Résolu
Dernière réponse : dans Sécurité
Résolu
Bonjour,
J’ai un problème de pages internet redirigé… Exemple je fais une recherche avec Google, Je clique sur un des résultats, mais c’est une autre page qui ouvre… (Souvent ‘’aslads.ask.com/...’’ ou ‘’Search.pro/…’’). J’ai lu sur votre forum, certaines solutions avec ‘’HijackThis’’ et ‘’Random's system information tool (RSIT)’’ mais je ne suis pas assez connaisseur pour savoir quel virus ou programme supprimé de mon ordi. Je demande donc votre aide. Merci à l’avance !
Bonjour,
J’ai un problème de pages internet redirigé… Exemple je fais une recherche avec Google, Je clique sur un des résultats, mais c’est une autre page qui ouvre… (Souvent ‘’aslads.ask.com/...’’ ou ‘’Search.pro/…’’). J’ai lu sur votre forum, certaines solutions avec ‘’HijackThis’’ et ‘’Random's system information tool (RSIT)’’ mais je ne suis pas assez connaisseur pour savoir quel virus ou programme supprimé de mon ordi. Je demande donc votre aide. Merci à l’avance !
Autres pages sur : resolu
Lassé par la pub ? Créez un compte
bonjour
1
Télécharge DDS et sauvegarde-le sur ton bureau.
Désactive tout script bloquant, tel q'un antivirus, un logiciel comme ad-block, noscript etc.
Double-clique sur dds.scr pour lancer l'outil.
Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
Clique Oui à la prochaine invite Optional Scan.
Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.
2
Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php - clic sur "Download EXE" et télécharge le fichier sur ton bureau.
Voir le tutorial GMER, ça peut peut-être t'aider : http://www.malekal.com/tutorial_GMER.php
Désactive tes logiciels de protection (antivirus, antispyware etc) et ferme tous les programmes ouverts.
Double-clique sur le fichier GMER téléchargé.
IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Clique sur l'onglet "rootkit"
A droite, coche tout.
Clique maintenant sur Scan.
Lorsque le scan est terminé, clique sur Copy.
Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton Bureau et poste le contenu ici.
1
Télécharge DDS et sauvegarde-le sur ton bureau.
2
Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php - clic sur "Download EXE" et télécharge le fichier sur ton bureau.
Voir le tutorial GMER, ça peut peut-être t'aider : http://www.malekal.com/tutorial_GMER.php
IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Le rapport doit alors apparaître.
Bonjour Sham_Rock,
Merci de me répondre !
J'ai ci-dessous le rapport DDS.txt. Et j'ai fait scanner mon ordi par GMER, mais je n'ai pas aucun rapport à te fournir, car mon ordi ''gèle'' en cours de route. À mon 3è essai de scan avec GMER, il semblait avoir terminer, (Après plus de 12 hrs !), mais aucune manoeuvre ou sauvegarde possible car l'ordi était encore une fois ''gelé''.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Admin at 12:22:15,46 on 24-08-10
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.439 [GMT -4:00]
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Pare-feu personnel d'ESET *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Videotron\Videotron Service Agent\ServicepointService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Documents and Settings\Admin\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [TClockEx] c:\program files\tclockex\TCLOCKEX.EXE
uRun: [WeatherEye] c:\documents and settings\admin\local settings\application data\météomédia\météoéclair\WeatherEye.exe
mRun: [VideotronSA.exe] "c:\program files\videotron\videotron service agent\VideotronSA.exe" /AUTORUN
mRun: [QuickTime Task] "c:\program files\quicktime alternative\qttask.exe" -atboottime
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: StartMenuLogoff = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: StartMenuLogoff = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-11 64288]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-4-9 107256]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2010-8-11 1935656]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-4-9 731840]
R2 ServicepointService;ServicepointService;c:\program files\videotron\videotron service agent\ServicepointService.exe [2010-7-24 689392]
R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2010-8-11 71008]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-8-10 30576]
S2 CrossLoopService;CrossLoop Service;"c:\documents and settings\admin\local settings\application data\crossloop\crossloopservice.exe" --service --> c:\documents and settings\admin\local settings\application data\crossloop\CrossLoopService.exe [?]
S2 gupdate1c99fc357760a04;Google Update Service (gupdate1c99fc357760a04);c:\program files\google\update\GoogleUpdate.exe [2009-3-8 133104]
S3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys --> c:\windows\system32\drivers\appliand.sys [?]
S3 cpuz132;cpuz132;\??\c:\docume~1\admin\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\admin\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1355416]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-11 15008]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-1-26 243056]
S4 uvnc_service;uvnc_service;c:\documents and settings\admin\local settings\application data\crossloop\winvnc.exe [2010-3-27 1590216]
=============== Created Last 30 ================
2010-08-22 22:10:54 0 d-----w- c:\docume~1\admin\applic~1\AbelCam
2010-08-22 22:09:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Seiz System Engineering
2010-08-22 18:21:21 0 d-----w- C:\32788R22FWJFW.0.tmp
2010-08-22 15:03:29 0 d-----w- c:\docume~1\admin\applic~1\Enplase
2010-08-22 15:03:12 0 d-----w- c:\program files\Ultima Steganography
2010-08-22 05:14:44 0 d-----w- c:\program files\Microsoft IntelliPoint
2010-08-22 04:11:08 0 d-----w- c:\program files\DawnArk WebCam Monitor
2010-08-22 03:59:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Deskshare
2010-08-22 03:59:23 0 d-----w- c:\windows\XSxS
2010-08-22 03:59:23 0 d-----w- c:\program files\Xenocode
2010-08-22 03:59:05 0 d-----w- c:\program files\common files\Deskshare Shared
2010-08-22 03:59:03 0 d-----w- c:\program files\Deskshare
2010-08-21 22:10:19 0 d-----w- c:\program files\iSpy
2010-08-21 21:48:29 75776 ----a-w- c:\windows\cadkasdeinst01e.exe
2010-08-21 21:48:29 0 d-----w- c:\program files\Photo-Colorizer 2
2010-08-21 21:37:42 0 d-----w- c:\docume~1\admin\applic~1\MiniCamCap
2010-08-21 21:37:21 19 ----a-w- c:\windows\rgsavacam.rgk
2010-08-21 05:12:28 0 d-----w- c:\program files\trend micro
2010-08-21 05:06:04 0 d-----w- c:\docume~1\admin\applic~1\Canneverbe Limited
2010-08-21 05:06:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Canneverbe Limited
2010-08-21 05:05:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-08-21 04:49:50 0 d-----w- c:\program files\SpeedFan
2010-08-21 04:49:49 45 ----a-w- c:\windows\system32\initdebug.nfo
2010-08-19 04:10:39 0 d-----w- c:\docume~1\alluse~1\applic~1\ESTsoft
2010-08-19 04:03:54 0 d-----w- c:\program files\Software Informer
2010-08-17 16:05:39 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-08-17 16:05:28 0 d-----w- c:\program files\SUPERAntiSpyware
2010-08-15 19:20:08 0 d-----w- c:\program files\RegCleaner
2010-08-13 04:44:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-13 04:44:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-13 04:44:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-13 04:44:08 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-12 03:28:13 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-12 01:35:58 0 d-----w- c:\program files\Emsisoft Anti-Malware
2010-08-12 00:40:42 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-12 00:33:48 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-11 23:09:53 0 d-----w- c:\program files\NCH Swift Sound
2010-08-11 20:28:10 0 d-----w- C:\Ctr
2010-08-11 04:49:48 0 d-----w- C:\temp
2010-08-11 04:48:27 0 d-----w- c:\documents and settings\admin\.yawcam
2010-08-11 03:35:40 0 d-----w- c:\docume~1\admin\applic~1\Crae Interactives
2010-08-11 02:13:33 260 ----a-w- c:\windows\_delis32.ini
2010-08-10 23:17:24 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-10 23:16:07 20992 ----a-w- c:\windows\system32\dshowext.ax
2010-08-10 23:16:07 20992 ----a-w- c:\windows\system32\dllcache\dshowext.ax
2010-08-10 23:14:19 677232 ----a-w- c:\windows\system32\LCCoin32.dll
2010-08-10 23:14:19 503152 ----a-w- c:\windows\system32\LcProxy.ax
2010-08-10 23:14:19 39280 ----a-w- c:\windows\system32\nx6000res.dll
2010-08-10 23:14:19 30576 ----a-w- c:\windows\system32\drivers\nx6000.sys
2010-08-10 23:14:08 0 d-----w- c:\program files\Microsoft LifeCam
2010-08-10 23:14:04 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-08-10 23:14:02 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-08-10 23:13:52 0 d-----w- c:\windows\Logs
2010-08-08 21:54:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Driver Whiz
2010-08-08 20:54:53 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2010-08-08 18:20:55 0 d-----w- c:\docume~1\admin\applic~1\NCH Software
2010-08-08 16:36:35 52736 --sha-r- c:\windows\system32\wmplocj.dll
2010-08-07 19:42:58 0 d-----w- c:\docume~1\admin\applic~1\MediaZoneTrigger
2010-08-07 09:33:08 25 ----a-w- c:\windows\OverlayXP.ini
2010-08-07 07:42:57 79 ----a-w- c:\documents and settings\admin\cams.pol
2010-08-07 07:04:52 44032 ----a-w- c:\windows\system32\axvlc.oca
2010-08-07 07:04:51 88379 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-08-07 07:04:51 119568 ----a-w- c:\windows\system32\vb6fr.dll
2010-08-07 07:04:47 0 d-----w- c:\program files\VideoLAN
2010-08-07 06:30:29 0 d-----w- c:\program files\common files\Labtec
2010-08-06 05:09:41 0 d-----w- c:\program files\Easy Video Downloader
2010-08-05 05:21:49 0 d-----w- c:\docume~1\admin\applic~1\NASA
==================== Find3M ====================
2010-08-24 15:20:41 423656 -c--a-w- c:\windows\system32\deployJava1.dll
2010-04-14 02:27:00 478 -c--a-w- c:\program files\Canon PowerShot A1100 IS #2 (2).lnk
2010-04-14 02:26:48 478 -c--a-w- c:\program files\Canon PowerShot A1100 IS #2.lnk
2008-10-07 20:04:18 2969971 -c--a-w- c:\program files\Poster Forge 1.01 Install.exe
2007-10-08 04:12:00 3489 -c--a-w- c:\program files\Read Me.txt
2007-10-08 02:36:28 1586 -c--a-w- c:\program files\License.txt
2007-10-08 02:35:48 255 -c--a-w- c:\program files\File_id.diz
============= FINISH: 12:23:11,98 ===============
----------------------------------------------------------
1
Télécharge DDS et sauvegarde-le sur ton bureau.
Désactive tout script bloquant, tel q'un antivirus, un logiciel comme ad-block, noscript etc.
Double-clique sur dds.scr pour lancer l'outil.
Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
Clique Oui à la prochaine invite Optional Scan.
Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.
2
Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php - clic sur "Download EXE" et télécharge le fichier sur ton bureau.
Voir le tutorial GMER, ça peut peut-être t'aider : http://www.malekal.com/tutorial_GMER.php
Désactive tes logiciels de protection (antivirus, antispyware etc) et ferme tous les programmes ouverts.
Double-clique sur le fichier GMER téléchargé.
IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Clique sur l'onglet "rootkit"
A droite, coche tout.
Clique maintenant sur Scan.
Lorsque le scan est terminé, clique sur Copy.
Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton Bureau et poste le contenu ici.
Merci de me répondre !
J'ai ci-dessous le rapport DDS.txt. Et j'ai fait scanner mon ordi par GMER, mais je n'ai pas aucun rapport à te fournir, car mon ordi ''gèle'' en cours de route. À mon 3è essai de scan avec GMER, il semblait avoir terminer, (Après plus de 12 hrs !), mais aucune manoeuvre ou sauvegarde possible car l'ordi était encore une fois ''gelé''.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Admin at 12:22:15,46 on 24-08-10
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.439 [GMT -4:00]
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Pare-feu personnel d'ESET *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Videotron\Videotron Service Agent\ServicepointService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Documents and Settings\Admin\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [TClockEx] c:\program files\tclockex\TCLOCKEX.EXE
uRun: [WeatherEye] c:\documents and settings\admin\local settings\application data\météomédia\météoéclair\WeatherEye.exe
mRun: [VideotronSA.exe] "c:\program files\videotron\videotron service agent\VideotronSA.exe" /AUTORUN
mRun: [QuickTime Task] "c:\program files\quicktime alternative\qttask.exe" -atboottime
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: StartMenuLogoff = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: StartMenuLogoff = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-11 64288]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-4-9 107256]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2010-8-11 1935656]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-4-9 731840]
R2 ServicepointService;ServicepointService;c:\program files\videotron\videotron service agent\ServicepointService.exe [2010-7-24 689392]
R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2010-8-11 71008]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-8-10 30576]
S2 CrossLoopService;CrossLoop Service;"c:\documents and settings\admin\local settings\application data\crossloop\crossloopservice.exe" --service --> c:\documents and settings\admin\local settings\application data\crossloop\CrossLoopService.exe [?]
S2 gupdate1c99fc357760a04;Google Update Service (gupdate1c99fc357760a04);c:\program files\google\update\GoogleUpdate.exe [2009-3-8 133104]
S3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys --> c:\windows\system32\drivers\appliand.sys [?]
S3 cpuz132;cpuz132;\??\c:\docume~1\admin\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\admin\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1355416]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-11 15008]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-1-26 243056]
S4 uvnc_service;uvnc_service;c:\documents and settings\admin\local settings\application data\crossloop\winvnc.exe [2010-3-27 1590216]
=============== Created Last 30 ================
2010-08-22 22:10:54 0 d-----w- c:\docume~1\admin\applic~1\AbelCam
2010-08-22 22:09:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Seiz System Engineering
2010-08-22 18:21:21 0 d-----w- C:\32788R22FWJFW.0.tmp
2010-08-22 15:03:29 0 d-----w- c:\docume~1\admin\applic~1\Enplase
2010-08-22 15:03:12 0 d-----w- c:\program files\Ultima Steganography
2010-08-22 05:14:44 0 d-----w- c:\program files\Microsoft IntelliPoint
2010-08-22 04:11:08 0 d-----w- c:\program files\DawnArk WebCam Monitor
2010-08-22 03:59:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Deskshare
2010-08-22 03:59:23 0 d-----w- c:\windows\XSxS
2010-08-22 03:59:23 0 d-----w- c:\program files\Xenocode
2010-08-22 03:59:05 0 d-----w- c:\program files\common files\Deskshare Shared
2010-08-22 03:59:03 0 d-----w- c:\program files\Deskshare
2010-08-21 22:10:19 0 d-----w- c:\program files\iSpy
2010-08-21 21:48:29 75776 ----a-w- c:\windows\cadkasdeinst01e.exe
2010-08-21 21:48:29 0 d-----w- c:\program files\Photo-Colorizer 2
2010-08-21 21:37:42 0 d-----w- c:\docume~1\admin\applic~1\MiniCamCap
2010-08-21 21:37:21 19 ----a-w- c:\windows\rgsavacam.rgk
2010-08-21 05:12:28 0 d-----w- c:\program files\trend micro
2010-08-21 05:06:04 0 d-----w- c:\docume~1\admin\applic~1\Canneverbe Limited
2010-08-21 05:06:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Canneverbe Limited
2010-08-21 05:05:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-08-21 04:49:50 0 d-----w- c:\program files\SpeedFan
2010-08-21 04:49:49 45 ----a-w- c:\windows\system32\initdebug.nfo
2010-08-19 04:10:39 0 d-----w- c:\docume~1\alluse~1\applic~1\ESTsoft
2010-08-19 04:03:54 0 d-----w- c:\program files\Software Informer
2010-08-17 16:05:39 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-08-17 16:05:28 0 d-----w- c:\program files\SUPERAntiSpyware
2010-08-15 19:20:08 0 d-----w- c:\program files\RegCleaner
2010-08-13 04:44:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-13 04:44:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-13 04:44:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-13 04:44:08 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-12 03:28:13 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-12 01:35:58 0 d-----w- c:\program files\Emsisoft Anti-Malware
2010-08-12 00:40:42 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-12 00:33:48 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-11 23:09:53 0 d-----w- c:\program files\NCH Swift Sound
2010-08-11 20:28:10 0 d-----w- C:\Ctr
2010-08-11 04:49:48 0 d-----w- C:\temp
2010-08-11 04:48:27 0 d-----w- c:\documents and settings\admin\.yawcam
2010-08-11 03:35:40 0 d-----w- c:\docume~1\admin\applic~1\Crae Interactives
2010-08-11 02:13:33 260 ----a-w- c:\windows\_delis32.ini
2010-08-10 23:17:24 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-10 23:16:07 20992 ----a-w- c:\windows\system32\dshowext.ax
2010-08-10 23:16:07 20992 ----a-w- c:\windows\system32\dllcache\dshowext.ax
2010-08-10 23:14:19 677232 ----a-w- c:\windows\system32\LCCoin32.dll
2010-08-10 23:14:19 503152 ----a-w- c:\windows\system32\LcProxy.ax
2010-08-10 23:14:19 39280 ----a-w- c:\windows\system32\nx6000res.dll
2010-08-10 23:14:19 30576 ----a-w- c:\windows\system32\drivers\nx6000.sys
2010-08-10 23:14:08 0 d-----w- c:\program files\Microsoft LifeCam
2010-08-10 23:14:04 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-08-10 23:14:02 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-08-10 23:13:52 0 d-----w- c:\windows\Logs
2010-08-08 21:54:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Driver Whiz
2010-08-08 20:54:53 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2010-08-08 18:20:55 0 d-----w- c:\docume~1\admin\applic~1\NCH Software
2010-08-08 16:36:35 52736 --sha-r- c:\windows\system32\wmplocj.dll
2010-08-07 19:42:58 0 d-----w- c:\docume~1\admin\applic~1\MediaZoneTrigger
2010-08-07 09:33:08 25 ----a-w- c:\windows\OverlayXP.ini
2010-08-07 07:42:57 79 ----a-w- c:\documents and settings\admin\cams.pol
2010-08-07 07:04:52 44032 ----a-w- c:\windows\system32\axvlc.oca
2010-08-07 07:04:51 88379 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-08-07 07:04:51 119568 ----a-w- c:\windows\system32\vb6fr.dll
2010-08-07 07:04:47 0 d-----w- c:\program files\VideoLAN
2010-08-07 06:30:29 0 d-----w- c:\program files\common files\Labtec
2010-08-06 05:09:41 0 d-----w- c:\program files\Easy Video Downloader
2010-08-05 05:21:49 0 d-----w- c:\docume~1\admin\applic~1\NASA
==================== Find3M ====================
2010-08-24 15:20:41 423656 -c--a-w- c:\windows\system32\deployJava1.dll
2010-04-14 02:27:00 478 -c--a-w- c:\program files\Canon PowerShot A1100 IS #2 (2).lnk
2010-04-14 02:26:48 478 -c--a-w- c:\program files\Canon PowerShot A1100 IS #2.lnk
2008-10-07 20:04:18 2969971 -c--a-w- c:\program files\Poster Forge 1.01 Install.exe
2007-10-08 04:12:00 3489 -c--a-w- c:\program files\Read Me.txt
2007-10-08 02:36:28 1586 -c--a-w- c:\program files\License.txt
2007-10-08 02:35:48 255 -c--a-w- c:\program files\File_id.diz
============= FINISH: 12:23:11,98 ===============
----------------------------------------------------------
Sham_Rock a dit :
bonjour1
Télécharge DDS et sauvegarde-le sur ton bureau.
2
Télécharge GMER à partir de ce lien : http://www.gmer.net/files.php - clic sur "Download EXE" et télécharge le fichier sur ton bureau.
Voir le tutorial GMER, ça peut peut-être t'aider : http://www.malekal.com/tutorial_GMER.php
IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Le rapport doit alors apparaître.
Bonjour
ok
ton infection:
http://forum.malekal.com/rootkit-tdss-tmp-tmp-atapi-sys...
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
ok
ton infection:
http://forum.malekal.com/rootkit-tdss-tmp-tmp-atapi-sys...
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
ComboFix 10-08-26.02 - Admin 27-08-10 1:21.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.453 [GMT -4:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Pare-feu personnel d'ESET *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\skinboxer43.dll
c:\windows\system32\sleep.exe
.
((((((((((((((((((((((((( Files Created from 2010-07-27 to 2010-08-27 )))))))))))))))))))))))))))))))
.
2010-08-27 03:23 . 2010-08-27 03:23 -------- d-----w- c:\documents and settings\Admin\Application Data\Ashampoo
2010-08-27 03:19 . 2010-08-27 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2010-08-27 03:19 . 2010-08-27 03:19 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\ashampoo
2010-08-27 03:18 . 2010-08-27 03:18 -------- d-----w- c:\program files\Ashampoo
2010-08-24 15:21 . 2010-08-24 15:21 503808 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1ec53ee0-n\msvcp71.dll
2010-08-24 15:21 . 2010-08-24 15:21 499712 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1ec53ee0-n\jmc.dll
2010-08-24 15:21 . 2010-08-24 15:21 348160 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1ec53ee0-n\msvcr71.dll
2010-08-24 15:21 . 2010-08-24 15:21 61440 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-54ad9f1a-n\decora-sse.dll
2010-08-24 15:21 . 2010-08-24 15:21 12800 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-54ad9f1a-n\decora-d3d.dll
2010-08-22 23:09 . 2010-08-22 23:09 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\DeskShare
2010-08-22 22:10 . 2010-08-22 22:14 -------- d-----w- c:\documents and settings\Admin\Application Data\AbelCam
2010-08-22 22:09 . 2010-08-22 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Seiz System Engineering
2010-08-22 15:59 . 2010-08-22 15:59 388096 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-22 15:03 . 2010-08-22 15:03 -------- d-----w- c:\documents and settings\Admin\Application Data\Enplase
2010-08-22 15:03 . 2010-08-22 15:03 -------- d-----w- c:\program files\Ultima Steganography
2010-08-22 05:14 . 2010-08-22 05:14 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-08-22 04:11 . 2010-08-22 04:17 -------- d-----w- c:\program files\DawnArk WebCam Monitor
2010-08-22 03:59 . 2010-08-22 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Deskshare
2010-08-22 03:59 . 2010-08-22 23:08 -------- d-----w- c:\windows\XSxS
2010-08-22 03:59 . 2010-08-22 03:59 -------- d-----w- c:\program files\Xenocode
2010-08-22 03:59 . 2010-08-22 03:59 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Xenocode
2010-08-22 03:59 . 2010-08-22 03:59 -------- d-----w- c:\program files\Common Files\Deskshare Shared
2010-08-22 03:59 . 2010-08-22 23:14 -------- d-----w- c:\program files\Deskshare
2010-08-21 22:10 . 2010-08-21 22:10 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\iSpy.developerinabox.com
2010-08-21 22:10 . 2010-08-21 22:10 -------- d-----w- c:\program files\iSpy
2010-08-21 21:48 . 2010-08-21 21:48 75776 ----a-w- c:\windows\cadkasdeinst01e.exe
2010-08-21 21:48 . 2010-08-21 21:48 -------- d-----w- c:\program files\Photo-Colorizer 2
2010-08-21 21:37 . 2010-08-22 21:54 -------- d-----w- c:\documents and settings\Admin\Application Data\MiniCamCap
2010-08-21 05:12 . 2010-08-22 15:45 -------- d-----w- c:\program files\trend micro
2010-08-21 05:06 . 2010-08-21 05:06 -------- d-----w- c:\documents and settings\Admin\Application Data\Canneverbe Limited
2010-08-21 05:06 . 2010-08-21 05:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2010-08-21 05:05 . 2009-11-12 18:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-08-21 05:05 . 2010-08-21 05:05 -------- d-----w- c:\program files\CDBurnerXP
2010-08-21 04:49 . 2010-08-21 05:08 -------- d-----w- c:\program files\SpeedFan
2010-08-19 04:10 . 2010-08-19 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\ESTsoft
2010-08-19 04:03 . 2010-08-19 04:33 -------- d-----w- c:\program files\Software Informer
2010-08-18 04:43 . 2010-08-19 04:34 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Pechora
2010-08-17 16:06 . 2010-08-24 04:49 63488 ----a-w- c:\documents and settings\Admin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-17 16:06 . 2010-08-17 16:06 52224 ----a-w- c:\documents and settings\Admin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-17 16:06 . 2010-08-24 04:49 117760 ----a-w- c:\documents and settings\Admin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-17 16:05 . 2010-08-17 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-17 16:05 . 2010-08-17 16:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-15 19:20 . 2010-08-15 20:22 -------- d-----w- c:\program files\RegCleaner
2010-08-13 07:11 . 2010-08-19 04:02 -------- d-----w- c:\windows\BDOSCAN8
2010-08-13 04:44 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-13 04:44 . 2010-08-13 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-13 04:44 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-13 04:44 . 2010-08-13 04:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-12 03:28 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-12 01:35 . 2010-08-24 11:55 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-08-12 00:40 . 2010-07-12 08:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-12 00:37 . 2010-08-12 00:37 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Sunbelt Software
2010-08-12 00:33 . 2010-08-12 00:33 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-12 00:33 . 2010-07-12 08:56 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-08-11 23:09 . 2010-08-11 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-08-11 23:09 . 2010-08-11 23:09 -------- d-----w- c:\program files\NCH Swift Sound
2010-08-11 20:59 . 2010-08-11 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2010-08-11 20:28 . 2010-08-11 20:34 -------- d-----w- C:\Ctr
2010-08-11 04:49 . 2010-08-19 04:02 -------- d-----w- C:\temp
2010-08-11 04:48 . 2010-08-11 04:51 -------- d-----w- c:\documents and settings\Admin\.yawcam
2010-08-11 03:35 . 2010-08-11 03:35 -------- d-----w- c:\documents and settings\Admin\Application Data\Crae Interactives
2010-08-11 02:15 . 2010-08-22 14:40 474560 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-10 23:23 . 2010-08-10 23:23 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\WMTools Downloaded Files
2010-08-10 23:17 . 2010-08-22 14:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-10 23:14 . 2010-05-20 19:27 677232 ----a-w- c:\windows\system32\LCCoin32.dll
2010-08-10 23:14 . 2010-05-20 19:27 39280 ----a-w- c:\windows\system32\nx6000res.dll
2010-08-10 23:14 . 2010-05-20 19:27 30576 ----a-w- c:\windows\system32\drivers\nx6000.sys
2010-08-10 23:14 . 2010-08-10 23:14 -------- d-----w- c:\program files\Microsoft LifeCam
2010-08-10 23:14 . 2009-09-04 21:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-08-10 23:14 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-08-10 23:13 . 2010-08-19 04:02 -------- d-----w- c:\windows\Logs
2010-08-08 21:54 . 2010-08-08 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz
2010-08-08 20:54 . 2010-08-08 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-08-08 18:20 . 2010-08-08 18:20 -------- d-----w- c:\documents and settings\Admin\Application Data\NCH Software
2010-08-08 18:15 . 2010-08-08 18:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\NCH Software
2010-08-08 16:36 . 2010-08-08 16:36 52736 --sha-r- c:\windows\system32\wmplocj.dll
2010-08-07 19:42 . 2010-08-07 19:42 -------- d-----w- c:\documents and settings\Admin\Application Data\MediaZoneTrigger
2010-08-07 16:45 . 2010-08-07 16:45 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX
2010-08-07 08:55 . 2010-08-07 08:55 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\webcamXP 5
2010-08-07 07:43 . 2010-08-07 07:43 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc
2010-08-07 07:12 . 2010-08-07 07:12 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\WindowsApplication_webcam
2010-08-07 07:04 . 2007-09-10 05:31 88379 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-08-07 07:04 . 2000-10-02 08:00 119568 ----a-w- c:\windows\system32\vb6fr.dll
2010-08-07 07:04 . 2010-08-07 07:04 -------- d-----w- c:\program files\VideoLAN
2010-08-07 06:30 . 2010-08-08 21:20 -------- d-----w- c:\program files\Common Files\Labtec
2010-08-06 05:09 . 2010-08-12 03:28 -------- d-----w- c:\program files\Easy Video Downloader
2010-08-06 04:17 . 2010-08-06 04:17 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Jaksta_Pty_Ltd
2010-08-05 05:21 . 2010-08-05 05:21 -------- d-----w- c:\documents and settings\Admin\Application Data\NASA
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-26 15:51 . 2009-04-21 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-08-24 15:24 . 2008-01-16 05:17 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-24 15:20 . 2010-06-08 18:47 423656 -c--a-w- c:\windows\system32\deployJava1.dll
2010-08-24 15:03 . 2008-01-16 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-24 04:47 . 2008-01-16 04:32 -------- d-----w- c:\program files\CCleaner
2010-08-23 04:29 . 2008-01-18 07:09 -------- d-----w- c:\documents and settings\Admin\Application Data\XnView
2010-08-22 22:26 . 2010-04-11 22:01 -------- d-----w- c:\program files\a-squared Free
2010-08-22 21:46 . 2008-01-16 06:01 79312 -c--a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-22 21:13 . 2008-01-16 04:47 -------- d-----w- c:\program files\Java
2010-08-19 13:54 . 2008-01-19 09:43 -------- d-----w- c:\program files\Paint Shop Pro 6
2010-08-19 13:38 . 2008-01-16 05:32 -------- d-----w- c:\program files\Google
2010-08-19 13:31 . 2008-01-16 06:30 -------- d-----w- c:\program files\Motive
2010-08-19 13:30 . 2008-01-16 06:30 -------- d-----w- c:\program files\Common Files\Motive
2010-08-19 13:11 . 2009-06-03 02:35 -------- d-----w- c:\program files\DIFX
2010-08-19 04:11 . 2008-10-22 02:00 -------- d-----w- c:\documents and settings\Admin\Application Data\ESTsoft
2010-08-19 04:02 . 2008-02-05 08:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-17 16:05 . 2008-08-16 13:26 -------- d-----w- c:\documents and settings\Admin\Application Data\SUPERAntiSpyware.com
2010-08-11 02:16 . 2008-01-19 09:28 -------- d-----w- c:\program files\Common Files\Logitech
2010-08-07 19:15 . 2008-01-16 04:46 -------- d-----w- c:\program files\LimeWire
2010-08-07 19:15 . 2008-04-23 04:38 -------- d-----w- c:\documents and settings\Admin\Application Data\LimeWire
2010-07-28 03:16 . 2008-01-16 04:46 -------- d-----w- c:\program files\Common Files\Java
2010-07-24 19:22 . 2010-07-24 19:22 -------- d-----w- c:\program files\Radialpoint
2010-07-24 19:22 . 2010-07-24 19:21 2398400 ----a-w- c:\documents and settings\Admin\Application Data\Videotron\Videotron Service Agent\downloads\sa.41.exe.dir\sa.exe
2010-07-24 19:21 . 2010-07-24 19:21 -------- d-----w- c:\documents and settings\Admin\Application Data\Videotron
2010-07-24 19:21 . 2010-07-24 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Radialpoint
2010-07-24 19:21 . 2010-07-24 19:21 -------- d-----w- c:\program files\Videotron
2010-07-24 19:21 . 2010-07-24 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Videotron
2010-07-03 21:46 . 2009-10-13 17:10 -------- d-----w- c:\documents and settings\Admin\Application Data\ZoomBrowser EX
2010-07-03 21:45 . 2009-10-13 17:12 -------- d-----w- c:\documents and settings\Admin\Application Data\CameraWindowDC
2010-06-13 14:56 . 2010-06-13 14:56 533848 ----a-w- c:\documents and settings\All Users\Application Data\ESTsoft\ALZip\ALAd.dll
2010-06-11 20:51 . 2010-06-11 20:51 3055600 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 20:36 . 2010-06-11 20:36 275952 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-06-08 18:47 . 2010-06-08 18:47 503808 -c--a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3ba2dabf-n\msvcp71.dll
2010-06-08 18:47 . 2010-06-08 18:47 499712 -c--a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3ba2dabf-n\jmc.dll
2010-06-08 18:47 . 2010-06-08 18:47 348160 -c--a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3ba2dabf-n\msvcr71.dll
2010-06-08 18:47 . 2010-06-08 18:47 61440 -c--a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5d39ac22-n\decora-sse.dll
2010-06-08 18:47 . 2010-06-08 18:47 12800 -c--a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5d39ac22-n\decora-d3d.dll
2010-04-14 02:27 . 2010-04-14 02:27 478 -c--a-w- c:\program files\Canon PowerShot A1100 IS #2 (2).lnk
2010-04-14 02:26 . 2010-04-14 02:26 478 -c--a-w- c:\program files\Canon PowerShot A1100 IS #2.lnk
2008-10-07 20:04 . 2008-11-08 22:03 2969971 -c--a-w- c:\program files\Poster Forge 1.01 Install.exe
2007-10-08 04:12 . 2008-11-08 22:03 3489 -c--a-w- c:\program files\Read Me.txt
2007-10-08 02:36 . 2008-11-08 22:03 1586 -c--a-w- c:\program files\License.txt
2007-10-08 02:35 . 2008-11-08 22:03 255 -c--a-w- c:\program files\File_id.diz
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TClockEx"="c:\program files\TClockEx\TCLOCKEX.EXE" [2000-03-09 90112]
"WeatherEye"="c:\documents and settings\Admin\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe" [2009-10-27 718232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VideotronSA.exe"="c:\program files\Videotron\Videotron Service Agent\VideotronSA.exe" [2010-03-02 4281584]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2006-09-01 282624]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\Admin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Admin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\Admin\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Videotron\\Videotron Service Agent\\ServicepointService.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5910:TCP"= 5910:TCP:vnc5910
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11-08-10 20:40 64288]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [09-04-09 15:18 107256]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17-02-10 14:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10-05-10 14:41 67656]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [11-08-10 21:36 1935656]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [09-04-09 15:19 731840]
R2 ServicepointService;ServicepointService;c:\program files\Videotron\Videotron Service Agent\ServicepointService.exe [24-07-10 15:21 689392]
R3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [11-08-10 21:36 71008]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [10-08-10 19:14 30576]
S2 CrossLoopService;CrossLoop Service;"c:\documents and settings\Admin\Local Settings\Application Data\CrossLoop\CrossLoopService.exe" --service --> c:\documents and settings\Admin\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [?]
S2 gupdate1c99fc357760a04;Google Update Service (gupdate1c99fc357760a04);c:\program files\Google\Update\GoogleUpdate.exe [08-03-09 03:56 133104]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys --> c:\windows\system32\DRIVERS\appliand.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12-07-10 04:55 1355416]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [11-08-10 20:40 15008]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [26-01-10 17:45 243056]
S4 uvnc_service;uvnc_service;c:\documents and settings\Admin\Local Settings\Application Data\CrossLoop\winvnc.exe [27-03-10 14:32 1590216]
.
Contents of the 'Scheduled Tasks' folder
2010-08-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 00:40]
2010-08-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-21 19:25]
2010-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-08 07:55]
2010-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-08 07:55]
2010-08-26 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
2010-08-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-1592454029-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
2010-08-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-1592454029-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
2010-08-27 c:\windows\Tasks\User_Feed_Synchronization-{D067900A-A1E2-40A7-A0D2-8D2FDC5710D6}.job
- c:\windows\system32\msfeedssync.exe [2008-01-16 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-27 01:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
@DACL=(02 0010)
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@DACL=(02 0010)
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(948)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-08-27 01:30:04
ComboFix-quarantined-files.txt 2010-08-27 05:30
Pre-Run: 129Â 060Â 089Â 856 bytes free
Post-Run: 129Â 047Â 564Â 288 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 0CF6FAE12F21FBE2CED70E5BB9C1083F
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.453 [GMT -4:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Pare-feu personnel d'ESET *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\skinboxer43.dll
c:\windows\system32\sleep.exe
.
((((((((((((((((((((((((( Files Created from 2010-07-27 to 2010-08-27 )))))))))))))))))))))))))))))))
.
2010-08-27 03:23 . 2010-08-27 03:23 -------- d-----w- c:\documents and settings\Admin\Application Data\Ashampoo
2010-08-27 03:19 . 2010-08-27 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2010-08-27 03:19 . 2010-08-27 03:19 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\ashampoo
2010-08-27 03:18 . 2010-08-27 03:18 -------- d-----w- c:\program files\Ashampoo
2010-08-24 15:21 . 2010-08-24 15:21 503808 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1ec53ee0-n\msvcp71.dll
2010-08-24 15:21 . 2010-08-24 15:21 499712 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1ec53ee0-n\jmc.dll
2010-08-24 15:21 . 2010-08-24 15:21 348160 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1ec53ee0-n\msvcr71.dll
2010-08-24 15:21 . 2010-08-24 15:21 61440 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-54ad9f1a-n\decora-sse.dll
2010-08-24 15:21 . 2010-08-24 15:21 12800 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-54ad9f1a-n\decora-d3d.dll
2010-08-22 23:09 . 2010-08-22 23:09 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\DeskShare
2010-08-22 22:10 . 2010-08-22 22:14 -------- d-----w- c:\documents and settings\Admin\Application Data\AbelCam
2010-08-22 22:09 . 2010-08-22 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Seiz System Engineering
2010-08-22 15:59 . 2010-08-22 15:59 388096 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-22 15:03 . 2010-08-22 15:03 -------- d-----w- c:\documents and settings\Admin\Application Data\Enplase
2010-08-22 15:03 . 2010-08-22 15:03 -------- d-----w- c:\program files\Ultima Steganography
2010-08-22 05:14 . 2010-08-22 05:14 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-08-22 04:11 . 2010-08-22 04:17 -------- d-----w- c:\program files\DawnArk WebCam Monitor
2010-08-22 03:59 . 2010-08-22 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Deskshare
2010-08-22 03:59 . 2010-08-22 23:08 -------- d-----w- c:\windows\XSxS
2010-08-22 03:59 . 2010-08-22 03:59 -------- d-----w- c:\program files\Xenocode
2010-08-22 03:59 . 2010-08-22 03:59 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Xenocode
2010-08-22 03:59 . 2010-08-22 03:59 -------- d-----w- c:\program files\Common Files\Deskshare Shared
2010-08-22 03:59 . 2010-08-22 23:14 -------- d-----w- c:\program files\Deskshare
2010-08-21 22:10 . 2010-08-21 22:10 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\iSpy.developerinabox.com
2010-08-21 22:10 . 2010-08-21 22:10 -------- d-----w- c:\program files\iSpy
2010-08-21 21:48 . 2010-08-21 21:48 75776 ----a-w- c:\windows\cadkasdeinst01e.exe
2010-08-21 21:48 . 2010-08-21 21:48 -------- d-----w- c:\program files\Photo-Colorizer 2
2010-08-21 21:37 . 2010-08-22 21:54 -------- d-----w- c:\documents and settings\Admin\Application Data\MiniCamCap
2010-08-21 05:12 . 2010-08-22 15:45 -------- d-----w- c:\program files\trend micro
2010-08-21 05:06 . 2010-08-21 05:06 -------- d-----w- c:\documents and settings\Admin\Application Data\Canneverbe Limited
2010-08-21 05:06 . 2010-08-21 05:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2010-08-21 05:05 . 2009-11-12 18:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-08-21 05:05 . 2010-08-21 05:05 -------- d-----w- c:\program files\CDBurnerXP
2010-08-21 04:49 . 2010-08-21 05:08 -------- d-----w- c:\program files\SpeedFan
2010-08-19 04:10 . 2010-08-19 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\ESTsoft
2010-08-19 04:03 . 2010-08-19 04:33 -------- d-----w- c:\program files\Software Informer
2010-08-18 04:43 . 2010-08-19 04:34 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Pechora
2010-08-17 16:06 . 2010-08-24 04:49 63488 ----a-w- c:\documents and settings\Admin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-17 16:06 . 2010-08-17 16:06 52224 ----a-w- c:\documents and settings\Admin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-17 16:06 . 2010-08-24 04:49 117760 ----a-w- c:\documents and settings\Admin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-17 16:05 . 2010-08-17 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-17 16:05 . 2010-08-17 16:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-15 19:20 . 2010-08-15 20:22 -------- d-----w- c:\program files\RegCleaner
2010-08-13 07:11 . 2010-08-19 04:02 -------- d-----w- c:\windows\BDOSCAN8
2010-08-13 04:44 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-13 04:44 . 2010-08-13 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-13 04:44 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-13 04:44 . 2010-08-13 04:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-12 03:28 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-12 01:35 . 2010-08-24 11:55 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-08-12 00:40 . 2010-07-12 08:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-12 00:37 . 2010-08-12 00:37 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Sunbelt Software
2010-08-12 00:33 . 2010-08-12 00:33 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-12 00:33 . 2010-07-12 08:56 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-08-11 23:09 . 2010-08-11 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-08-11 23:09 . 2010-08-11 23:09 -------- d-----w- c:\program files\NCH Swift Sound
2010-08-11 20:59 . 2010-08-11 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2010-08-11 20:28 . 2010-08-11 20:34 -------- d-----w- C:\Ctr
2010-08-11 04:49 . 2010-08-19 04:02 -------- d-----w- C:\temp
2010-08-11 04:48 . 2010-08-11 04:51 -------- d-----w- c:\documents and settings\Admin\.yawcam
2010-08-11 03:35 . 2010-08-11 03:35 -------- d-----w- c:\documents and settings\Admin\Application Data\Crae Interactives
2010-08-11 02:15 . 2010-08-22 14:40 474560 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-10 23:23 . 2010-08-10 23:23 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\WMTools Downloaded Files
2010-08-10 23:17 . 2010-08-22 14:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-10 23:14 . 2010-05-20 19:27 677232 ----a-w- c:\windows\system32\LCCoin32.dll
2010-08-10 23:14 . 2010-05-20 19:27 39280 ----a-w- c:\windows\system32\nx6000res.dll
2010-08-10 23:14 . 2010-05-20 19:27 30576 ----a-w- c:\windows\system32\drivers\nx6000.sys
2010-08-10 23:14 . 2010-08-10 23:14 -------- d-----w- c:\program files\Microsoft LifeCam
2010-08-10 23:14 . 2009-09-04 21:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-08-10 23:14 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-08-10 23:13 . 2010-08-19 04:02 -------- d-----w- c:\windows\Logs
2010-08-08 21:54 . 2010-08-08 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz
2010-08-08 20:54 . 2010-08-08 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-08-08 18:20 . 2010-08-08 18:20 -------- d-----w- c:\documents and settings\Admin\Application Data\NCH Software
2010-08-08 18:15 . 2010-08-08 18:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\NCH Software
2010-08-08 16:36 . 2010-08-08 16:36 52736 --sha-r- c:\windows\system32\wmplocj.dll
2010-08-07 19:42 . 2010-08-07 19:42 -------- d-----w- c:\documents and settings\Admin\Application Data\MediaZoneTrigger
2010-08-07 16:45 . 2010-08-07 16:45 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX
2010-08-07 08:55 . 2010-08-07 08:55 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\webcamXP 5
2010-08-07 07:43 . 2010-08-07 07:43 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc
2010-08-07 07:12 . 2010-08-07 07:12 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\WindowsApplication_webcam
2010-08-07 07:04 . 2007-09-10 05:31 88379 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-08-07 07:04 . 2000-10-02 08:00 119568 ----a-w- c:\windows\system32\vb6fr.dll
2010-08-07 07:04 . 2010-08-07 07:04 -------- d-----w- c:\program files\VideoLAN
2010-08-07 06:30 . 2010-08-08 21:20 -------- d-----w- c:\program files\Common Files\Labtec
2010-08-06 05:09 . 2010-08-12 03:28 -------- d-----w- c:\program files\Easy Video Downloader
2010-08-06 04:17 . 2010-08-06 04:17 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Jaksta_Pty_Ltd
2010-08-05 05:21 . 2010-08-05 05:21 -------- d-----w- c:\documents and settings\Admin\Application Data\NASA
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-26 15:51 . 2009-04-21 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-08-24 15:24 . 2008-01-16 05:17 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-24 15:20 . 2010-06-08 18:47 423656 -c--a-w- c:\windows\system32\deployJava1.dll
2010-08-24 15:03 . 2008-01-16 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-24 04:47 . 2008-01-16 04:32 -------- d-----w- c:\program files\CCleaner
2010-08-23 04:29 . 2008-01-18 07:09 -------- d-----w- c:\documents and settings\Admin\Application Data\XnView
2010-08-22 22:26 . 2010-04-11 22:01 -------- d-----w- c:\program files\a-squared Free
2010-08-22 21:46 . 2008-01-16 06:01 79312 -c--a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-22 21:13 . 2008-01-16 04:47 -------- d-----w- c:\program files\Java
2010-08-19 13:54 . 2008-01-19 09:43 -------- d-----w- c:\program files\Paint Shop Pro 6
2010-08-19 13:38 . 2008-01-16 05:32 -------- d-----w- c:\program files\Google
2010-08-19 13:31 . 2008-01-16 06:30 -------- d-----w- c:\program files\Motive
2010-08-19 13:30 . 2008-01-16 06:30 -------- d-----w- c:\program files\Common Files\Motive
2010-08-19 13:11 . 2009-06-03 02:35 -------- d-----w- c:\program files\DIFX
2010-08-19 04:11 . 2008-10-22 02:00 -------- d-----w- c:\documents and settings\Admin\Application Data\ESTsoft
2010-08-19 04:02 . 2008-02-05 08:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-17 16:05 . 2008-08-16 13:26 -------- d-----w- c:\documents and settings\Admin\Application Data\SUPERAntiSpyware.com
2010-08-11 02:16 . 2008-01-19 09:28 -------- d-----w- c:\program files\Common Files\Logitech
2010-08-07 19:15 . 2008-01-16 04:46 -------- d-----w- c:\program files\LimeWire
2010-08-07 19:15 . 2008-04-23 04:38 -------- d-----w- c:\documents and settings\Admin\Application Data\LimeWire
2010-07-28 03:16 . 2008-01-16 04:46 -------- d-----w- c:\program files\Common Files\Java
2010-07-24 19:22 . 2010-07-24 19:22 -------- d-----w- c:\program files\Radialpoint
2010-07-24 19:22 . 2010-07-24 19:21 2398400 ----a-w- c:\documents and settings\Admin\Application Data\Videotron\Videotron Service Agent\downloads\sa.41.exe.dir\sa.exe
2010-07-24 19:21 . 2010-07-24 19:21 -------- d-----w- c:\documents and settings\Admin\Application Data\Videotron
2010-07-24 19:21 . 2010-07-24 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Radialpoint
2010-07-24 19:21 . 2010-07-24 19:21 -------- d-----w- c:\program files\Videotron
2010-07-24 19:21 . 2010-07-24 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Videotron
2010-07-03 21:46 . 2009-10-13 17:10 -------- d-----w- c:\documents and settings\Admin\Application Data\ZoomBrowser EX
2010-07-03 21:45 . 2009-10-13 17:12 -------- d-----w- c:\documents and settings\Admin\Application Data\CameraWindowDC
2010-06-13 14:56 . 2010-06-13 14:56 533848 ----a-w- c:\documents and settings\All Users\Application Data\ESTsoft\ALZip\ALAd.dll
2010-06-11 20:51 . 2010-06-11 20:51 3055600 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 20:36 . 2010-06-11 20:36 275952 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-06-08 18:47 . 2010-06-08 18:47 503808 -c--a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3ba2dabf-n\msvcp71.dll
2010-06-08 18:47 . 2010-06-08 18:47 499712 -c--a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3ba2dabf-n\jmc.dll
2010-06-08 18:47 . 2010-06-08 18:47 348160 -c--a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3ba2dabf-n\msvcr71.dll
2010-06-08 18:47 . 2010-06-08 18:47 61440 -c--a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5d39ac22-n\decora-sse.dll
2010-06-08 18:47 . 2010-06-08 18:47 12800 -c--a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5d39ac22-n\decora-d3d.dll
2010-04-14 02:27 . 2010-04-14 02:27 478 -c--a-w- c:\program files\Canon PowerShot A1100 IS #2 (2).lnk
2010-04-14 02:26 . 2010-04-14 02:26 478 -c--a-w- c:\program files\Canon PowerShot A1100 IS #2.lnk
2008-10-07 20:04 . 2008-11-08 22:03 2969971 -c--a-w- c:\program files\Poster Forge 1.01 Install.exe
2007-10-08 04:12 . 2008-11-08 22:03 3489 -c--a-w- c:\program files\Read Me.txt
2007-10-08 02:36 . 2008-11-08 22:03 1586 -c--a-w- c:\program files\License.txt
2007-10-08 02:35 . 2008-11-08 22:03 255 -c--a-w- c:\program files\File_id.diz
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TClockEx"="c:\program files\TClockEx\TCLOCKEX.EXE" [2000-03-09 90112]
"WeatherEye"="c:\documents and settings\Admin\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe" [2009-10-27 718232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VideotronSA.exe"="c:\program files\Videotron\Videotron Service Agent\VideotronSA.exe" [2010-03-02 4281584]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2006-09-01 282624]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\Admin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Admin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\Admin\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Videotron\\Videotron Service Agent\\ServicepointService.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5910:TCP"= 5910:TCP:vnc5910
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11-08-10 20:40 64288]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [09-04-09 15:18 107256]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17-02-10 14:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10-05-10 14:41 67656]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [11-08-10 21:36 1935656]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [09-04-09 15:19 731840]
R2 ServicepointService;ServicepointService;c:\program files\Videotron\Videotron Service Agent\ServicepointService.exe [24-07-10 15:21 689392]
R3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [11-08-10 21:36 71008]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [10-08-10 19:14 30576]
S2 CrossLoopService;CrossLoop Service;"c:\documents and settings\Admin\Local Settings\Application Data\CrossLoop\CrossLoopService.exe" --service --> c:\documents and settings\Admin\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [?]
S2 gupdate1c99fc357760a04;Google Update Service (gupdate1c99fc357760a04);c:\program files\Google\Update\GoogleUpdate.exe [08-03-09 03:56 133104]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys --> c:\windows\system32\DRIVERS\appliand.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12-07-10 04:55 1355416]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [11-08-10 20:40 15008]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [26-01-10 17:45 243056]
S4 uvnc_service;uvnc_service;c:\documents and settings\Admin\Local Settings\Application Data\CrossLoop\winvnc.exe [27-03-10 14:32 1590216]
.
Contents of the 'Scheduled Tasks' folder
2010-08-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 00:40]
2010-08-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-21 19:25]
2010-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-08 07:55]
2010-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-08 07:55]
2010-08-26 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
2010-08-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-1592454029-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
2010-08-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-1592454029-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
2010-08-27 c:\windows\Tasks\User_Feed_Synchronization-{D067900A-A1E2-40A7-A0D2-8D2FDC5710D6}.job
- c:\windows\system32\msfeedssync.exe [2008-01-16 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-27 01:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
@DACL=(02 0010)
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@DACL=(02 0010)
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(948)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-08-27 01:30:04
ComboFix-quarantined-files.txt 2010-08-27 05:30
Pre-Run: 129Â 060Â 089Â 856 bytes free
Post-Run: 129Â 047Â 564Â 288 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 0CF6FAE12F21FBE2CED70E5BB9C1083F
re
Télécharge bootkit_remover :
> http://www.esagelab.com/files/bootkit_remover.rar
Extrait le contenu de l'archive sur ton bureau .
! Désactive ton antivirus et ferme toutes applications en cours !
Lance l'outil "en tant qu'admin...".
Une fenêtre noir type DOS va apparaitre > copie/colle tout le contenu de cette dernière dans ta prochaine réponse pour analyse ...
note :
pour copier/coller cette fenêtre, cliquer droit sur la fenêtre DOS / choisir "sélectionné tout"
![]()
Un fois le rapport sélectionné, il faut taper de suite sur [entrée] et le rapport est directement "copier" ....
Il suffit ensuite de le "coller" sur le forum ...
Télécharge bootkit_remover :
> http://www.esagelab.com/files/bootkit_remover.rar
note :
pour copier/coller cette fenêtre, cliquer droit sur la fenêtre DOS / choisir "sélectionné tout"
Un fois le rapport sélectionné, il faut taper de suite sur [entrée] et le rapport est directement "copier" ....
Il suffit ensuite de le "coller" sur le forum ...
Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com
Program version: 1.1.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
Done;
Press any key to quit...
(c) 2009 eSage Lab
www.esagelab.com
Program version: 1.1.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
Done;
Press any key to quit...
Désinstalle combofix en suivant cette procédure:
Menu démarrer puis exécuter
Tape maintenant Combofix /u dans la fenêtre que apparaît puis valide par OK. Veille à bien laisser un espace entre le X et le /U, car cela est nécessaire ici.
![]()
Supprime tous les programmes installés pour la désinfection.
Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.
![]()
Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.
Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.
Lire aussi: Antispyware gratuit : ça sert à rien!
~Edite ton premier message et marque [résolu] dans le titre.
Si ton nom de session correspond à ton véritable nom, tu as la possibilité de le changer en éditant tes posts.
![:hello:]( ":hello:")
Supprime tous les programmes installés pour la désinfection.
Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.
Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.
Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.
Lire aussi:
~Edite ton premier message et marque [résolu] dans le titre.
Si ton nom de session correspond à ton véritable nom, tu as la possibilité de le changer en éditant tes posts.
Lassé par la pub ? Créez un compte
