Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vundo removed, but problem persists [RESOLVED]

Started by Kashink , Apr 28 2008 11:29 AM

  • This topic is locked This topic is locked

#1
Kashink
Posted 28 April 2008 - 11:29 AM

Kashink

    Member

  • Member
  • PipPip
  • 56 posts
Hi,

I read and applied the advice given on this forum. Here is my setup. I have a desktop computer and a laptop. The latter has a wireless connexion to my Linksys network. Yesterday, IE7 on the laptop started behaving strangely, then the laptop gave me the "Buffer error message." No problem with the other machine.

I downloaded ATF Cleaner and executed it.
Then I went for MBAM and executed it twice.
As it had identified a threat named Vundo, I downloaded VundoFix and executed it as per instructions.
At this point, I started having problems with the network. Also, I got this error message upon reboot: Windows\systen32\cwaxhvgv.dll is not a valid Window image."
I fiddled around with the network and fixed it, but I keep getting the same message upon reboot.
No problem with desktop, ran vundofix on it just in case, everything seems okay there.
I googled the error message about the "window image" and found a possible fix: open dos window, run cfm and have window repair itself. Still getting message upon reboot. IE7 seems to work fine, however. at least for now.

Thanks for your help,
K.
  • 0

Advertisements

#2
Rorschach112
Posted 28 April 2008 - 03:13 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

for more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058. once you install the Recovery Console, when you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. that is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#3
Kashink
Posted 28 April 2008 - 03:31 PM

Kashink

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Thank you R. :)

Meanwhile, since my Internet access was restablished, I downloaded SUPERAntiSpyware and executed it. However, as soon as it was done (this takes a while, as you surely know), the program opened a window for an update. I figured I might as well launch a second scan, just to make sure. The good news is that I haven't seen the error message after power-up. I will keep you posted if this action has resolved the problem and, if not, I will follow your instructions.

K.
  • 0

#4
Rorschach112
Posted 28 April 2008 - 03:37 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
I doubt SUPERAntiSpyware would have removed it

Let me know if it has and I will close the topic
  • 0

#5
Kashink
Posted 29 April 2008 - 07:21 AM

Kashink

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
I couldn't say for sure. After reading some of the posts here, I know that everything may seem okay for a while, before it starts all over again. But indeed, the annoying error message about the buffer, and then the one about the dll file don't appear anymore. SUPERAntiSpyware did quarantine and remove over a dozen files, a few of them dll, though not the one that seemed to be a "false" image. I will consider, for now, that everything is fine.

I do have a question, though. It's about those spyware and what they can do. I tend to use my desktop machine for any "confidential" transactions on the Web, rather than the laptop, which means my personal info is kept on the desktop. My question is: can a spyware on my laptop be used to get to personal info on my desktop?

I will let you decide whether this topic should be considered "resolved" or if it should be kept open for a few days until I'm sure.

Thanks again! :)
  • 0

#6
Rorschach112
Posted 29 April 2008 - 07:26 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

My question is: can a spyware on my laptop be used to get to personal info on my desktop?

100% yes. We deal with these infections all the time. However Vundo doesn't do this. The thing is, you may have other infections on your PC besides Vundo, one of those could be a backdoor bot which steals that sort of information, I can't say for sure until I see the necessary logs.


I will let you decide whether this topic should be considered "resolved" or if it should be kept open for a few days until I'm sure.

If it was me, I would get you to run ComboFix now. If you are clean, it shouldn't take long to mark this thread as resolved


Let me know what you decide
  • 0

#7
Kashink
Posted 29 April 2008 - 10:49 AM

Kashink

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Sorry for the delay, I had to go out this morning. I will do as you say and run ComboFix. As soon as it's done, I will post the result here.

:)

Something must have gone wrong, I'm not sure what to do. I went by the instructions posted here, downloaded CFix, but copied it from the desktop to the laptop. Then I downloaded Windows Recovery directly with and on the laptop, dragged the Windows icon onto the CFix, which simply disappeared after a window opened asking me to confirm. What shall I do next?

K.

Edited by Kashink, 29 April 2008 - 11:29 AM.

  • 0

#8
Kashink
Posted 29 April 2008 - 11:35 AM

Kashink

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
:)

Hi R.,

I modified my previous post with a question, but just realized this is not the best way to attract you attention. Can you read that last paragraph in the post above and let me know what I did wrong and what I need to do now, if anything. Btw, shall I also disable the screensaver on the laptop? Also, do I need to run CFix on the other computer?

K.
  • 0

#9
Rorschach112
Posted 29 April 2008 - 12:13 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
You don't need to disable the screensaver

Just go ahead and run ComboFix.exe there

Is your other PC infected ?
  • 0

#10
Kashink
Posted 29 April 2008 - 12:34 PM

Kashink

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
I don't think the other PC is infected, no symptoms.

Okay, now I have everything you asked for. The Recovery Console did not install, although I followed ths instructions on the Geekstogo website. Shall I install it now?

First, the HiJackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:14:06, on 2008-04-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Acer\Bio-Protection fingerprint solution\PdtWzd.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Le Robert\Le Robert & Collins\rcwinHyper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\GENEVI~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Bio-Protection fingerprint solution\FPLaunch.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Geneviève Raymond\Mes documents\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/defaultf.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://cf.rd.yahoo.c...://cf.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand201013011.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Bio-Protection fingerprint solution\PdtWzd.exe" show
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\WINDOWS\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [rcwinHyper] C:\Program Files\Le Robert\Le Robert & Collins\rcwinHyper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Bio-Protection fingerprint solution\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Bio-Protection fingerprint solution\PwdBank.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1199474406068
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Bio-Protection fingerprint solution\WinNotify.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 9704 bytes


Second, the HiJackThis uninstall log:

A Quiet Weekend in Capri
Acer Bio-Protection fingerprint solution 3.0.1.1
Acer Crystal Eye webcam
Acer Crystal Eye webcam
Acer eDataSecurity Management
Acer eDataSecurity Management 2.0.4088
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer ScreenSaver
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 8.1.2 - Français
AGON - The Lost Sword of Toledo
Antidote RX v2
Archiveur WinRAR
ATI - Utilitaire de désinstallation du logiciel
ATI Catalyst Control Center
ATI Display Driver
AuthenTec Fingerprint Sensor Minimum Install
Broadcom Gigabit Integrated Controller
Catalyst Control Center - Branding
Client MetaFrame Presentation Server
Copernic Agent Basic
Copernic Desktop Search 2
Correctif pour Windows Internet Explorer 7 (KB947864)
Correctif pour Windows XP (KB896256)
Correctif pour Windows XP (KB909667)
Correctif pour Windows XP (KB914440)
Correctif pour Windows XP (KB914642)
Correctif pour Windows XP (KB918005)
Correctif pour Windows XP (KB935448)
Correctif Windows XP - KB873339
Correctif Windows XP - KB885835
Correctif Windows XP - KB885836
Correctif Windows XP - KB885855
Correctif Windows XP - KB885884
Correctif Windows XP - KB886185
Correctif Windows XP - KB887472
Correctif Windows XP - KB888302
Correctif Windows XP - KB890859
Correctif Windows XP - KB891781
Désinstaller Le Petit Robert de la langue française
Diego
FileMaker Pro 4.0
FLS-4 Driver Installation
HDAUDIO Soft Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Intel® Matrix Storage Manager
Intel® PROSet/Wireless Software
Java™ 6 Update 4
Launch Manager
LIMBO of the LOST 1.0
LimeWire 4.16.3
Magicama
Malwarebytes' Anti-Malware
mCore
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Standard
Microsoft Visual C++ 2005 Redistributable
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
Mise à jour de sécurité pour Windows XP (KB893756)
Mise à jour de sécurité pour Windows XP (KB896358)
Mise à jour de sécurité pour Windows XP (KB896423)
Mise à jour de sécurité pour Windows XP (KB896428)
Mise à jour de sécurité pour Windows XP (KB899587)
Mise à jour de sécurité pour Windows XP (KB899591)
Mise à jour de sécurité pour Windows XP (KB900725)
Mise à jour de sécurité pour Windows XP (KB901017)
Mise à jour de sécurité pour Windows XP (KB901190)
Mise à jour de sécurité pour Windows XP (KB901214)
Mise à jour de sécurité pour Windows XP (KB902400)
Mise à jour de sécurité pour Windows XP (KB905414)
Mise à jour de sécurité pour Windows XP (KB905749)
Mise à jour de sécurité pour Windows XP (KB908519)
Mise à jour de sécurité pour Windows XP (KB911562)
Mise à jour de sécurité pour Windows XP (KB911927)
Mise à jour de sécurité pour Windows XP (KB913580)
Mise à jour de sécurité pour Windows XP (KB914388)
Mise à jour de sécurité pour Windows XP (KB914389)
Mise à jour de sécurité pour Windows XP (KB917953)
Mise à jour de sécurité pour Windows XP (KB918118)
Mise à jour de sécurité pour Windows XP (KB918439)
Mise à jour de sécurité pour Windows XP (KB919007)
Mise à jour de sécurité pour Windows XP (KB920213)
Mise à jour de sécurité pour Windows XP (KB920670)
Mise à jour de sécurité pour Windows XP (KB920683)
Mise à jour de sécurité pour Windows XP (KB920685)
Mise à jour de sécurité pour Windows XP (KB921503)
Mise à jour de sécurité pour Windows XP (KB922819)
Mise à jour de sécurité pour Windows XP (KB923191)
Mise à jour de sécurité pour Windows XP (KB923414)
Mise à jour de sécurité pour Windows XP (KB923689)
Mise à jour de sécurité pour Windows XP (KB923980)
Mise à jour de sécurité pour Windows XP (KB924270)
Mise à jour de sécurité pour Windows XP (KB924667)
Mise à jour de sécurité pour Windows XP (KB925902)
Mise à jour de sécurité pour Windows XP (KB926255)
Mise à jour de sécurité pour Windows XP (KB926436)
Mise à jour de sécurité pour Windows XP (KB927779)
Mise à jour de sécurité pour Windows XP (KB927802)
Mise à jour de sécurité pour Windows XP (KB928255)
Mise à jour de sécurité pour Windows XP (KB929123)
Mise à jour de sécurité pour Windows XP (KB930178)
Mise à jour de sécurité pour Windows XP (KB931261)
Mise à jour de sécurité pour Windows XP (KB931768)
Mise à jour de sécurité pour Windows XP (KB931784)
Mise à jour de sécurité pour Windows XP (KB932168)
Mise à jour de sécurité pour Windows XP (KB933566)
Mise à jour de sécurité pour Windows XP (KB933729)
Mise à jour de sécurité pour Windows XP (KB935839)
Mise à jour de sécurité pour Windows XP (KB935840)
Mise à jour de sécurité pour Windows XP (KB936021)
Mise à jour de sécurité pour Windows XP (KB937894)
Mise à jour de sécurité pour Windows XP (KB938127)
Mise à jour de sécurité pour Windows XP (KB938829)
Mise à jour de sécurité pour Windows XP (KB941202)
Mise à jour de sécurité pour Windows XP (KB941568)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB941644)
Mise à jour de sécurité pour Windows XP (KB941693)
Mise à jour de sécurité pour Windows XP (KB942615)
Mise à jour de sécurité pour Windows XP (KB943055)
Mise à jour de sécurité pour Windows XP (KB943460)
Mise à jour de sécurité pour Windows XP (KB943485)
Mise à jour de sécurité pour Windows XP (KB944653)
Mise à jour de sécurité pour Windows XP (KB945553)
Mise à jour de sécurité pour Windows XP (KB946026)
Mise à jour de sécurité pour Windows XP (KB948590)
Mise à jour de sécurité pour Windows XP (KB948881)
Mise à jour pour Windows XP (KB894391)
Mise à jour pour Windows XP (KB898461)
Mise à jour pour Windows XP (KB900485)
Mise à jour pour Windows XP (KB904942)
Mise à jour pour Windows XP (KB908531)
Mise à jour pour Windows XP (KB910437)
Mise à jour pour Windows XP (KB911280)
Mise à jour pour Windows XP (KB912945)
Mise à jour pour Windows XP (KB916595)
Mise à jour pour Windows XP (KB920872)
Mise à jour pour Windows XP (KB922582)
Mise à jour pour Windows XP (KB927891)
Mise à jour pour Windows XP (KB929338)
Mise à jour pour Windows XP (KB930916)
Mise à jour pour Windows XP (KB936357)
Mise à jour pour Windows XP (KB938828)
Mise à jour pour Windows XP (KB942763)
Mise à jour pour Windows XP (KB942840)
mMHouse
MobiMB Mobile Media Browser
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Multidictionnaire
mWlsSafe
NOD32 Antivirus System
Nokia Connectivity Adapter DKU-5
Nortel Networks Contivity VPN Client
NTI Backup NOW! 4.7
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
NTI Shadow
NTI Shadow
OpenAL
PowerDVD
PowerISO
Psychonauts
Realtek High Definition Audio Driver
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
The Experiment
Webshots Desktop
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7


Third, the ComboFix (French) log:

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ACER.exe
C:\WINDOWS\system32\cwaxhvgv.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\winhelp.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-28 to 2008-04-29 ))))))))))))))))))))))))))))))))))))
.

2008-04-28 16:17 . 2008-04-28 17:19 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-28 16:17 . 2008-04-28 16:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-28 16:16 . 2008-04-28 16:16 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-28 12:45 . 2004-08-04 00:54 116,736 --a------ C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-04-28 12:45 . 2001-08-23 17:47 99,865 --a------ C:\WINDOWS\system32\dllcache\xlog.exe
2008-04-28 12:45 . 2001-08-23 17:47 27,648 --a------ C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-04-28 12:45 . 2001-08-23 17:47 23,040 --a------ C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-04-28 12:45 . 2004-08-03 22:29 19,455 --a------ C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-04-28 12:45 . 2001-08-23 17:47 17,408 --a------ C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-04-28 12:45 . 2001-08-17 20:11 16,970 --a------ C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-04-28 12:45 . 2004-08-03 22:29 12,063 --a------ C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-04-28 12:45 . 2001-08-23 17:47 4,608 --a------ C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-04-28 12:43 . 2001-08-17 21:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
2008-04-28 12:42 . 2001-08-23 17:47 525,568 --a------ C:\WINDOWS\system32\dllcache\tridxp.dll
2008-04-28 12:41 . 2001-08-23 16:57 286,848 --a------ C:\WINDOWS\system32\dllcache\stlnata.sys
2008-04-28 12:40 . 2001-08-23 17:46 147,200 --a------ C:\WINDOWS\system32\dllcache\smidispb.dll
2008-04-28 12:39 . 2004-08-03 22:41 404,990 --a------ C:\WINDOWS\system32\dllcache\slntamr.sys
2008-04-28 12:38 . 2001-08-23 17:47 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
2008-04-28 12:37 . 2001-08-23 17:18 899,914 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-04-28 12:36 . 2004-08-04 00:53 259,328 --a------ C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-04-28 12:35 . 2004-08-04 00:54 4,274,816 --a------ C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-04-28 12:34 . 2004-08-04 00:54 1,737,856 --a------ C:\WINDOWS\system32\dllcache\mtxparhd.dll
2008-04-28 12:33 . 2001-08-17 21:28 802,683 --a------ C:\WINDOWS\system32\dllcache\ltsm.sys
2008-04-28 12:32 . 2001-08-23 17:00 728,554 --a------ C:\WINDOWS\system32\dllcache\ltck000c.sys
2008-04-28 12:31 . 2004-08-03 22:41 1,041,536 --a------ C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
2008-04-28 12:30 . 2001-08-23 17:19 908,000 --a------ C:\WINDOWS\system32\dllcache\hcf_msft.sys
2008-04-28 12:29 . 2001-08-23 17:46 1,733,120 --a------ C:\WINDOWS\system32\dllcache\g400d.dll
2008-04-28 12:28 . 2001-08-17 20:14 952,007 --a------ C:\WINDOWS\system32\dllcache\diwan.sys
2008-04-28 12:27 . 2001-08-23 17:04 980,034 --a------ C:\WINDOWS\system32\dllcache\cicap.sys
2008-04-28 12:26 . 2001-08-17 21:28 871,388 --a------ C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-04-28 12:25 . 2001-08-17 21:28 762,780 --a------ C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-04-28 11:35 . 2008-04-28 11:57 <REP> d-------- C:\VundoFix Backups
2008-04-28 09:54 . 2008-04-28 09:54 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-28 09:54 . 2008-04-28 09:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-27 13:04 . 2008-04-28 09:57 109,785 --a------ C:\WINDOWS\BM43d62990.xml
2008-04-26 11:11 . 2008-04-26 11:11 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-26 09:43 . 2008-04-26 09:43 <REP> d-------- C:\Program Files\MSXML 4.0
2008-04-26 09:05 . 2008-04-26 09:10 195 --a------ C:\WINDOWS\system32\test.aok
2008-04-26 09:05 . 2008-04-26 09:19 194 --a------ C:\WINDOWS\system32\temp_0000_85-19.aok
2008-04-25 18:59 . 2008-04-25 18:59 <REP> d-------- C:\Program Files\Fichiers communs\LogoManager
2008-04-25 18:58 . 2008-04-25 19:03 <REP> d-------- C:\Program Files\MobiMB Mobile Media Browser
2008-04-25 18:39 . 2008-04-25 18:39 1,438 --a------ C:\phoneinfo.ini
2008-04-25 18:39 . 2008-04-26 10:56 24 --a------ C:\WINDOWS\fls1.ini
2008-04-25 18:36 . 2008-04-25 18:36 256 --a------ C:\dk2.mem
2008-04-25 18:33 . 1999-05-10 13:16 29,246 -ra------ C:\WINDOWS\system32\DK2WN95.386
2008-04-25 18:32 . 2001-03-01 06:54 12,965 -ra------ C:\WINDOWS\system32\DK2DRVS.isu
2008-04-25 18:30 . 2008-04-25 18:30 <REP> d-------- C:\Program Files\Nokia Mobile Phones
2008-04-25 18:30 . 2008-04-25 18:30 <REP> d-------- C:\Program Files\Nokia
2008-04-25 18:30 . 2008-04-25 18:30 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2008-04-11 17:57 . 2008-04-11 22:32 40 --a------ C:\WINDOWS\NAVIGMA.INI
2008-04-04 16:28 . 2008-04-04 16:28 <REP> d-------- C:\Program Files\Fichiers communs\Adobe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 17:46 --------- d-----w C:\Program Files\Launch Manager
2008-04-28 17:41 --------- d-----w C:\Program Files\Nortel Networks
2008-04-28 15:43 --------- d-----w C:\Program Files\PowerISO
2008-04-28 13:52 --------- d-----w C:\Program Files\Common Files
2008-04-27 23:36 --------- d-----w C:\Program Files\Jeux
2008-04-27 18:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-05 20:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 20:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 20:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 19:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 19:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
2008-03-01 22:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 03:01 --------- d-----w C:\Program Files\AGEIA Technologies
2008-02-22 10:00 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 21:30 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-06 03:07 462,864 ----a-w C:\WINDOWS\system32\d3dx10_37.dll
2008-01-08 12:15 1,243,648 ----a-w C:\Program Files\FileMaker Pro.exe
1997-09-15 01:59 612,864 -c--a-w C:\Program Files\FMTOOLS.DLL
1997-09-15 01:59 431,104 -c--a-w C:\Program Files\FMRSRC.DLL
1997-09-15 01:59 165,376 -c--a-w C:\Program Files\FMENGINE.DLL
1997-09-15 01:56 101,376 -c--a-w C:\Program Files\FMOLE.DLL
1997-09-15 01:24 19,712 -c--a-w C:\Program Files\README.WRI
1997-09-15 01:22 806,962 -c--a-w C:\Program Files\fmpro40.hlp
1997-09-15 01:22 33,343 -c--a-w C:\Program Files\FMPro40.cnt
1997-09-15 01:22 16 -c--a-w C:\Program Files\Fmpro40.GID
1997-09-15 01:22 16 -c--a-w C:\Program Files\Fmpro40.FTS
1997-09-15 01:04 261,120 -c--a-w C:\Program Files\clproof.dll
1997-09-15 01:04 125,952 -c--a-w C:\Program Files\CLLNGENU.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"rcwinHyper"="C:\Program Files\Le Robert\Le Robert & Collins\rcwinHyper.exe" [2005-08-09 16:07 155648]
"eNMTray.exe"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 23:00 15360]
"Copernic Desktop Search 2"="C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" [2007-08-01 14:26 1514016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="C:\Windows\RUNXMLPL.exe" [2007-04-20 20:56 20480]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 07:00 174872]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 10:32 761945]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 10:32 16132608 C:\WINDOWS\RTHDCPL.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 13:51 53248]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 23:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 23:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 23:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 23:00 455168]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 23:26 68640]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"ZPdtWzdVitaKey MC3000"="C:\Program Files\Acer\Bio-Protection fingerprint solution\PdtWzd.exe" [2008-01-04 21:09 3805184]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2007-03-02 12:25 208896]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-07-04 12:44 475136]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 23:12 579584]
"eLockMonitor"="C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe" [ ]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-05-28 16:56 342528]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 15:07 421888]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-10-17 13:59 858632]
"PLFSet"="C:\WINDOWS\PLFSet.dll" [2007-04-24 12:49 45056]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-01-08 09:10 949376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 04:42 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 23:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-04-28 17:19 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
C:\Program Files\Acer\Bio-Protection fingerprint solution\WinNotify.dll 2008-01-04 21:09 2803200 C:\Program Files\Acer\Bio-Protection fingerprint solution\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Nortel Networks\\Extranet.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=

R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 14:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 19:08]
R2 FLE5WNNT;FLE-5 WindowsNT Driver;C:\WINDOWS\System32\Drivers\fle5wnnt.sys [2008-04-25 18:30]
R2 FLSIFACE;FLSIface;C:\WINDOWS\System32\Drivers\flsiface.sys [2008-04-25 18:30]
R2 FLSPAR;FLSPar;C:\WINDOWS\System32\Drivers\flspar.sys [2008-04-25 18:30]
R2 FLSSER;FLSSer;C:\WINDOWS\System32\Drivers\flsser.sys [2008-04-25 18:30]
R2 FLSVCOM;FLSVCom;C:\WINDOWS\System32\Drivers\flsvcom.sys [2008-04-25 18:30]
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2003-07-18 19:34]
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2003-07-18 19:33]
R3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2007-05-28 16:54]
R3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2007-05-28 16:55]
S2 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2003-07-18 19:33]
S3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 23:00]

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 14:00:00
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\ESET\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\GENEVI~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Bio-Protection fingerprint solution\FPLaunch.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-29 14:02:02 - machine was rebooted [GeneviŠve]
ComboFix-quarantined-files.txt 2008-04-29 18:01:58

Pre-Run: 25,959,051,264 octets libres
Post-Run: 25,893,453,824 octets libres

221 --- E O F --- 2008-04-26 13:43:52


:)
  • 0

Advertisements

#11
Rorschach112
Posted 29 April 2008 - 03:57 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\BM43d62990.xml

Sysrst::

Registry::

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Also post a new HijackThis log
  • 0

#12
Kashink
Posted 29 April 2008 - 04:59 PM

Kashink

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
ComboFix log

Resident AV is active


AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\WINDOWS\BM43d62990.xml
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-28 to 2008-04-29 ))))))))))))))))))))))))))))))))))))
.

2008-04-29 14:02 . 2008-04-29 14:02 <REP> d-------- C:\Documents and Settings\GeneviÞve Raymond
2008-04-28 16:17 . 2008-04-28 17:19 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-28 16:17 . 2008-04-28 16:17 <REP> d-------- C:\Documents and Settings\Geneviève Raymond\Application Data\SUPERAntiSpyware.com
2008-04-28 16:17 . 2008-04-28 16:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-28 16:16 . 2008-04-28 16:16 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-28 12:45 . 2004-08-04 00:54 116,736 --a------ C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-04-28 12:45 . 2001-08-23 17:47 99,865 --a------ C:\WINDOWS\system32\dllcache\xlog.exe
2008-04-28 12:45 . 2001-08-23 17:47 27,648 --a------ C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-04-28 12:45 . 2001-08-23 17:47 23,040 --a------ C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-04-28 12:45 . 2004-08-03 22:29 19,455 --a------ C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-04-28 12:45 . 2001-08-23 17:47 17,408 --a------ C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-04-28 12:45 . 2001-08-17 20:11 16,970 --a------ C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-04-28 12:45 . 2004-08-03 22:29 12,063 --a------ C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-04-28 12:45 . 2001-08-23 17:47 4,608 --a------ C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-04-28 12:43 . 2001-08-17 21:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
2008-04-28 12:42 . 2001-08-23 17:47 525,568 --a------ C:\WINDOWS\system32\dllcache\tridxp.dll
2008-04-28 12:41 . 2001-08-23 16:57 286,848 --a------ C:\WINDOWS\system32\dllcache\stlnata.sys
2008-04-28 12:40 . 2001-08-23 17:46 147,200 --a------ C:\WINDOWS\system32\dllcache\smidispb.dll
2008-04-28 12:39 . 2004-08-03 22:41 404,990 --a------ C:\WINDOWS\system32\dllcache\slntamr.sys
2008-04-28 12:38 . 2001-08-23 17:47 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
2008-04-28 12:37 . 2001-08-23 17:18 899,914 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-04-28 12:36 . 2004-08-04 00:53 259,328 --a------ C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-04-28 12:35 . 2004-08-04 00:54 4,274,816 --a------ C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-04-28 12:34 . 2004-08-04 00:54 1,737,856 --a------ C:\WINDOWS\system32\dllcache\mtxparhd.dll
2008-04-28 12:33 . 2001-08-17 21:28 802,683 --a------ C:\WINDOWS\system32\dllcache\ltsm.sys
2008-04-28 12:32 . 2001-08-23 17:00 728,554 --a------ C:\WINDOWS\system32\dllcache\ltck000c.sys
2008-04-28 12:31 . 2004-08-03 22:41 1,041,536 --a------ C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
2008-04-28 12:30 . 2001-08-23 17:19 908,000 --a------ C:\WINDOWS\system32\dllcache\hcf_msft.sys
2008-04-28 12:29 . 2001-08-23 17:46 1,733,120 --a------ C:\WINDOWS\system32\dllcache\g400d.dll
2008-04-28 12:28 . 2001-08-17 20:14 952,007 --a------ C:\WINDOWS\system32\dllcache\diwan.sys
2008-04-28 12:27 . 2001-08-23 17:04 980,034 --a------ C:\WINDOWS\system32\dllcache\cicap.sys
2008-04-28 12:26 . 2001-08-17 21:28 871,388 --a------ C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-04-28 12:25 . 2001-08-17 21:28 762,780 --a------ C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-04-28 11:35 . 2008-04-28 11:57 <REP> d-------- C:\VundoFix Backups
2008-04-28 09:54 . 2008-04-28 09:54 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-28 09:54 . 2008-04-28 09:54 <REP> d-------- C:\Documents and Settings\Geneviève Raymond\Application Data\Malwarebytes
2008-04-28 09:54 . 2008-04-28 09:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-26 11:17 . 2008-04-26 11:17 <REP> d-------- C:\Documents and Settings\Geneviève Raymond\Application Data\DAEMON Tools Pro
2008-04-26 11:11 . 2008-04-26 11:11 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-26 09:43 . 2008-04-26 09:43 <REP> d-------- C:\Program Files\MSXML 4.0
2008-04-26 09:05 . 2008-04-26 09:10 195 --a------ C:\WINDOWS\system32\test.aok
2008-04-26 09:05 . 2008-04-26 09:19 194 --a------ C:\WINDOWS\system32\temp_0000_85-19.aok
2008-04-25 18:59 . 2008-04-25 18:59 <REP> d-------- C:\Program Files\Fichiers communs\LogoManager
2008-04-25 18:58 . 2008-04-25 19:03 <REP> d-------- C:\Program Files\MobiMB Mobile Media Browser
2008-04-25 18:39 . 2008-04-25 18:39 1,438 --a------ C:\phoneinfo.ini
2008-04-25 18:39 . 2008-04-26 10:56 24 --a------ C:\WINDOWS\fls1.ini
2008-04-25 18:36 . 2008-04-25 18:36 256 --a------ C:\dk2.mem
2008-04-25 18:33 . 1999-05-10 13:16 29,246 -ra------ C:\WINDOWS\system32\DK2WN95.386
2008-04-25 18:32 . 2001-03-01 06:54 12,965 -ra------ C:\WINDOWS\system32\DK2DRVS.isu
2008-04-25 18:30 . 2008-04-25 18:30 <REP> d-------- C:\Program Files\Nokia Mobile Phones
2008-04-25 18:30 . 2008-04-25 18:30 <REP> d-------- C:\Program Files\Nokia
2008-04-25 18:30 . 2008-04-25 18:30 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2008-04-11 17:57 . 2008-04-11 22:32 40 --a------ C:\WINDOWS\NAVIGMA.INI
2008-04-04 16:28 . 2008-04-04 16:28 <REP> d-------- C:\Program Files\Fichiers communs\Adobe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 20:52 --------- d-----w C:\Program Files\Nortel Networks
2008-04-29 19:21 --------- d-----w C:\Program Files\Launch Manager
2008-04-28 15:43 --------- d-----w C:\Program Files\PowerISO
2008-04-28 13:52 --------- d-----w C:\Program Files\Common Files
2008-04-27 23:36 --------- d-----w C:\Program Files\Jeux
2008-04-27 21:58 --------- d-----w C:\Documents and Settings\Geneviève Raymond\Application Data\LimeWire
2008-04-27 18:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-05 20:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 20:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 20:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 19:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 19:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
2008-03-01 22:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 03:01 --------- d-----w C:\Program Files\AGEIA Technologies
2008-02-22 10:00 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 21:30 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-06 03:07 462,864 ----a-w C:\WINDOWS\system32\d3dx10_37.dll
2008-01-08 12:15 1,243,648 ----a-w C:\Program Files\FileMaker Pro.exe
1997-09-15 01:59 612,864 -c--a-w C:\Program Files\FMTOOLS.DLL
1997-09-15 01:59 431,104 -c--a-w C:\Program Files\FMRSRC.DLL
1997-09-15 01:59 165,376 -c--a-w C:\Program Files\FMENGINE.DLL
1997-09-15 01:56 101,376 -c--a-w C:\Program Files\FMOLE.DLL
1997-09-15 01:24 19,712 -c--a-w C:\Program Files\README.WRI
1997-09-15 01:22 806,962 -c--a-w C:\Program Files\fmpro40.hlp
1997-09-15 01:22 33,343 -c--a-w C:\Program Files\FMPro40.cnt
1997-09-15 01:22 16 -c--a-w C:\Program Files\Fmpro40.GID
1997-09-15 01:22 16 -c--a-w C:\Program Files\Fmpro40.FTS
1997-09-15 01:04 261,120 -c--a-w C:\Program Files\clproof.dll
1997-09-15 01:04 125,952 -c--a-w C:\Program Files\CLLNGENU.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"rcwinHyper"="C:\Program Files\Le Robert\Le Robert & Collins\rcwinHyper.exe" [2005-08-09 16:07 155648]
"eNMTray.exe"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 23:00 15360]
"Copernic Desktop Search 2"="C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" [2007-08-01 14:26 1514016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="C:\Windows\RUNXMLPL.exe" [2007-04-20 20:56 20480]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 07:00 174872]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 10:32 761945]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 10:32 16132608 C:\WINDOWS\RTHDCPL.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 13:51 53248]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 23:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 23:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 23:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 23:00 455168]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 23:26 68640]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"ZPdtWzdVitaKey MC3000"="C:\Program Files\Acer\Bio-Protection fingerprint solution\PdtWzd.exe" [2008-01-04 21:09 3805184]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2007-03-02 12:25 208896]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-07-04 12:44 475136]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 23:12 579584]
"eLockMonitor"="C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe" [ ]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-05-28 16:56 342528]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 15:07 421888]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-10-17 13:59 858632]
"PLFSet"="C:\WINDOWS\PLFSet.dll" [2007-04-24 12:49 45056]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-01-08 09:10 949376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 04:42 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 23:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-04-28 17:19 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
C:\Program Files\Acer\Bio-Protection fingerprint solution\WinNotify.dll 2008-01-04 21:09 2803200 C:\Program Files\Acer\Bio-Protection fingerprint solution\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Nortel Networks\\Extranet.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=

R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 14:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 19:08]
R2 FLE5WNNT;FLE-5 WindowsNT Driver;C:\WINDOWS\System32\Drivers\fle5wnnt.sys [2008-04-25 18:30]
R2 FLSIFACE;FLSIface;C:\WINDOWS\System32\Drivers\flsiface.sys [2008-04-25 18:30]
R2 FLSPAR;FLSPar;C:\WINDOWS\System32\Drivers\flspar.sys [2008-04-25 18:30]
R2 FLSSER;FLSSer;C:\WINDOWS\System32\Drivers\flsser.sys [2008-04-25 18:30]
R2 FLSVCOM;FLSVCom;C:\WINDOWS\System32\Drivers\flsvcom.sys [2008-04-25 18:30]
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2003-07-18 19:34]
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2003-07-18 19:33]
R3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2007-05-28 16:54]
R3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2007-05-28 16:55]
S2 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2003-07-18 19:33]
S3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 23:00]

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 18:47:52
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LO
.
Temps d'accomplissement: 2008-04-29 18:48:23
ComboFix-quarantined-files.txt 2008-04-29 22:48:20
ComboFix2.txt 2008-04-29 22:44:43
ComboFix3.txt 2008-04-29 18:02:02

Pre-Run: 25,949,450,240 octets libres
Post-Run: 25,934,917,632 octets libres

195 --- E O F --- 2008-04-26 13:43:52


HighJackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:40, on 2008-04-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Acer\Bio-Protection fingerprint solution\PdtWzd.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Le Robert\Le Robert & Collins\rcwinHyper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Bio-Protection fingerprint solution\FPLaunch.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Geneviève Raymond\Mes documents\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/defaultf.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://cf.rd.yahoo.c...://cf.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand201013011.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Bio-Protection fingerprint solution\PdtWzd.exe" show
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\WINDOWS\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [rcwinHyper] C:\Program Files\Le Robert\Le Robert & Collins\rcwinHyper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Bio-Protection fingerprint solution\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Bio-Protection fingerprint solution\PwdBank.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1199474406068
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Bio-Protection fingerprint solution\WinNotify.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 9619 bytes
  • 0

#13
Rorschach112
Posted 29 April 2008 - 05:03 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Ok nearly done

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Also tell me how your PC is running
  • 0

#14
Kashink
Posted 29 April 2008 - 06:13 PM

Kashink

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
The PC is running fine, never had any kind of symptom or alarming actions.

Here is the result of the Kaspersky scan:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, April 29, 2008 8:10:54 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/04/2008
Kaspersky Anti-Virus database records: 731993
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 60939
Number of viruses found: 5
Number of infected objects: 12
Number of suspicious objects: 0
Duration of the scan process: 00:50:36

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Geneviève Raymond\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Geneviève Raymond\Local Settings\Application Data\ApplicationHistory\ePower_DMC.exe.3ca0acde.ini.inuse Object is locked skipped
C:\Documents and Settings\Geneviève Raymond\Local Settings\Application Data\ApplicationHistory\ePresentation.exe.e70224e9.ini.inuse Object is locked skipped
C:\Documents and Settings\Geneviève Raymond\Local Settings\Application Data\Copernic\DesktopSearch2\Index\MainChunk\ChunkSCLF.dat Object is locked skipped
C:\Documents and Settings\Geneviève Raymond\Local Settings\Application Data\Copernic\DesktopSearch2\Index\MainChunk\DocumentsFD.dat Object is locked skipped
C:\Documents and Settings\Geneviève Raymond\Local Settings\Application Data\Copernic\DesktopSearch2\Index\MainChunk\DocumentsID.dat Object is locked skipped
C:\Documents and Settings\Geneviève Raymond\Local Settings\Application Data\Copernic\DesktopSearch2\Index\MainChunk\DocumentsSD.dat Object is locked skipped
C:\Documents and Settings\Geneviève Raymond\Local Settings\Application Data\Copernic\DesktopSearch2\Index\MainChunk\KeywordsDBT.dat Object is locked skipped
C:\Documents and Settings\Geneviève Raymond\Local Settings\Application Data\Copernic\DesktopSearch2\Index\MainChunk\KeywordsDL.dat Object is locked skipped
C:\Documents and Settings\Geneviève Raymond\Local Settings\Application Data\Copernic\DesktopSearch2\Index\MainChunk\KeywordsIBT.dat Object is locked skipped
C:\Documents and Settings\Geneviève Raymond\Local Settings\Application Data\Copernic\DesktopSearch2\Index\MainChunk\KeywordsP.dat Object is locked skipped
C:\Documents and Settings\Geneviève Raymond\Local Settings\Application Data\Copernic\DesktopSearch2\Index\MainChunk\KeywordsSBT.dat Object is locked skipped
C:\Documents and Settings\Geneviève Raymond\Local Settings\Application Data\Copernic\DesktopSearch2\Logs\20080429.log Object is locked skipped
C:\Documents and Settings\Geneviève Raymond\Local Settings\Application Data\Copernic\DesktopSearch2\Queue\MainChunk\IndexingQueueDf.dat Object is locked skipped
C:\Documents and Settings\Geneviève Raymond\Local Settings\Application Data\Copernic\DesktopSearch2\Queue\MainChunk\IndexingQueueTt.dat Object is locked skipped
C:\Documents and Settings\Geneviève Raymond\Local Settings\Application Data\Copernic\DesktopSearch2\Queue\MainChunk\IndexingQueueUt.dat Object is locked skipped
C:\Documents and Settings\Geneviève Raymond\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Geneviève Raymond\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Geneviève Raymond\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Geneviève Raymond\Local Settings\Temp\Perflib_Perfdata_cc8.dat Object is locked skipped
C:\Documents and Settings\Geneviève Raymond\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Geneviève Raymond\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Geneviève Raymond\Mes documents\Réception\Programmes\Nokia\Theme Studio\S40_Theme_Studio_2.0.0.rar/S40_Theme_Studio_2.0.0/Nokia_S40_TS_2_0_Install.exe/InstallerData/Disk1/InstData/Resource1.zip/$IA_PROJECT_DIR$/mod/Nokia_Update_Manager_2.0.iam.zip/$IA_MERGE_RESOURCES$/Nokia Update Manager_1089400767187/82445afc5a0788962f2bf8c9f3d8bd3c/pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.103 skipped
C:\Documents and Settings\Geneviève Raymond\Mes documents\Réception\Programmes\Nokia\Theme Studio\S40_Theme_Studio_2.0.0.rar/S40_Theme_Studio_2.0.0/Nokia_S40_TS_2_0_Install.exe/InstallerData/Disk1/InstData/Resource1.zip/$IA_PROJECT_DIR$/mod/Nokia_Update_Manager_2.0.iam.zip/$IA_MERGE_RESOURCES$/Nokia Update Manager_1089400767187/82445afc5a0788962f2bf8c9f3d8bd3c/Shut_Down_UMC.exe Infected: not-a-virus:RiskTool.Win32.PsKill.103 skipped
C:\Documents and Settings\Geneviève Raymond\Mes documents\Réception\Programmes\Nokia\Theme Studio\S40_Theme_Studio_2.0.0.rar/S40_Theme_Studio_2.0.0/Nokia_S40_TS_2_0_Install.exe/InstallerData/Disk1/InstData/Resource1.zip/$IA_PROJECT_DIR$/mod/Nokia_Update_Manager_2.0.iam.zip Infected: not-a-virus:RiskTool.Win32.PsKill.103 skipped
C:\Documents and Settings\Geneviève Raymond\Mes documents\Réception\Programmes\Nokia\Theme Studio\S40_Theme_Studio_2.0.0.rar/S40_Theme_Studio_2.0.0/Nokia_S40_TS_2_0_Install.exe/InstallerData/Disk1/InstData/Resource1.zip Infected: not-a-virus:RiskTool.Win32.PsKill.103 skipped
C:\Documents and Settings\Geneviève Raymond\Mes documents\Réception\Programmes\Nokia\Theme Studio\S40_Theme_Studio_2.0.0.rar/S40_Theme_Studio_2.0.0/Nokia_S40_TS_2_0_Install.exe Infected: not-a-virus:RiskTool.Win32.PsKill.103 skipped
C:\Documents and Settings\Geneviève Raymond\Mes documents\Réception\Programmes\Nokia\Theme Studio\S40_Theme_Studio_2.0.0.rar RAR: infected - 5 skipped
C:\Documents and Settings\Geneviève Raymond\Mes documents\Réception\Programmes\Nokia\Ultra Mobile 3GP Video Converter + serial (New April 9)\ultra_3gpconverter.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.qrn skipped
C:\Documents and Settings\Geneviève Raymond\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Geneviève Raymond\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\infected\1X3MLOCA.NQF Infected: not-a-virus:AdWare.Win32.Agent.zk skipped
C:\Program Files\ESET\infected\KVVW4WDA.NQF/mite.exe Infected: IM-Worm.Win32.Opanki.be skipped
C:\Program Files\ESET\infected\KVVW4WDA.NQF StarDust: infected - 1 skipped
C:\Program Files\ESET\infected\KVVW4WDA.NQF PE-Crypt.XorPE: infected - 1 skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\System Volume Information\_restore{6B0DEB65-F561-4325-8DB5-D9E61AF012E1}\RP108\A0022279.exe Infected: not-a-virus:Downloader.Win32.WinFixer.fs skipped
C:\System Volume Information\_restore{6B0DEB65-F561-4325-8DB5-D9E61AF012E1}\RP110\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{9F5046C7-56A3-49AF-AA0D-E01EC066A01C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_bdc.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{6B0DEB65-F561-4325-8DB5-D9E61AF012E1}\RP110\change.log Object is locked skipped

Scan process completed.
  • 0

#15
Rorschach112
Posted 29 April 2008 - 06:17 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\Documents and Settings\Geneviève Raymond\Mes documents\Réception\Programmes\Nokia\Ultra Mobile 3GP Video Converter + serial (New April 9)\ultra_3gpconverter.exe 
purity 
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP