ C:\WINDOWS\system32\ttkamd.dll
2008-09-19 06:09 . 2008-09-19 06:09 115,200 --a------ C:\WINDOWS\system32\ksptlwtp.dll
2008-09-19 06:06 . 2008-09-19 06:06 221,184 --a------ C:\WINDOWS\system32\pnsrbkts.dll
2008-09-19 06:06 . 2008-09-19 06:06 108,544 --a------ C:\WINDOWS\system32\iifcYSJd.dll
2008-09-19 06:03 . 2008-09-19 06:03 95,744 --a------ C:\WINDOWS\system32\moxpuwwr.dll
2008-09-19 06:03 . 2008-09-19 06:03 95,744 --a------ C:\WINDOWS\system32\csvrfnph.dll
2008-09-18 06:09 . 2008-09-18 06:09 221,184 --a------ C:\WINDOWS\system32\dipmoljs.dll
2008-09-18 06:09 . 2008-09-18 06:09 108,544 --a------ C:\WINDOWS\system32\awttsPFv.dll
2008-09-18 06:06 . 2008-09-18 06:06 115,200 --a------ C:\WINDOWS\system32\kglnwd.dll
2008-09-18 06:06 . 2008-09-18 06:06 115,200 --a------ C:\WINDOWS\system32\dfwodcui.dll
2008-09-18 06:03 . 2008-09-18 06:03 95,744 --a------ C:\WINDOWS\system32\swfgjgsn.dll
2008-09-17 10:26 . 2008-09-17 10:26 115,200 --a------ C:\WINDOWS\system32\kyxnqk.dll
2008-09-17 10:26 . 2008-09-17 10:26 115,200 --a------ C:\WINDOWS\system32\kmgcrogq.dll
2008-09-16 06:01 . 2008-09-16 06:01 95,232 --a------ C:\WINDOWS\system32\qfhbmnol.dll
2008-09-16 06:01 . 2008-09-16 06:01 85,504 --a------ C:\WINDOWS\system32\mhsqkqhd.dll
2008-09-15 06:03 . 2008-09-15 06:03 115,200 --a------ C:\WINDOWS\system32\xjasmqdv.dll
2008-09-15 06:03 . 2008-09-15 06:03 115,200 --a------ C:\WINDOWS\system32\rfqrul.dll
2008-09-15 06:01 . 2008-09-15 06:01 95,744 --a------ C:\WINDOWS\system32\cirnncvu.dll
2008-09-10 19:12 . 2008-09-10 19:12 115,712 --a------ C:\WINDOWS\system32\qjwdfgeb.dll
2008-09-10 11:36 . 2008-09-10 11:36 115,712 --a------ C:\WINDOWS\system32\ufueicrp.dll
2008-09-10 11:36 . 2008-09-10 11:36 67,984 --a------ C:\WINDOWS\system32\ewvxiige.dll
2008-09-10 00:51 . 2008-09-10 00:51 69,436 --a------ C:\WINDOWS\system32\mhybxbvu.dll
2008-09-09 21:43 . 2008-09-09 21:43 66,532 --a------ C:\WINDOWS\system32\qfhepmcf.dll
2008-09-09 21:42 . 2008-09-09 21:42 284,672 --a------ C:\WINDOWS\system32\urqOfCsR.dll
2008-09-09 19:45 . 2008-09-09 19:45 <DIR> d-------- C:\WINDOWS\system32\wTR02
2008-09-09 19:45 . 2008-09-09 19:45 <DIR> d-------- C:\Temp\dax41
2008-09-09 19:45 . 2008-09-09 19:45 34,816 --a------ C:\WINDOWS\system32\ssqNDsQj.dll
2008-09-09 19:45 . 2008-09-09 19:45 34,816 --a------ C:\WINDOWS\system32\ljJDWPfd.dll
2008-09-06 13:15 . 2008-09-06 13:15 <DIR> d-------- C:\Documents and Settings\Eric Chevalier\Application Data\ViquaSoft
2008-09-06 12:29 . 2008-09-06 12:29 268 --ah----- C:\sqmdata09.sqm
2008-09-06 12:29 . 2008-09-06 12:29 244 --ah----- C:\sqmnoopt08.sqm
2008-09-06 12:17 . 2008-09-06 12:28 <DIR> d-------- C:\Documents and Settings\Eric Chevalier\Application Data\FUJIFILM
2008-09-06 12:15 . 2008-10-26 20:30 <DIR> d-------- C:\Program Files\FinePixViewer
2008-09-06 12:15 . 2003-09-03 15:45 274,432 --a------ C:\WINDOWS\system32\FFTIFF16.dll
2008-09-06 12:15 . 2006-07-12 13:39 208,896 --a------ C:\WINDOWS\system32\FFRafShellEx.dll
2008-09-06 12:15 . 2004-07-24 20:28 155,648 --a------ C:\WINDOWS\system32\FFRAFLIB.DLL
2008-09-06 12:14 . 2008-09-06 12:14 <DIR> d-------- C:\Program Files\REGSHAVE
2008-09-06 12:14 . 2001-11-25 12:11 81,924 --a------ C:\WINDOWS\system32\drivers\VC4CB104.SYS
2008-09-06 12:14 . 2002-02-27 12:27 65,536 --a------ C:\WINDOWS\system32\FINFCHECK.dll
2008-09-06 12:14 . 2002-06-25 09:06 45,056 --a------ C:\WINDOWS\system32\FINFCOPY.dll
2008-09-06 12:13 . 2002-02-05 17:33 69,632 --a------ C:\WINDOWS\system32\FREGSHEX.DLL
2008-09-06 12:13 . 2002-02-13 11:00 45,056 --a------ C:\WINDOWS\system32\FCLKBTN.DLL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-30 19:16 --------- d-----w C:\Documents and Settings\Eric Chevalier\Application Data\skypePM
2008-10-30 19:16 --------- d-----w C:\Documents and Settings\Eric Chevalier\Application Data\Skype
2008-10-30 19:15 --------- d-----w C:\Documents and Settings\Eric Chevalier\Application Data\LimeWire
2008-10-30 19:14 --------- d-----w C:\Program Files\Lx_cats
2008-10-29 08:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-29 08:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-29 08:27 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-10-29 08:27 10,635 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-10-29 07:38 --------- d-----w C:\Program Files\MSN Games
2008-10-28 06:22 --------- d-----w C:\Program Files\Zylom Games
2008-10-27 18:51 --------- d-----w C:\Program Files\LimeWire
2008-10-18 19:01 --------- d-----w C:\Documents and Settings\Eric Chevalier\Application Data\AdobeUM
2008-09-07 18:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-06 11:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-03 11:39 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-09-03 11:39 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2008-08-31 21:48 --------- d-----w C:\Documents and Settings\Eric Chevalier\Application Data\Gamelab
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47836122-9D2E-476C-9763-B1D366F704E1}]
2008-09-09 19:45 34816 --a------ C:\WINDOWS\system32\ljJDWPfd.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7BA6D27A-E1CB-41F6-8BD0-15E38064704B}]
2008-09-09 21:42 284672 --a------ C:\WINDOWS\system32\urqOfCsR.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABDB597C-0677-4C39-B9AF-CA3382030190}]
2008-10-30 20:19 281600 --a------ C:\WINDOWS\system32\cbXOFxvT.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-14 68856]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bat Wave Base Dale"="C:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave\SCR SLOW.exe" [2008-07-18 4784640]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"LXCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll" [2005-07-11 69632]
"lxcdmon.exe"="C:\Program Files\Lexmark 6300 Series\lxcdmon.exe" [2005-06-24 200704]
"EzPrint"="C:\Program Files\Lexmark 6300 Series\ezprint.exe" [2005-07-05 94208]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 528384]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"28a2f2bf"="C:\WINDOWS\system32\qpdrxbes.dll" [2008-10-30 71680]
"SiSPower"="SiSPower.dll" [2005-02-16 C:\WINDOWS\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe [2006-06-07 553021]
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2008-09-06 303104]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2008-04-13 118784]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{47836122-9D2E-476C-9763-B1D366F704E1}"= "C:\WINDOWS\system32\ljJDWPfd.dll" [2008-09-09 34816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJDWPfd]
2008-09-09 19:45 34816 C:\WINDOWS\system32\ljJDWPfd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=kvlymz.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\cbXOFxvT
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 SymEFA;Symantec Extended File Attributes;C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMEFA.SYS [2008-10-29 309296]
R1 BHDrvx86;Symantec Heuristics Driver;C:\WINDOWS\system32\drivers\NIS\1000000.07D\BHDrvx86.sys [2008-10-29 254512]
R1 ccHP;Symantec Hash Provider;C:\WINDOWS\system32\drivers\NIS\1000000.07D\ccHPx86.sys [2008-10-29 362544]
R1 IDSxpx86;IDSxpx86;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081029.001\IDSxpx86.sys [2008-10-29 274808]
R2 Norton Internet Security;Norton Internet Security;C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\diMaster.dll [ ]
.
Contents of the 'Scheduled Tasks' folder
2008-10-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
2008-10-24 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Eric Chevalier.job
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe []
2008-10-30 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORPHANS REMOVED - - - -
BHO-{142f5552-4cf4-4113-9298-0e87ca7fd52d} - C:\WINDOWS\system32\ejvowd.dll
BHO-{8717A3F7-549A-4BED-A201-E8D01D3EF4EB} - C:\WINDOWS\system32\tuvUMeBu.dll
HKCU-Run-BM2b91c123 - C:\WINDOWS\system32\xxwnftyi.dll
HKLM-Run-AntiSpywareExpert - C:\Program Files\AntiSpywareExpert\ase.exe
HKLM-Run-BM2b91c123 - C:\WINDOWS\system32\xxwnftyi.dll
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page =
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Send to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Eric Chevalier\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Eric Chevalier\Start Menu\Programs\IMVU\Run IMVU.lnk -
O18 -: WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENETFLT.DLL
O18 -: WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENETFLT.DLL
O18 -: WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENETFLT.DLL
O18 -: WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENETFLT.DLL
O18 -: WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - C:\Program Files\Microsoft ActiveSync\CENETFLT.DLL
O18 -: WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - C:\Program Files\Microsoft ActiveSync\CENETFLT.DLL
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 20:14:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Norton Internet Security]
"ImagePath"="\"C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\qpdrxbes.dll
-> C:\WINDOWS\system32\cbXOFxvT.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\lxcdcoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\update\update.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-10-30 20:24:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-30 19:23:55
Pre-Run: 35 105 710 080 bytes free
Post-Run: 35,649,474,560 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
435 --- E O F --- 2008-08-27 09:08:49
Re,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
- Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
Répondre à Angeldark
Bonjour,
me revoila
Voici le rapport
Merci pour votre aide....
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1306
Windows 5.1.2600 Service Pack 2
31/10/2008 09:41:10
mbam-log-2008-10-31 (09-41-10).txt
Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 240292
Temps écoulé: 7 hour(s), 44 minute(s), 19 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 148
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\cbXOFxvT.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ljJDWPfd.dll (Trojan.Vundo) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47836122-9d2e-476c-9763-b1d366f704e1} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjdwpfd (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{47836122-9d2e-476c-9763-b1d366f704e1} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9b5fe86c-d207-4ca9-8dbc-85ca51a144a0} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9b5fe86c-d207-4ca9-8dbc-85ca51a144a0} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7ba6d27a-e1cb-41f6-8bd0-15e38064704b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7ba6d27a-e1cb-41f6-8bd0-15e38064704b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\28a2f2bf (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{47836122-9d2e-476c-9763-b1d366f704e1} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bat wave base dale (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\cbxofxvt -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\cbxofxvt -> Delete on reboot.
Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wTR02 (Trojan.Agent) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\ljJDWPfd.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\cbXOFxvT.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\TvxFOXbc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TvxFOXbc.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qpdrxbes.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sebxrdpq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\aepeutqd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\apdluudi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ayplpxmx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\byewuame.dll.vir (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\cvrintre.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\daoclf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ersiyh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\euwhuuvf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fjnfix.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gdsmbi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\goglpp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gtieos.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hbhfcg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\iupnhhrd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jdmootkv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kncfpa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kxgwvgbc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mapycssd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\obqrohur.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pckxpj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qkkvrr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qnmmgh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qqxxzc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qtoxfncd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\sescxiev.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\sfehlats.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\skkkqjtr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\sydfve.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tgsmqxbn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tlncyvxh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ujckbwgw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ulitnfao.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wgurwj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wynpkc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xcgnsp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xmwxisau.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP194\A0072296.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP197\A0075307.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP197\A0075308.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP201\A0078365.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP202\A0080365.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP202\A0081374.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP203\A0081380.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP207\A0086401.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP208\A0087401.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP208\A0088410.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP208\A0088411.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP208\A0088413.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP208\A0088414.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP208\A0088418.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP209\A0088441.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP210\A0088464.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP210\A0088465.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP210\A0088466.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP210\A0088467.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP210\A0089414.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP210\A0089415.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP212\A0093413.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP213\A0097413.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP214\A0097474.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP214\A0098468.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP215\A0099468.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP215\A0099469.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP215\A0099470.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP218\A0102484.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP218\A0102485.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP218\A0102486.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP218\A0102487.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP218\A0102488.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP218\A0102489.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP218\A0102490.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP223\A0110468.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP225\A0113468.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP228\A0118483.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP228\A0118484.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP229\A0123512.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP230\A0123530.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP230\A0124493.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP230\A0124504.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP231\A0126492.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP232\A0127492.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP232\A0128499.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP232\A0128502.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP232\A0128503.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP232\A0128505.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP232\A0128506.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP232\A0128507.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP235\A0134541.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP235\A0134542.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166202.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166206.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166210.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166213.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166215.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166224.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166225.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166227.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166231.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166232.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166234.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166237.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166242.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166243.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166252.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166257.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166260.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166273.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166277.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166283.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166285.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166286.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166287.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166293.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166294.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166295.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166299.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166302.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166304.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166310.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166311.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166325.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166330.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166333.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C82BE43-5BEA-4363-BEDB-E75C02DEAD79}\RP244\A0166336.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bgtsho.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dfwodcui.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kglnwd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kmgcrogq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ksptlwtp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kyxnqk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mhsqkqhd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qfhbmnol.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qjwdfgeb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qybjocww.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rfqrul.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqNDsQj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ttkamd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ufueicrp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqOfCsR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xjasmqdv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave\SCR SLOW.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric Chevalier\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareExpert.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
Refais un scan Combofix
Répondre à Angeldark
Hello
Voici le raport
Merci
ComboFix 08-10-30.12 - Eric Chevalier 2008-10-31 14:00:50.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.53 [GMT 1:00]
Running from: C:\Documents and Settings\Eric Chevalier\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\gyubbmng.dll
C:\WINDOWS\system32\nfmdff.dll
.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-31 )))))))))))))))))))))))))))))))
.
2008-10-31 10:19 . 2008-10-31 10:19 <DIR> d-------- C:\WINDOWS\LastGood
2008-10-30 21:03 . 2008-10-30 21:03 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-30 21:03 . 2008-10-30 21:03 <DIR> d-------- C:\Documents and Settings\Eric Chevalier\Application Data\Malwarebytes
2008-10-30 21:03 . 2008-10-30 21:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-30 21:03 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-30 21:03 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-30 13:15 . 2008-10-30 13:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-30 09:55 . 2008-10-30 09:55 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-10-29 09:27 . 2008-10-29 09:27 <DIR> d-------- C:\Program Files\Symantec
2008-10-29 09:27 . 2008-10-29 09:27 124,464 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-10-29 09:27 . 2008-10-29 09:27 60,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-29 09:27 . 2008-10-29 09:25 35,888 -ra------ C:\WINDOWS\system32\drivers\SymIM.sys
2008-10-29 09:24 . 2008-10-29 09:24 <DIR> d-------- C:\WINDOWS\system32\drivers\NIS
2008-10-29 09:24 . 2008-10-29 09:24 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-10-29 09:24 . 2008-10-29 09:24 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-10-29 08:59 . 2008-10-29 08:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCSettings
2008-10-29 08:59 . 2008-10-29 09:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Norton
2008-10-29 08:58 . 2008-10-29 08:58 <DIR> d-------- C:\Program Files\NortonInstaller
2008-10-29 08:58 . 2008-10-29 08:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-29 08:52 . 2008-10-29 08:52 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-10-21 18:19 . 2008-10-21 18:19 268 --ah----- C:\sqmdata12.sqm
2008-10-21 18:19 . 2008-10-21 18:19 244 --ah----- C:\sqmnoopt11.sqm
2008-10-21 16:30 . 2008-10-21 16:30 268 --ah----- C:\sqmdata11.sqm
2008-10-21 16:30 . 2008-10-21 16:30 244 --ah----- C:\sqmnoopt10.sqm
2008-10-21 06:02 . 2008-10-21 06:02 268 --ah----- C:\sqmdata10.sqm
2008-10-21 06:02 . 2008-10-21 06:02 244 --ah----- C:\sqmnoopt09.sqm
2008-10-04 10:35 . 2008-10-04 10:37 <DIR> d-------- C:\Need4Video files
2008-10-04 10:22 . 2008-10-04 10:27 <DIR> d-------- C:\Documents and Settings\Eric Chevalier\Application Data\vlc
2008-10-04 10:20 . 2008-10-04 10:20 <DIR> d-------- C:\Program Files\VideoLAN
2008-09-20 06:06 . 2008-09-20 06:06 221,184 --a------ C:\WINDOWS\system32\lsfmbphk.dll
2008-09-20 06:06 . 2008-09-20 06:06 108,544 --a------ C:\WINDOWS\system32\yayyAQhg.dll
2008-09-20 06:04 . 2008-09-20 06:04 95,744 --a------ C:\WINDOWS\system32\jyrwifew.dll
2008-09-19 06:06 . 2008-09-19 06:06 221,184 --a------ C:\WINDOWS\system32\pnsrbkts.dll
2008-09-19 06:06 . 2008-09-19 06:06 108,544 --a------ C:\WINDOWS\system32\iifcYSJd.dll
2008-09-19 06:03 . 2008-09-19 06:03 95,744 --a------ C:\WINDOWS\system32\moxpuwwr.dll
2008-09-19 06:03 . 2008-09-19 06:03 95,744 --a------ C:\WINDOWS\system32\csvrfnph.dll
2008-09-18 06:09 . 2008-09-18 06:09 221,184 --a------ C:\WINDOWS\system32\dipmoljs.dll
2008-09-18 06:09 . 2008-09-18 06:09 108,544 --a------ C:\WINDOWS\system32\awttsPFv.dll
2008-09-18 06:03 . 2008-09-18 06:03 95,744 --a------ C:\WINDOWS\system32\swfgjgsn.dll
2008-09-15 06:01 . 2008-09-15 06:01 95,744 --a------ C:\WINDOWS\system32\cirnncvu.dll
2008-09-10 11:36 . 2008-09-10 11:36 67,984 --a------ C:\WINDOWS\system32\ewvxiige.dll
2008-09-10 00:51 . 2008-09-10 00:51 69,436 --a------ C:\WINDOWS\system32\mhybxbvu.dll
2008-09-09 21:43 . 2008-09-09 21:43 66,532 --a------ C:\WINDOWS\system32\qfhepmcf.dll
2008-09-09 19:45 . 2008-09-09 19:45 <DIR> d-------- C:\Temp\dax41
2008-09-06 13:15 . 2008-09-06 13:15 <DIR> d-------- C:\Documents and Settings\Eric Chevalier\Application Data\ViquaSoft
2008-09-06 12:29 . 2008-09-06 12:29 268 --ah----- C:\sqmdata09.sqm
2008-09-06 12:29 . 2008-09-06 12:29 244 --ah----- C:\sqmnoopt08.sqm
2008-09-06 12:17 . 2008-09-06 12:28 <DIR> d-------- C:\Documents and Settings\Eric Chevalier\Application Data\FUJIFILM
2008-09-06 12:15 . 2008-10-26 20:30 <DIR> d-------- C:\Program Files\FinePixViewer
2008-09-06 12:15 . 2003-09-03 15:45 274,432 --a------ C:\WINDOWS\system32\FFTIFF16.dll
2008-09-06 12:15 . 2006-07-12 13:39 208,896 --a------ C:\WINDOWS\system32\FFRafShellEx.dll
2008-09-06 12:15 . 2004-07-24 20:28 155,648 --a------ C:\WINDOWS\system32\FFRAFLIB.DLL
2008-09-06 12:14 . 2008-09-06 12:14 <DIR> d-------- C:\Program Files\REGSHAVE
2008-09-06 12:14 . 2001-11-25 12:11 81,924 --a------ C:\WINDOWS\system32\drivers\VC4CB104.SYS
2008-09-06 12:14 . 2002-02-27 12:27 65,536 --a------ C:\WINDOWS\system32\FINFCHECK.dll
2008-09-06 12:14 . 2002-06-25 09:06 45,056 --a------ C:\WINDOWS\system32\FINFCOPY.dll
2008-09-06 12:13 . 2002-02-05 17:33 69,632 --a------ C:\WINDOWS\system32\FREGSHEX.DLL
2008-09-06 12:13 . 2002-02-13 11:00 45,056 --a------ C:\WINDOWS\system32\FCLKBTN.DLL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 13:04 --------- d-----w C:\Documents and Settings\Eric Chevalier\Application Data\Skype
2008-10-31 08:47 --------- d-----w C:\Documents and Settings\Eric Chevalier\Application Data\LimeWire
2008-10-31 08:45 --------- d-----w C:\Program Files\Lx_cats
2008-10-31 08:45 --------- d-----w C:\Documents and Settings\Eric Chevalier\Application Data\skypePM
2008-10-29 08:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-29 08:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-29 08:27 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-10-29 08:27 10,635 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-10-29 07:38 --------- d-----w C:\Program Files\MSN Games
2008-10-28 06:22 --------- d-----w C:\Program Files\Zylom Games
2008-10-27 18:51 --------- d-----w C:\Program Files\LimeWire
2008-10-18 19:01 --------- d-----w C:\Documents and Settings\Eric Chevalier\Application Data\AdobeUM
2008-09-07 18:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-06 11:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-03 11:39 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-09-03 11:39 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2008-08-31 21:48 --------- d-----w C:\Documents and Settings\Eric Chevalier\Application Data\Gamelab
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
.
((((((((((((((((((((((((((((( snapshot@2008-10-30_20.22.36.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-31 08:46:08 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_428.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-14 68856]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"LXCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll" [2005-07-11 69632]
"lxcdmon.exe"="C:\Program Files\Lexmark 6300 Series\lxcdmon.exe" [2005-06-24 200704]
"EzPrint"="C:\Program Files\Lexmark 6300 Series\ezprint.exe" [2005-07-05 94208]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 528384]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"SiSPower"="SiSPower.dll" [2005-02-16 C:\WINDOWS\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe [2006-06-07 553021]
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2008-09-06 303104]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2008-04-13 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=kvlymz.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 SymEFA;Symantec Extended File Attributes;C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMEFA.SYS [2008-10-29 309296]
R1 BHDrvx86;Symantec Heuristics Driver;C:\WINDOWS\system32\drivers\NIS\1000000.07D\BHDrvx86.sys [2008-10-29 254512]
R1 ccHP;Symantec Hash Provider;C:\WINDOWS\system32\drivers\NIS\1000000.07D\ccHPx86.sys [2008-10-29 362544]
R1 IDSxpx86;IDSxpx86;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081029.001\IDSxpx86.sys [2008-10-29 274808]
R2 Norton Internet Security;Norton Internet Security;C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\diMaster.dll [ ]
.
Contents of the 'Scheduled Tasks' folder
2008-10-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
2008-10-24 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Eric Chevalier.job
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe []
2008-10-31 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORPHANS REMOVED - - - -
BHO-{10a76f59-30e4-4a4c-a434-a7c3161d730a} - C:\WINDOWS\system32\nfmdff.dll
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page =
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Send to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Eric Chevalier\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Eric Chevalier\Start Menu\Programs\IMVU\Run IMVU.lnk -
O18 -: WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENETFLT.DLL
O18 -: WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENETFLT.DLL
O18 -: WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENETFLT.DLL
O18 -: WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\CENETFLT.DLL
O18 -: WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - C:\Program Files\Microsoft ActiveSync\CENETFLT.DLL
O18 -: WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - C:\Program Files\Microsoft ActiveSync\CENETFLT.DLL
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-31 14:04:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\Norton Internet Security]
"ImagePath"="\"C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
Completion time: 2008-10-31 14:06:44
ComboFix-quarantined-files.txt 2008-10-31 13:06:40
ComboFix2.txt 2008-10-30 19:24:26
Pre-Run: 35 984 961 536 bytes free
Post-Run: 36,028,293,120 bytes free
213 --- E O F --- 2008-08-27 09:08:49
Re,
! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
|
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de "CFScript.txt" (les guillemets sont importantes).
Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :
Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.
* le nom de la partition peut changer
Répondre à Angeldark
Hello
voici les 2 rapports
CONBOFIX:
ComboFix 08-10-30.13 - Eric Chevalier 2008-10-31 17:13:24.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.117 [GMT 1:00]
Running from: C:\Documents and Settings\Eric Chevalier\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Eric Chevalier\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\system32\awttsPFv.dll
C:\WINDOWS\system32\cirnncvu.dll
C:\WINDOWS\system32\csvrfnph.dll
C:\WINDOWS\system32\dipmoljs.dll
C:\WINDOWS\system32\ewvxiige.dll
C:\WINDOWS\system32\iifcYSJd.dll
C:\WINDOWS\system32\jyrwifew.dll
C:\WINDOWS\system32\lsfmbphk.dll
C:\WINDOWS\system32\mhybxbvu.dll
C:\WINDOWS\system32\moxpuwwr.dll
C:\WINDOWS\system32\pnsrbkts.dll
C:\WINDOWS\system32\qfhepmcf.dll
C:\WINDOWS\system32\swfgjgsn.dll
C:\WINDOWS\system32\yayyAQhg.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\awttsPFv.dll
C:\WINDOWS\system32\cirnncvu.dll
C:\WINDOWS\system32\csvrfnph.dll
C:\WINDOWS\system32\dipmoljs.dll
C:\WINDOWS\system32\ewvxiige.dll
C:\WINDOWS\system32\iifcYSJd.dll
C:\WINDOWS\system32\jyrwifew.dll
C:\WINDOWS\system32\lsfmbphk.dll
C:\WINDOWS\system32\mhybxbvu.dll
C:\WINDOWS\system32\moxpuwwr.dll
C:\WINDOWS\system32\pnsrbkts.dll
C:\WINDOWS\system32\qfhepmcf.dll
C:\WINDOWS\system32\swfgjgsn.dll
C:\WINDOWS\system32\yayyAQhg.dll
.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-31 )))))))))))))))))))))))))))))))
.
2008-10-30 21:03 . 2008-10-30 21:03 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-30 21:03 . 2008-10-30 21:03 <DIR> d-------- C:\Documents and Settings\Eric Chevalier\Application Data\Malwarebytes
2008-10-30 21:03 . 2008-10-30 21:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-30 21:03 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-30 21:03 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-30 13:15 . 2008-10-30 13:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-30 09:55 . 2008-10-30 09:55 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-10-29 09:27 . 2008-10-29 09:27 <DIR> d-------- C:\Program Files\Symantec
2008-10-29 09:27 . 2008-10-29 09:27 124,464 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-10-29 09:27 . 2008-10-29 09:27 60,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-29 09:27 . 2008-10-29 09:25 35,888 -ra------ C:\WINDOWS\system32\drivers\SymIM.sys
2008-10-29 09:24 . 2008-10-29 09:24 <DIR> d-------- C:\WINDOWS\system32\drivers\NIS
2008-10-29 09:24 . 2008-10-29 09:24 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-10-29 09:24 . 2008-10-29 09:24 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-10-29 08:59 . 2008-10-29 08:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCSettings
2008-10-29 08:59 . 2008-10-29 09:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Norton
2008-10-29 08:58 . 2008-10-29 08:58 <DIR> d-------- C:\Program Files\NortonInstaller
2008-10-29 08:58 . 2008-10-29 08:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-29 08:52 . 2008-10-29 08:52 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-10-21 18:19 . 2008-10-21 18:19 268 --ah----- C:\sqmdata12.sqm
2008-10-21 18:19 . 2008-10-21 18:19 244 --ah----- C:\sqmnoopt11.sqm
2008-10-21 16:30 . 2008-10-21 16:30 268 --ah----- C:\sqmdata11.sqm
2008-10-21 16:30 . 2008-10-21 16:30 244 --ah----- C:\sqmnoopt10.sqm
2008-10-21 06:02 . 2008-10-21 06:02 268 --ah----- C:\sqmdata10.sqm
2008-10-21 06:02 . 2008-10-21 06:02 244 --ah----- C:\sqmnoopt09.sqm
2008-10-04 10:35 . 2008-10-04 10:37 <DIR> d-------- C:\Need4Video files
2008-10-04 10:22 . 2008-10-04 10:27 <DIR> d-------- C:\Documents and Settings\Eric Chevalier\Application Data\vlc
2008-10-04 10:20 . 2008-10-04 10:20 <DIR> d-------- C:\Program Files\VideoLAN
2008-09-09 19:45 . 2008-09-09 19:45 <DIR> d-------- C:\Temp\dax41
2008-09-06 13:15 . 2008-09-06 13:15 <DIR> d-------- C:\Documents and Settings\Eric Chevalier\Application Data\ViquaSoft
2008-09-06 12:29 . 2008-09-06 12:29 268 --ah----- C:\sqmdata09.sqm
2008-09-06 12:29 . 2008-09-06 12:29 244 --ah----- C:\sqmnoopt08.sqm
2008-09-06 12:17 . 2008-09-06 12:28 <DIR> d-------- C:\Documents and Settings\Eric Chevalier\Application Data\FUJIFILM
2008-09-06 12:15 . 2008-10-26 20:30 <DIR> d-------- C:\Program Files\FinePixViewer
2008-09-06 12:15 . 2003-09-03 15:45 274,432 --a------ C:\WINDOWS\system32\FFTIFF16.dll
2008-09-06 12:15 . 2006-07-12 13:39 208,896 --a------ C:\WINDOWS\system32\FFRafShellEx.dll
2008-09-06 12:15 . 2004-07-24 20:28 155,648 --a------ C:\WINDOWS\system32\FFRAFLIB.DLL
2008-09-06 12:14 . 2008-09-06 12:14 <DIR> d-------- C:\Program Files\REGSHAVE
2008-09-06 12:14 . 2001-11-25 12:11 81,924 --a------ C:\WINDOWS\system32\drivers\VC4CB104.SYS
2008-09-06 12:14 . 2002-02-27 12:27 65,536 --a------ C:\WINDOWS\system32\FINFCHECK.dll
2008-09-06 12:14 . 2002-06-25 09:06 45,056 --a------ C:\WINDOWS\system32\FINFCOPY.dll
2008-09-06 12:13 . 2002-02-05 17:33 69,632 --a------ C:\WINDOWS\system32\FREGSHEX.DLL
2008-09-06 12:13 . 2002-02-13 11:00 45,056 --a------ C:\WINDOWS\system32\FCLKBTN.DLL
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 16:12 --------- d-----w C:\Documents and Settings\Eric Chevalier\Application Data\Skype
2008-10-31 15:03 --------- d-----w C:\Documents and Settings\Eric Chevalier\Application Data\skypePM
2008-10-31 13:13 --------- d-----w C:\Documents and Settings\Eric Chevalier\Application Data\LimeWire
2008-10-31 13:11 --------- d-----w C:\Program Files\Lx_cats
2008-10-29 08:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-29 08:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-29 08:27 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-10-29 08:27 10,635 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-10-29 07:38 --------- d-----w C:\Program Files\MSN Games
2008-10-28 06:22 --------- d-----w C:\Program Files\Zylom Games
2008-10-27 18:51 --------- d-----w C:\Program Files\LimeWire
2008-10-18 19:01 --------- d-----w C:\Documents and Settings\Eric Chevalier\Application Data\AdobeUM
2008-09-07 18:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-06 11:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-03 11:39 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-09-03 11:39 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2008-08-31 21:48 --------- d-----w C:\Documents and Settings\Eric Chevalier\Application Data\Gamelab
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
.
((((((((((((((((((((((((((((( snapshot@2008-10-30_20.22.36.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-31 13:12:05 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_340.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-14 68856]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"LXCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll" [2005-07-11 69632]
"lxcdmon.exe"="C:\Program Files\Lexmark 6300 Series\lxcdmon.exe" [2005-06-24 200704]
"EzPrint"="C:\Program Files\Lexmark 6300 Series\ezprint.exe" [2005-07-05 94208]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 528384]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"SiSPower"="SiSPower.dll" [2005-02-16 C:\WINDOWS\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe [2006-06-07 553021]
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2008-09-06 303104]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2008-04-13 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 SymEFA;Symantec Extended File Attributes;C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMEFA.SYS [2008-10-29 309296]
R1 BHDrvx86;Symantec Heuristics Driver;C:\WINDOWS\system32\drivers\NIS\1000000.07D\BHDrvx86.sys [2008-10-29 254512]
R1 ccHP;Symantec Hash Provider;C:\WINDOWS\system32\drivers\NIS\1000000.07D\ccHPx86.sys [2008-10-29 362544]
R1 IDSxpx86;IDSxpx86;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081029.001\IDSxpx86.sys [2008-10-29 274808]
R2 Norton Internet Security;Norton Internet Security;C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\diMaster.dll [ ]
.
Contents of the 'Scheduled Tasks' folder
2008-10-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
2008-10-24 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Eric Chevalier.job
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe []
2008-10-31 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-31 17:15:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\Norton Internet Security]
"ImagePath"="\"C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
Completion time: 2008-10-31 17:18:06
ComboFix-quarantined-files.txt 2008-10-31 16:18:03
ComboFix2.txt 2008-10-31 13:06:46
ComboFix3.txt 2008-10-30 19:24:26
Pre-Run: 35 964 059 648 bytes free
Post-Run: 35,988,561,920 bytes free
203 --- E O F --- 2008-08-27 09:08:49
et le HIJACKTHIS ( Merci)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:21:05, on 31/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark 6300 Series\lxcdmon.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxcdcoms.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcdmon.exe] "C:\Program Files\Lexmark 6300 Series\lxcdmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Eric Chevalier\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/control [...] oader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-G [...] E_UNO1.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcd_device - Unknown owner - C:\WINDOWS\system32\lxcdcoms.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
--
End of file - 10743 bytes
Encore des soucis ?
Répondre à Angeldark
Non ca a l'air de bien aller, plus d'icone de 3 antispywareexpert et le PC a l'ai + rapide
Est ce ok de votre coté ?
En tout cas mille merci pour votre bon boulot
Dois-je supprimer les differents software installés ?
merci
Apparemment ok
Répondre à Angeldark
Mille merci et tres bon boulot
Bonne continuation
Bravo
Bonsoir
Bon surf.
Répondre à Angeldark
Il y a 1540 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
