Je pense que c'est un virus
Résolu
Bauzau
-
Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention -
Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention -
Bonjour, j'ai exactement le même problème avec msn, il envoie "hey you got a photo album? anyways heres my new photo album :) accept k?" à mes contacts. Est j'ai fais le truc avec Hijack est sa ma donner sa:-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:10 PM, on 10/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTSvcCDA.exe
c:\docume~1\home\locals~1\temp\cdm\{4a9aaaac-eee3-429d-b7f3-775a61566db2}\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\News\NewsUpd.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\V0420Mon.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\home\LOCALS~1\Temp\Rar$EX00.172\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\home\dldckh.exe \o
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [V0420Mon.exe] C:\WINDOWS\V0420Mon.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
O4 - HKLM\..\Run: [Ulead Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
O4 - HKLM\..\Run: [pdn] C:\WINDOWS\system32\pdn.exe \j
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000
O8 - Extra context menu item: Download with ImTOO Download YouTube Video - C:\Program Files\ImTOO\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB9D5A95-7C09-4BDA-8B40-41FE3AB98CC3}: NameServer = 202.123.2.35 202.123.2.11
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\docume~1\home\locals~1\temp\cdm\{4a9aaaac-eee3-429d-b7f3-775a61566db2}\STacSV.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:10 PM, on 10/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTSvcCDA.exe
c:\docume~1\home\locals~1\temp\cdm\{4a9aaaac-eee3-429d-b7f3-775a61566db2}\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\News\NewsUpd.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\V0420Mon.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\home\LOCALS~1\Temp\Rar$EX00.172\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\home\dldckh.exe \o
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [V0420Mon.exe] C:\WINDOWS\V0420Mon.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
O4 - HKLM\..\Run: [Ulead Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
O4 - HKLM\..\Run: [pdn] C:\WINDOWS\system32\pdn.exe \j
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000
O8 - Extra context menu item: Download with ImTOO Download YouTube Video - C:\Program Files\ImTOO\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB9D5A95-7C09-4BDA-8B40-41FE3AB98CC3}: NameServer = 202.123.2.35 202.123.2.11
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\docume~1\home\locals~1\temp\cdm\{4a9aaaac-eee3-429d-b7f3-775a61566db2}\STacSV.exe
A voir également:
- Je pense que c'est un virus
- Virus mcafee - Accueil - Piratage
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
- Ordinateur bloqué virus - Accueil - Arnaque
150 réponses
/!\ Seul Bauzau peut suivre cette procédure /!\
1/
---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.
---> Copie le texte ci-dessous par sélection puis Ctrl+C :
KillAll::
File::
C:\Documents and Settings\home\dldckh.exe
C:\WINDOWS\system32\about.ico
C:\WINDOWS\system32\cableguy.ico
C:\WINDOWS\system32\customercare.ico
C:\WINDOWS\system32\tubely.ico
C:\WINDOWS\system32\pdn.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"pdn"=-
---> Colle la sélection dans le bloc-notes
---> Enregistre ce fichier sur le bureau (Impératif)
---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes
2/
---> Redémarre en mode sans échec
---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif
[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.
[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
[*] Une fois le scan achevé, un rapport va s'afficher : poste-le
[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
1/
---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.
---> Copie le texte ci-dessous par sélection puis Ctrl+C :
KillAll::
File::
C:\Documents and Settings\home\dldckh.exe
C:\WINDOWS\system32\about.ico
C:\WINDOWS\system32\cableguy.ico
C:\WINDOWS\system32\customercare.ico
C:\WINDOWS\system32\tubely.ico
C:\WINDOWS\system32\pdn.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"pdn"=-
---> Colle la sélection dans le bloc-notes
---> Enregistre ce fichier sur le bureau (Impératif)
---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes
2/
---> Redémarre en mode sans échec
---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif
[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.
[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
[*] Une fois le scan achevé, un rapport va s'afficher : poste-le
[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
Bonjour, je l'ai refais j'espère que c'est bon maintenant !!!
Command switches used :: C:\Documents and Settings\home\Desktop\CFScript.txt
FILE ::
C:\Documents and Settings\home\dldckh.exe
C:\WINDOWS\system32\about.ico
C:\WINDOWS\system32\cableguy.ico
C:\WINDOWS\system32\customercare.ico
C:\WINDOWS\system32\pdn.exe
C:\WINDOWS\system32\tubely.ico
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\home\dldckh.exe
C:\WINDOWS\system32\about.ico
C:\WINDOWS\system32\cableguy.ico
C:\WINDOWS\system32\customercare.ico
C:\WINDOWS\system32\pdn.exe
C:\WINDOWS\system32\tubely.ico
.
((((((((((((((((((((((((( Files Created from 2008-09-19 to 2008-10-19 )))))))))))))))))))))))))))))))
.
2008-10-15 19:51 . 2008-10-15 19:51 <DIR> d-------- C:\Documents and Settings\home\Application Data\Malwarebytes
2008-10-15 19:50 . 2008-10-16 22:20 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-15 19:50 . 2008-10-15 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-15 18:36 . 2008-10-15 18:36 <DIR> d-------- C:\Program Files\AxBx
2008-10-15 16:30 . 2008-09-08 11:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 05:46 . 2008-09-15 13:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-14 19:54 . 2008-08-14 11:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-14 19:54 . 2008-08-14 11:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-14 19:54 . 2008-08-14 10:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-14 19:54 . 2008-08-14 10:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-14 15:19 . 2008-10-15 18:04 1,966 --a------ C:\Documents and Settings\Orph.egd
2008-10-13 18:09 . 2008-10-13 18:23 0 --a------ C:\WINDOWS\system32\tmp.MSNFix
2008-10-12 14:48 . 2008-10-14 21:20 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-10-11 22:52 . 2008-10-19 10:49 <DIR> d-------- C:\Documents and Settings\home\Tracing
2008-10-11 22:42 . 2008-10-11 22:42 <DIR> d-------- C:\Program Files\Microsoft
2008-10-11 22:33 . 2008-10-11 22:33 <DIR> d-------- C:\Program Files\Common Files\Windows Live
2008-10-11 13:15 . 2008-10-11 13:18 <DIR> d-------- C:\Program Files\Jhoos
2008-10-05 20:06 . 2008-10-05 20:06 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-10-05 20:06 . 1998-12-08 18:53 212,480 --------- C:\WINDOWS\system32\PCDLIB32.DLL
2008-10-05 20:06 . 2005-08-04 18:54 40,960 --------- C:\WINDOWS\system32\Ulead Photo Express ScreenSaver.scr
2008-10-05 20:05 . 2008-10-05 20:05 <DIR> d-------- C:\Program Files\Ulead Systems
2008-10-05 20:04 . 2008-10-05 20:04 <DIR> d-------- C:\Documents and Settings\home\Application Data\Ulead Systems
2008-10-05 20:04 . 2008-10-05 20:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-10-05 19:58 . 2008-10-05 19:58 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-10-05 19:52 . 2008-10-05 19:52 <DIR> d-------- C:\Program Files\Morpheus Photo Morpher
2008-10-05 19:52 . 2008-10-05 19:52 <DIR> d-------- C:\Documents and Settings\home\Application Data\Morpheus Software
2008-10-05 15:01 . 2008-10-05 22:47 <DIR> d-------- C:\Documents and Settings\home\Application Data\gtk-2.0
2008-10-05 15:01 . 2008-10-05 15:01 <DIR> d-------- C:\Documents and Settings\home\.thumbnails
2008-10-05 14:56 . 2008-10-06 00:40 <DIR> d-------- C:\Documents and Settings\home\.gimp-2.6
2008-10-05 14:56 . 2008-10-05 14:56 <DIR> d-------- C:\Documents and Settings\home\.gegl-0.0
2008-10-05 14:55 . 2008-10-05 14:55 <DIR> d-------- C:\Program Files\Gimp-2.0
2008-09-26 07:57 . 2008-10-10 22:51 <DIR> d-------- C:\Program Files\Free Download Manager
2008-09-26 07:57 . 2008-10-19 10:49 <DIR> d-------- C:\Documents and Settings\home\Application Data\Free Download Manager
2008-09-26 07:57 . 2008-09-26 07:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-09-24 20:06 . 2008-10-19 10:49 <DIR> d-------- C:\Documents and Settings\home\Application Data\OpenOffice.org2
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-19 09:05 --------- d-----w C:\Documents and Settings\home\Application Data\AVG7
2008-10-13 06:48 --------- d-----w C:\Documents and Settings\home\Application Data\DMCache
2008-10-11 21:50 --------- d-----w C:\Program Files\Windows Live
2008-10-11 07:25 --------- d-----w C:\Documents and Settings\home\Application Data\BearShare
2008-10-10 21:51 --------- d-----w C:\Program Files\Internet Download Manager
2008-10-09 02:11 --------- d-----w C:\Documents and Settings\home\Application Data\Skype
2008-10-09 00:39 --------- d-----w C:\Documents and Settings\home\Application Data\skypePM
2008-10-05 19:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-26 07:12 --------- d-----w C:\Program Files\BitComet
2008-09-26 06:56 --------- d-----w C:\Documents and Settings\home\Application Data\IDM
2008-09-17 18:20 --------- d-----w C:\Program Files\Skype
2008-09-17 18:20 --------- d-----w C:\Program Files\Common Files\Skype
2008-09-17 18:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-09-11 20:53 --------- d-----w C:\Documents and Settings\home\Application Data\Creative
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-07 23:49 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-09-07 23:49 --------- d-----w C:\Program Files\Java
2008-09-05 14:56 287,744 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-08-23 20:48 --------- d-----w C:\Documents and Settings\home\Application Data\Digsby
2008-08-23 20:47 --------- d-----w C:\Program Files\Digsby
2008-08-21 10:00 --------- d-----w C:\Documents and Settings\home\Application Data\iMesh
2008-08-21 09:59 --------- d-----w C:\Program Files\iMesh Applications
2008-08-19 16:01 --------- d-----w C:\Program Files\VirtualDJ
.
((((((((((((((((((((((((((((( snapshot@2008-10-16_23.43.37.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB956391\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB956391\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB956391\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB956391\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB956391\update\updspapi.dll
+ 2008-08-14 10:34:26 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB956803\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB956803\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB956803\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB956803\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB956803\update\updspapi.dll
+ 2008-08-14 10:39:28 2,145,280 ----a-w C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntkrnlmp.exe
+ 2008-08-14 14:39:46 2,066,048 ----a-w C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
+ 2008-08-14 10:09:44 2,023,936 ----a-w C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntkrpamp.exe
+ 2008-08-14 15:11:10 2,189,184 ----a-w C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB956841\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB956841\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB956841\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB956841\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB956841\update\updspapi.dll
+ 2008-09-08 11:37:19 333,824 ----a-w C:\WINDOWS\$hf_mig$\KB957095\SP3QFE\srv.sys
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB957095\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB957095\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB957095\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB957095\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB957095\update\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB956391$\spuninst\updspapi.dll
+ 2008-06-20 11:40:08 138,496 -c----w C:\WINDOWS\$NtUninstallKB956803$\afd.sys
+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w C:\WINDOWS\$NtUninstallKB956803$\spuninst\updspapi.dll
+ 2008-04-13 18:31:21 2,023,936 -c----w C:\WINDOWS\$NtUninstallKB956841$\ntkrnlpa.exe
+ 2008-04-13 19:24:37 2,145,280 -c----w C:\WINDOWS\$NtUninstallKB956841$\ntoskrnl.exe
+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe
+ 2008-07-09 07:38:37 382,840 -c----w C:\WINDOWS\$NtUninstallKB956841$\spuninst\updspapi.dll
+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w C:\WINDOWS\$NtUninstallKB957095$\spuninst\updspapi.dll
+ 2008-04-13 19:15:11 334,848 -c----w C:\WINDOWS\$NtUninstallKB957095$\srv.sys
+ 2008-08-14 10:09:26 2,145,280 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:33:16 2,066,048 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:33:16 2,023,936 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 10:11:02 2,189,184 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2008-06-23 16:01:38 124,928 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\advpack.dll
+ 2008-06-23 16:01:38 347,136 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2008-06-23 16:01:39 214,528 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtrans.dll
+ 2008-06-23 16:01:39 132,608 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\extmgr.dll
+ 2008-06-23 16:01:39 63,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\icardie.dll
+ 2008-06-23 08:23:18 70,656 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2008-06-23 16:01:39 153,088 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakeng.dll
+ 2008-06-23 16:01:39 230,400 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieaksie.dll
+ 2008-06-21 05:23:53 161,792 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakui.dll
+ 2008-06-23 16:01:40 383,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2008-06-23 16:01:40 388,608 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2008-06-23 16:01:43 6,068,736 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieframe.dll
+ 2008-06-23 16:01:43 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iernonce.dll
+ 2008-06-23 16:01:44 267,776 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iertutil.dll
+ 2008-06-23 08:23:18 13,824 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieudinit.exe
+ 2008-06-23 08:23:52 625,664 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe
+ 2008-06-23 16:01:46 27,648 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\jsproxy.dll
+ 2008-06-23 16:01:46 459,264 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeeds.dll
+ 2008-06-23 16:01:46 52,224 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2008-06-23 16:01:49 3,594,240 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtml.dll
+ 2008-06-23 16:01:49 477,696 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtmled.dll
+ 2008-06-23 16:01:49 193,024 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msrating.dll
+ 2008-06-23 16:01:50 671,232 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mstime.dll
+ 2008-06-23 16:01:50 102,912 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\occache.dll
+ 2008-06-23 16:01:50 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2008-06-23 16:01:50 105,984 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\url.dll
+ 2008-06-23 16:01:51 1,162,752 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\urlmon.dll
+ 2008-06-23 16:01:51 233,472 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\webcheck.dll
+ 2008-06-23 16:01:51 827,904 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\wininet.dll
- 2008-06-23 16:01:38 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-08-26 09:08:35 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-06-23 16:01:38 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-08-26 09:08:35 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-06-20 11:40:08 138,496 -c----w C:\WINDOWS\system32\dllcache\afd.sys
+ 2008-08-14 10:04:36 138,496 -c----w C:\WINDOWS\system32\dllcache\afd.sys
- 2008-06-23 16:01:38 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-08-26 09:08:36 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-06-23 16:01:39 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-08-26 09:08:36 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-06-23 16:01:39 132,608 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-08-26 09:08:36 132,608 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-06-23 16:01:39 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-08-26 09:08:36 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-06-23 08:23:18 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-08-25 08:43:21 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-06-23 16:01:39 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-08-26 09:08:36 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-06-23 16:01:39 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-08-26 09:08:36 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-06-21 05:23:53 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-08-23 05:54:50 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-06-23 16:01:40 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-08-26 09:08:36 380,928 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-06-23 16:01:40 388,608 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-08-26 09:08:37 388,608 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-06-23 16:01:43 6,068,736 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-10-03 17:26:50 6,068,224 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-06-23 16:01:43 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-08-26 09:08:39 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-06-23 16:01:44 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-08-26 09:08:39 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-06-23 08:23:18 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-08-25 08:43:21 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-06-23 08:23:52 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-08-23 05:56:16 635,848 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-06-23 16:01:46 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-08-26 09:08:40 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-06-23 16:01:46 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-08-26 09:08:40 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-06-23 16:01:46 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-08-26 09:08:40 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-06-23 16:01:49 3,594,240 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-08-26 09:08:43 3,594,752 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-06-23 16:01:49 477,696 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-08-26 09:08:43 477,696 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-06-23 16:01:49 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-08-26 09:08:44 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-06-23 16:01:50 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-08-26 09:08:44 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-06-23 16:01:50 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-08-26 09:08:44 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-06-23 16:01:50 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-08-26 09:08:44 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2008-06-23 16:01:50 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-08-26 09:08:44 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
- 2008-06-23 16:01:51 1,162,752 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-08-26 09:08:45 1,162,752 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-06-23 16:01:51 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-08-26 09:08:45 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-06-23 16:01:51 827,904 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-08-26 09:08:45 827,904 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
+ 2008-08-14 10:04:36 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
- 2008-06-23 16:01:38 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-08-26 09:08:36 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-06-23 16:01:39 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-08-26 09:08:36 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-06-23 16:01:39 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-08-26 09:08:36 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-06-23 16:01:39 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-08-26 09:08:36 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-06-23 08:23:18 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-08-25 08:43:21 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-06-23 16:01:39 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-08-26 09:08:36 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-06-23 16:01:39 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-08-26 09:08:36 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-06-21 05:23:53 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-08-23 05:54:50 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2008-06-23 16:01:40 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-08-26 09:08:36 380,928 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-06-23 16:01:40 388,608 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-08-26 09:08:37 388,608 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2008-06-23 16:01:43 6,068,736 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-10-03 17:26:50 6,068,224 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-06-23 16:01:43 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-08-26 09:08:39 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-06-23 16:01:44 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-08-26 09:08:39 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-06-23 08:23:18 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-08-25 08:43:21 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2008-06-23 16:01:46 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-08-26 09:08:40 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-06-23 16:01:46 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-08-26 09:08:40 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-06-23 16:01:46 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-08-26 09:08:40 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-06-23 16:01:49 3,594,240 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-08-26 09:08:43 3,594,752 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-06-23 16:01:49 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-08-26 09:08:43 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-06-23 16:01:49 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-08-26 09:08:44 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-06-23 16:01:50 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-08-26 09:08:44 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-04-13 18:31:21 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
+ 2008-08-14 09:33:16 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
- 2008-04-13 19:24:37 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
+ 2008-08-14 10:09:26 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
- 2008-06-23 16:01:50 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-08-26 09:08:44 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-06-23 16:01:50 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-08-26 09:08:44 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-06-23 16:01:50 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-08-26 09:08:44 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-06-23 16:01:51 1,162,752 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-08-26 09:08:45 1,162,752 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-06-23 16:01:51 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-08-26 09:08:45 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2008-06-23 16:01:51 827,904 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-08-26 09:08:45 827,904 ----a-w C:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-09 3513344]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-18 1249280]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-06-18 1122816]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2008-02-25 2465839]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NewsUpd"="C:\Program Files\Creative\News\NewsUpd.EXE" [2000-08-04 44032]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [1999-08-30 189952]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [2008-04-11 413696]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
"V0420Mon.exe"="C:\WINDOWS\V0420Mon.exe" [2007-04-30 32768]
"Ulead AutoDetector"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe" [2005-07-28 94208]
"Ulead Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe" [2005-08-22 69632]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 169984]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-07-26 219136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
C:\Documents and Settings\home\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-07-26 839680]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16174:TCP"= 16174:TCP:BitComet 16174 TCP
"16174:UDP"= 16174:UDP:BitComet 16174 UDP
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-03 63555]
S3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-05 114616]
S3 V0420VID;Live! Cam Vista IM (VF0420);C:\WINDOWS\system32\DRIVERS\V0420Vid.sys [2007-05-31 99648]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-19 11:09:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-19 11:15:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-19 10:15:40
ComboFix2.txt 2008-10-16 23:21:24
ComboFix3.txt 2008-10-16 22:44:03
Pre-Run: 141,322,035,200 bytes free
Post-Run: 141,314,326,528 bytes free
358 --- E O F --- 2008-10-17 00:01:04
Command switches used :: C:\Documents and Settings\home\Desktop\CFScript.txt
FILE ::
C:\Documents and Settings\home\dldckh.exe
C:\WINDOWS\system32\about.ico
C:\WINDOWS\system32\cableguy.ico
C:\WINDOWS\system32\customercare.ico
C:\WINDOWS\system32\pdn.exe
C:\WINDOWS\system32\tubely.ico
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\home\dldckh.exe
C:\WINDOWS\system32\about.ico
C:\WINDOWS\system32\cableguy.ico
C:\WINDOWS\system32\customercare.ico
C:\WINDOWS\system32\pdn.exe
C:\WINDOWS\system32\tubely.ico
.
((((((((((((((((((((((((( Files Created from 2008-09-19 to 2008-10-19 )))))))))))))))))))))))))))))))
.
2008-10-15 19:51 . 2008-10-15 19:51 <DIR> d-------- C:\Documents and Settings\home\Application Data\Malwarebytes
2008-10-15 19:50 . 2008-10-16 22:20 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-15 19:50 . 2008-10-15 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-15 18:36 . 2008-10-15 18:36 <DIR> d-------- C:\Program Files\AxBx
2008-10-15 16:30 . 2008-09-08 11:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 05:46 . 2008-09-15 13:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-14 19:54 . 2008-08-14 11:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-14 19:54 . 2008-08-14 11:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-14 19:54 . 2008-08-14 10:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-14 19:54 . 2008-08-14 10:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-14 15:19 . 2008-10-15 18:04 1,966 --a------ C:\Documents and Settings\Orph.egd
2008-10-13 18:09 . 2008-10-13 18:23 0 --a------ C:\WINDOWS\system32\tmp.MSNFix
2008-10-12 14:48 . 2008-10-14 21:20 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-10-11 22:52 . 2008-10-19 10:49 <DIR> d-------- C:\Documents and Settings\home\Tracing
2008-10-11 22:42 . 2008-10-11 22:42 <DIR> d-------- C:\Program Files\Microsoft
2008-10-11 22:33 . 2008-10-11 22:33 <DIR> d-------- C:\Program Files\Common Files\Windows Live
2008-10-11 13:15 . 2008-10-11 13:18 <DIR> d-------- C:\Program Files\Jhoos
2008-10-05 20:06 . 2008-10-05 20:06 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-10-05 20:06 . 1998-12-08 18:53 212,480 --------- C:\WINDOWS\system32\PCDLIB32.DLL
2008-10-05 20:06 . 2005-08-04 18:54 40,960 --------- C:\WINDOWS\system32\Ulead Photo Express ScreenSaver.scr
2008-10-05 20:05 . 2008-10-05 20:05 <DIR> d-------- C:\Program Files\Ulead Systems
2008-10-05 20:04 . 2008-10-05 20:04 <DIR> d-------- C:\Documents and Settings\home\Application Data\Ulead Systems
2008-10-05 20:04 . 2008-10-05 20:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-10-05 19:58 . 2008-10-05 19:58 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-10-05 19:52 . 2008-10-05 19:52 <DIR> d-------- C:\Program Files\Morpheus Photo Morpher
2008-10-05 19:52 . 2008-10-05 19:52 <DIR> d-------- C:\Documents and Settings\home\Application Data\Morpheus Software
2008-10-05 15:01 . 2008-10-05 22:47 <DIR> d-------- C:\Documents and Settings\home\Application Data\gtk-2.0
2008-10-05 15:01 . 2008-10-05 15:01 <DIR> d-------- C:\Documents and Settings\home\.thumbnails
2008-10-05 14:56 . 2008-10-06 00:40 <DIR> d-------- C:\Documents and Settings\home\.gimp-2.6
2008-10-05 14:56 . 2008-10-05 14:56 <DIR> d-------- C:\Documents and Settings\home\.gegl-0.0
2008-10-05 14:55 . 2008-10-05 14:55 <DIR> d-------- C:\Program Files\Gimp-2.0
2008-09-26 07:57 . 2008-10-10 22:51 <DIR> d-------- C:\Program Files\Free Download Manager
2008-09-26 07:57 . 2008-10-19 10:49 <DIR> d-------- C:\Documents and Settings\home\Application Data\Free Download Manager
2008-09-26 07:57 . 2008-09-26 07:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-09-24 20:06 . 2008-10-19 10:49 <DIR> d-------- C:\Documents and Settings\home\Application Data\OpenOffice.org2
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-19 09:05 --------- d-----w C:\Documents and Settings\home\Application Data\AVG7
2008-10-13 06:48 --------- d-----w C:\Documents and Settings\home\Application Data\DMCache
2008-10-11 21:50 --------- d-----w C:\Program Files\Windows Live
2008-10-11 07:25 --------- d-----w C:\Documents and Settings\home\Application Data\BearShare
2008-10-10 21:51 --------- d-----w C:\Program Files\Internet Download Manager
2008-10-09 02:11 --------- d-----w C:\Documents and Settings\home\Application Data\Skype
2008-10-09 00:39 --------- d-----w C:\Documents and Settings\home\Application Data\skypePM
2008-10-05 19:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-26 07:12 --------- d-----w C:\Program Files\BitComet
2008-09-26 06:56 --------- d-----w C:\Documents and Settings\home\Application Data\IDM
2008-09-17 18:20 --------- d-----w C:\Program Files\Skype
2008-09-17 18:20 --------- d-----w C:\Program Files\Common Files\Skype
2008-09-17 18:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-09-11 20:53 --------- d-----w C:\Documents and Settings\home\Application Data\Creative
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-07 23:49 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-09-07 23:49 --------- d-----w C:\Program Files\Java
2008-09-05 14:56 287,744 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-08-23 20:48 --------- d-----w C:\Documents and Settings\home\Application Data\Digsby
2008-08-23 20:47 --------- d-----w C:\Program Files\Digsby
2008-08-21 10:00 --------- d-----w C:\Documents and Settings\home\Application Data\iMesh
2008-08-21 09:59 --------- d-----w C:\Program Files\iMesh Applications
2008-08-19 16:01 --------- d-----w C:\Program Files\VirtualDJ
.
((((((((((((((((((((((((((((( snapshot@2008-10-16_23.43.37.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB956391\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB956391\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB956391\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB956391\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB956391\update\updspapi.dll
+ 2008-08-14 10:34:26 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB956803\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB956803\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB956803\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB956803\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB956803\update\updspapi.dll
+ 2008-08-14 10:39:28 2,145,280 ----a-w C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntkrnlmp.exe
+ 2008-08-14 14:39:46 2,066,048 ----a-w C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
+ 2008-08-14 10:09:44 2,023,936 ----a-w C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntkrpamp.exe
+ 2008-08-14 15:11:10 2,189,184 ----a-w C:\WINDOWS\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB956841\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB956841\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB956841\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB956841\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB956841\update\updspapi.dll
+ 2008-09-08 11:37:19 333,824 ----a-w C:\WINDOWS\$hf_mig$\KB957095\SP3QFE\srv.sys
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB957095\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB957095\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB957095\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB957095\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB957095\update\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB956391$\spuninst\updspapi.dll
+ 2008-06-20 11:40:08 138,496 -c----w C:\WINDOWS\$NtUninstallKB956803$\afd.sys
+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w C:\WINDOWS\$NtUninstallKB956803$\spuninst\updspapi.dll
+ 2008-04-13 18:31:21 2,023,936 -c----w C:\WINDOWS\$NtUninstallKB956841$\ntkrnlpa.exe
+ 2008-04-13 19:24:37 2,145,280 -c----w C:\WINDOWS\$NtUninstallKB956841$\ntoskrnl.exe
+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe
+ 2008-07-09 07:38:37 382,840 -c----w C:\WINDOWS\$NtUninstallKB956841$\spuninst\updspapi.dll
+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w C:\WINDOWS\$NtUninstallKB957095$\spuninst\updspapi.dll
+ 2008-04-13 19:15:11 334,848 -c----w C:\WINDOWS\$NtUninstallKB957095$\srv.sys
+ 2008-08-14 10:09:26 2,145,280 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:33:16 2,066,048 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:33:16 2,023,936 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 10:11:02 2,189,184 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2008-06-23 16:01:38 124,928 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\advpack.dll
+ 2008-06-23 16:01:38 347,136 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2008-06-23 16:01:39 214,528 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtrans.dll
+ 2008-06-23 16:01:39 132,608 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\extmgr.dll
+ 2008-06-23 16:01:39 63,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\icardie.dll
+ 2008-06-23 08:23:18 70,656 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2008-06-23 16:01:39 153,088 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakeng.dll
+ 2008-06-23 16:01:39 230,400 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieaksie.dll
+ 2008-06-21 05:23:53 161,792 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakui.dll
+ 2008-06-23 16:01:40 383,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2008-06-23 16:01:40 388,608 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2008-06-23 16:01:43 6,068,736 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieframe.dll
+ 2008-06-23 16:01:43 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iernonce.dll
+ 2008-06-23 16:01:44 267,776 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iertutil.dll
+ 2008-06-23 08:23:18 13,824 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieudinit.exe
+ 2008-06-23 08:23:52 625,664 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe
+ 2008-06-23 16:01:46 27,648 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\jsproxy.dll
+ 2008-06-23 16:01:46 459,264 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeeds.dll
+ 2008-06-23 16:01:46 52,224 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2008-06-23 16:01:49 3,594,240 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtml.dll
+ 2008-06-23 16:01:49 477,696 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtmled.dll
+ 2008-06-23 16:01:49 193,024 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msrating.dll
+ 2008-06-23 16:01:50 671,232 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mstime.dll
+ 2008-06-23 16:01:50 102,912 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\occache.dll
+ 2008-06-23 16:01:50 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2008-06-23 16:01:50 105,984 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\url.dll
+ 2008-06-23 16:01:51 1,162,752 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\urlmon.dll
+ 2008-06-23 16:01:51 233,472 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\webcheck.dll
+ 2008-06-23 16:01:51 827,904 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\wininet.dll
- 2008-06-23 16:01:38 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-08-26 09:08:35 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-06-23 16:01:38 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-08-26 09:08:35 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-06-20 11:40:08 138,496 -c----w C:\WINDOWS\system32\dllcache\afd.sys
+ 2008-08-14 10:04:36 138,496 -c----w C:\WINDOWS\system32\dllcache\afd.sys
- 2008-06-23 16:01:38 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-08-26 09:08:36 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-06-23 16:01:39 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-08-26 09:08:36 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-06-23 16:01:39 132,608 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-08-26 09:08:36 132,608 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-06-23 16:01:39 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-08-26 09:08:36 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-06-23 08:23:18 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-08-25 08:43:21 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-06-23 16:01:39 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-08-26 09:08:36 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-06-23 16:01:39 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-08-26 09:08:36 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-06-21 05:23:53 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-08-23 05:54:50 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-06-23 16:01:40 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-08-26 09:08:36 380,928 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-06-23 16:01:40 388,608 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-08-26 09:08:37 388,608 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-06-23 16:01:43 6,068,736 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-10-03 17:26:50 6,068,224 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-06-23 16:01:43 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-08-26 09:08:39 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-06-23 16:01:44 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-08-26 09:08:39 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-06-23 08:23:18 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-08-25 08:43:21 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-06-23 08:23:52 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-08-23 05:56:16 635,848 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-06-23 16:01:46 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-08-26 09:08:40 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-06-23 16:01:46 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-08-26 09:08:40 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-06-23 16:01:46 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-08-26 09:08:40 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-06-23 16:01:49 3,594,240 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-08-26 09:08:43 3,594,752 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-06-23 16:01:49 477,696 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-08-26 09:08:43 477,696 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-06-23 16:01:49 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-08-26 09:08:44 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-06-23 16:01:50 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-08-26 09:08:44 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-06-23 16:01:50 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-08-26 09:08:44 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-06-23 16:01:50 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-08-26 09:08:44 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2008-06-23 16:01:50 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-08-26 09:08:44 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
- 2008-06-23 16:01:51 1,162,752 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-08-26 09:08:45 1,162,752 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-06-23 16:01:51 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-08-26 09:08:45 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-06-23 16:01:51 827,904 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-08-26 09:08:45 827,904 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
+ 2008-08-14 10:04:36 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
- 2008-06-23 16:01:38 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-08-26 09:08:36 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-06-23 16:01:39 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-08-26 09:08:36 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-06-23 16:01:39 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-08-26 09:08:36 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-06-23 16:01:39 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-08-26 09:08:36 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-06-23 08:23:18 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-08-25 08:43:21 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-06-23 16:01:39 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-08-26 09:08:36 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-06-23 16:01:39 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-08-26 09:08:36 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-06-21 05:23:53 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-08-23 05:54:50 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2008-06-23 16:01:40 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-08-26 09:08:36 380,928 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-06-23 16:01:40 388,608 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-08-26 09:08:37 388,608 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2008-06-23 16:01:43 6,068,736 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-10-03 17:26:50 6,068,224 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-06-23 16:01:43 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-08-26 09:08:39 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-06-23 16:01:44 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-08-26 09:08:39 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-06-23 08:23:18 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-08-25 08:43:21 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2008-06-23 16:01:46 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-08-26 09:08:40 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-06-23 16:01:46 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-08-26 09:08:40 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-06-23 16:01:46 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-08-26 09:08:40 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-06-23 16:01:49 3,594,240 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-08-26 09:08:43 3,594,752 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-06-23 16:01:49 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-08-26 09:08:43 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-06-23 16:01:49 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-08-26 09:08:44 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-06-23 16:01:50 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-08-26 09:08:44 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-04-13 18:31:21 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
+ 2008-08-14 09:33:16 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
- 2008-04-13 19:24:37 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
+ 2008-08-14 10:09:26 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
- 2008-06-23 16:01:50 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-08-26 09:08:44 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-06-23 16:01:50 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-08-26 09:08:44 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-06-23 16:01:50 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-08-26 09:08:44 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-06-23 16:01:51 1,162,752 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-08-26 09:08:45 1,162,752 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-06-23 16:01:51 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-08-26 09:08:45 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2008-06-23 16:01:51 827,904 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-08-26 09:08:45 827,904 ----a-w C:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-09 3513344]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-18 1249280]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-06-18 1122816]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2008-02-25 2465839]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NewsUpd"="C:\Program Files\Creative\News\NewsUpd.EXE" [2000-08-04 44032]
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [1999-08-30 189952]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [2008-04-11 413696]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
"V0420Mon.exe"="C:\WINDOWS\V0420Mon.exe" [2007-04-30 32768]
"Ulead AutoDetector"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe" [2005-07-28 94208]
"Ulead Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe" [2005-08-22 69632]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 169984]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-07-26 219136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
C:\Documents and Settings\home\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-07-26 839680]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16174:TCP"= 16174:TCP:BitComet 16174 TCP
"16174:UDP"= 16174:UDP:BitComet 16174 UDP
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-03 63555]
S3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-05 114616]
S3 V0420VID;Live! Cam Vista IM (VF0420);C:\WINDOWS\system32\DRIVERS\V0420Vid.sys [2007-05-31 99648]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-19 11:09:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-19 11:15:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-19 10:15:40
ComboFix2.txt 2008-10-16 23:21:24
ComboFix3.txt 2008-10-16 22:44:03
Pre-Run: 141,322,035,200 bytes free
Post-Run: 141,314,326,528 bytes free
358 --- E O F --- 2008-10-17 00:01:04
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Voici le rapport avec hijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:47:03 PM, on 10/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTSvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\News\NewsUpd.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\V0420Mon.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.jhoos.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [V0420Mon.exe] C:\WINDOWS\V0420Mon.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
O4 - HKLM\..\Run: [Ulead Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
O4 - HKLM\..\Run: [pdn] C:\WINDOWS\system32\pdn.exe \j
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000
O8 - Extra context menu item: Download with ImTOO Download YouTube Video - C:\Program Files\ImTOO\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB9D5A95-7C09-4BDA-8B40-41FE3AB98CC3}: NameServer = 202.123.2.35 202.123.2.11
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - Unknown owner - c:\docume~1\home\locals~1\temp\cdm\{4a9aaaac-eee3-429d-b7f3-775a61566db2}\STacSV.exe (file missing)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:47:03 PM, on 10/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTSvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\News\NewsUpd.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\V0420Mon.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.jhoos.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [V0420Mon.exe] C:\WINDOWS\V0420Mon.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
O4 - HKLM\..\Run: [Ulead Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
O4 - HKLM\..\Run: [pdn] C:\WINDOWS\system32\pdn.exe \j
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000
O8 - Extra context menu item: Download with ImTOO Download YouTube Video - C:\Program Files\ImTOO\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB9D5A95-7C09-4BDA-8B40-41FE3AB98CC3}: NameServer = 202.123.2.35 202.123.2.11
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - Unknown owner - c:\docume~1\home\locals~1\temp\cdm\{4a9aaaac-eee3-429d-b7f3-775a61566db2}\STacSV.exe (file missing)
* Télécharge SDFix (par Andy Manchesta) et sauvegarde-le sur ton bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
* Double-clique sur SDFix.exe et choisis Install pour l'extraire dans son dossier sur le bureau.
* Redémarre le PC en mode sans échec :
https://blog.sosordi.net/
* Choisis ton compte.
Déroule la liste des instructions ci-dessous :
* Ouvre le dossier SDFix qui vient d'être créé sur le bureau et double-clique sur RunThis.bat pour lancer le script.
* Appuie sur Y pour commencer le nettoyage.
* Quand il te le demandera, appuie sur une touche pour redémarrer le PC.
* Ton système sera plus long à redémarrer car l'outil va continuer à s'exécuter et supprimer des fichiers.
* Après le chargement du bureau, l'outil aura terminé et affichera Finished.
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton bureau.
* Le rapport SDFix s'ouvrira et il sera enregistré dans le dossier SDFix sous le nom Report.txt.
* Enfin, copie/colle le rapport du fichier Report.txt.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
* Double-clique sur SDFix.exe et choisis Install pour l'extraire dans son dossier sur le bureau.
* Redémarre le PC en mode sans échec :
https://blog.sosordi.net/
* Choisis ton compte.
Déroule la liste des instructions ci-dessous :
* Ouvre le dossier SDFix qui vient d'être créé sur le bureau et double-clique sur RunThis.bat pour lancer le script.
* Appuie sur Y pour commencer le nettoyage.
* Quand il te le demandera, appuie sur une touche pour redémarrer le PC.
* Ton système sera plus long à redémarrer car l'outil va continuer à s'exécuter et supprimer des fichiers.
* Après le chargement du bureau, l'outil aura terminé et affichera Finished.
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton bureau.
* Le rapport SDFix s'ouvrira et il sera enregistré dans le dossier SDFix sous le nom Report.txt.
* Enfin, copie/colle le rapport du fichier Report.txt.
Quand je double clicque sur SDFix en mode sans échec sa me donne cette Rapport
SDFix has been extracted to %systemdrive%\SDFix\
(Drive that contains the Windows directory - typically C:\SDFix)
Open the SDFix folder in Safe Mode and double click the RunThis.bat file to start the fixtool
If RunThis.bat is started in Normal Mode, options to download and run Anti-Virus command line scanners are displayed
Catchme.exe Stealth Malware Detector by GMER is also included in the SDFix folder
Additional SDFix Instructions & screen shots can be found here - http://www.bleepingcomputer.com/forums/topic131299.html
SDFix a été extrait dans %systemdrive%\SDFix\
(Le disque qui contient le répertoire Windows - typiquement C:\SDFix)
Ouvrez le dossier SDFix en mode sans échec et double clique sur le fichier RunThis.bat pour démarrer l'outil.
Si RunThis.bat est lancé en mode normal, les options pour télécharger et lancer les scanners Antivirus en ligne de commande seront affichées
Catchme.exe Stealth Malware Detector de GMER est également inclus dans le dossier SDFix
Instructions supplémentaires pour SDFix & captures d'écran peuvent être trouvées ici - http://www.bleepingcomputer.com/forums/topic131299.html
SDFix has been extracted to %systemdrive%\SDFix\
(Drive that contains the Windows directory - typically C:\SDFix)
Open the SDFix folder in Safe Mode and double click the RunThis.bat file to start the fixtool
If RunThis.bat is started in Normal Mode, options to download and run Anti-Virus command line scanners are displayed
Catchme.exe Stealth Malware Detector by GMER is also included in the SDFix folder
Additional SDFix Instructions & screen shots can be found here - http://www.bleepingcomputer.com/forums/topic131299.html
SDFix a été extrait dans %systemdrive%\SDFix\
(Le disque qui contient le répertoire Windows - typiquement C:\SDFix)
Ouvrez le dossier SDFix en mode sans échec et double clique sur le fichier RunThis.bat pour démarrer l'outil.
Si RunThis.bat est lancé en mode normal, les options pour télécharger et lancer les scanners Antivirus en ligne de commande seront affichées
Catchme.exe Stealth Malware Detector de GMER est également inclus dans le dossier SDFix
Instructions supplémentaires pour SDFix & captures d'écran peuvent être trouvées ici - http://www.bleepingcomputer.com/forums/topic131299.html
