Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Virtumonde? [RESOLVED]

Started by iclover , May 27 2008 03:26 PM

This topic is locked

#1
iclover

Posted 27 May 2008 - 03:26 PM

Member

Member
10 posts

Hi,
My computer is infected, a week ago i started noticing that i couldn't access internet right. When try opening firefox the home page would open but as soon as i made a google seach or wanted to see my emails i couldn't... I can't do anything... I'm typping this message for a friend's computer.

When launching spybot, i get this:
Virtumonde.dll
Zedo (cookies)
Doubleclick (cookies)
Mediaplex (cookies)
Tradedoubler (cookies)

But when I try fixing it, Spybot feezes...

Here is my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:21:48, on 27/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\yz_dck0083\YzDock.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [isCfgWiz] "C:\Program Files\Fichiers communs\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [e8c34cf4] rundll32.exe "C:\WINDOWS\system32\gqkmccqf.dll",b
O4 - HKLM\..\Run: [BMebf07f68] Rundll32.exe "C:\WINDOWS\system32\jbmlindy.dll",s
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\Dupong IrËne\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Dupong IrËne\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Setup.exe" "/REALUPREBOOT /temp /patched"
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA1392] command /c del "C:\WINDOWS\system32\olrmahnh.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7426] cmd /c del "C:\WINDOWS\system32\olrmahnh.dll_old"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acmw] "C:\DOCUME~1\DUPONG~1\MESDOC~1\DOBE~1\dexplore.exe" -vt yazr
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\RunOnce: [SpybotDeletingB3074] command /c del "C:\WINDOWS\system32\olrmahnh.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8780] cmd /c del "C:\WINDOWS\system32\olrmahnh.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE R…SEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Raccourci vers YzDock.lnk = C:\Program Files\yz_dck0083\YzDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Raccourci vers YzDock.lnk = C:\Program Files\yz_dck0083\YzDock.exe (User 'Default user')
O4 - Startup: Raccourci vers YzDock.lnk = C:\Program Files\yz_dck0083\YzDock.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sÈlection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sÈlection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sÈlectionnÈs en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sÈlectionnÈs en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://cloverish.spa...ad/MsnPUpld.cab
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O22 - SharedTaskScheduler: {03413bf7-e34c-445b-bfc0-a2b127255871} - incestuously - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/DUPONG~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

#2
Rorschach112

Posted 27 May 2008 - 03:40 PM

Ralphie

Retired Staff
47,710 posts

Hello

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

#3
iclover

Posted 28 May 2008 - 01:06 AM

Member

Topic Starter
Member
10 posts

Hi,

I ran Combofix but i couldnt get online to do the last step...
I launched Spybot and it says that i still have virtumonde and he can't fix it

This is my combofix log:

AVERTISSEMENT - LA CONSOLE DE R…CUP…RATION N'EST PAS INSTALL…E SUR CETTE MACHINE !!

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Dupong IrËne\Mes documents\DOBE~1

C:\Documents and Settings\Dupong IrËne\Mes documents\DOBE~1\?dobe\

C:\Program Files\outlook

C:\WINDOWS\adober.exe

C:\WINDOWS\BMebf07f68.xml

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\awkudegr.exe

C:\WINDOWS\system32\bqulvirs.dll

C:\WINDOWS\system32\burnkmub.ini

C:\WINDOWS\system32\cbXPjJaw.dll

C:\WINDOWS\system32\ckjshmhp.exe

C:\WINDOWS\system32\cmd.com

C:\WINDOWS\system32\cnrbkhfk.ini

C:\WINDOWS\system32\components

C:\WINDOWS\system32\components\flx1.dll

C:\WINDOWS\system32\ctcnpenw.dll

C:\WINDOWS\system32\ddhhdwdp.dll

C:\WINDOWS\system32\djqixldq.dll

C:\WINDOWS\system32\dvqwpvwk.ini

C:\WINDOWS\system32\eabvqvan.ini

C:\WINDOWS\system32\ejhexlyu.dll

C:\WINDOWS\system32\ensmjxdn.ini

C:\WINDOWS\system32\flxaoeuy.ini

C:\WINDOWS\system32\fpjscrwf.ini

C:\WINDOWS\system32\fqccmkqg.ini

C:\WINDOWS\system32\ghswswyq.ini

C:\WINDOWS\system32\gqkmccqf.dll

C:\WINDOWS\system32\gxtpffrl.ini

C:\WINDOWS\system32\ilsggksb.exe

C:\WINDOWS\system32\jbmlindy.dll

C:\WINDOWS\system32\kscavokq.ini

C:\WINDOWS\system32\kssuvpce.ini

C:\WINDOWS\system32\lutrrrew.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\mxxtibjv.ini

C:\WINDOWS\system32\netstat.com

C:\WINDOWS\system32\ngftghlf.ini

C:\WINDOWS\system32\nmiujuvd.dll

C:\WINDOWS\system32\npqxgfxv.ini

C:\WINDOWS\system32\odtqsjmv.ini

C:\WINDOWS\system32\ping.com

C:\WINDOWS\system32\PoprAcfe.ini

C:\WINDOWS\system32\PoprAcfe.ini2

C:\WINDOWS\system32\pridhimp.dll

C:\WINDOWS\system32\qBaKkRqr.ini

C:\WINDOWS\system32\qBaKkRqr.ini2

C:\WINDOWS\system32\qrylrwyu.exe

C:\WINDOWS\system32\scdrmfbd.dll

C:\WINDOWS\system32\sjiscdre.exe

C:\WINDOWS\system32\soysoyck.exe

C:\WINDOWS\system32\taskkill.com

C:\WINDOWS\system32\tasklist.com

C:\WINDOWS\system32\tracert.com

C:\WINDOWS\system32\uylxehje.ini

C:\WINDOWS\system32\vbhcoarj.ini

C:\WINDOWS\system32\vqkceqnf.exe

C:\WINDOWS\system32\waJjPXbc.ini

C:\WINDOWS\system32\waJjPXbc.ini2

C:\WINDOWS\system32\werrrtul.dll

C:\WINDOWS\system32\wgnitjsw.exe

C:\WINDOWS\system32\wqrvuqod.exe

C:\WINDOWS\system32\wrvjijcq.exe

C:\WINDOWS\system32\xjlnsyvf.exe

C:\WINDOWS\system32\xtnqhayl.exe

C:\WINDOWS\system32\yeuhkmrp.exe

C:\WINDOWS\system32\ylylbevl.exe

C:\WINDOWS\system32\ytydspjh.exe

D:\Autorun.inf

.

((((((((((((((((((((((((((((( Fichiers crÇÇs 2008-04-27 to 2008-05-27 ))))))))))))))))))))))))))))))))))))

.

2008-05-27 23:19 . 2008-05-27 23:19 <REP> d-------- C:\Program Files\Trend Micro

2008-05-25 16:41 . 2008-05-25 16:41 103,488 --------- C:\WINDOWS\system32\ollabiwu.dll_old

2008-05-24 23:19 . 2008-05-24 23:19 206 --a------ C:\WINDOWS\system32\MRT.INI

2008-05-18 15:04 . 2008-05-18 15:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-05-18 11:50 . 2008-05-18 11:50 100,928 --------- C:\WINDOWS\system32\rhblfpam.dll_old

2008-05-17 11:00 . 2008-05-17 11:00 100,928 --------- C:\WINDOWS\system32\cuialfdu.dll_old

2008-05-17 10:57 . 2008-05-17 10:57 275,968 --------- C:\WINDOWS\system32\rqRkKaBq.dll_old

2008-05-12 13:36 . 2008-05-12 13:36 100,416 --------- C:\WINDOWS\system32\uhhpgomj.dll_old

2008-05-10 12:00 . 2008-05-10 12:00 100,416 --------- C:\WINDOWS\system32\upudsnbe.dll_old

2008-05-08 11:57 . 2008-05-08 11:57 105,024 --------- C:\WINDOWS\system32\pgegxbnp.dll_old

2008-05-07 12:05 . 2008-05-27 21:12 680 --a------ C:\WINDOWS\wininit.ini

2008-05-07 11:22 . 2008-05-07 11:22 105,024 --------- C:\WINDOWS\system32\htaqtpsk.dll_old

2008-05-07 11:20 . 2008-05-07 11:20 105,024 --------- C:\WINDOWS\system32\ussshwlu.dll_old

2008-05-05 23:45 . 2008-05-05 23:45 104,000 --------- C:\WINDOWS\system32\uncsawbq.dll_old

2008-05-04 23:44 . 2008-05-04 23:44 104,512 --------- C:\WINDOWS\system32\opnwqiaa.dll_old

2008-05-04 18:08 . 2008-05-04 18:01 691,545 --a------ C:\WINDOWS\unins000.exe

2008-05-04 18:08 . 2008-05-04 18:08 2,552 --a------ C:\WINDOWS\unins000.dat

2008-05-03 23:42 . 2008-05-03 23:42 103,488 --------- C:\WINDOWS\system32\ldknqvmv.dll_old

2008-05-03 12:04 . 2008-05-03 12:04 <REP> d-------- C:\WINDOWS\SxsCaPendDel

2008-05-03 11:40 . 2008-05-03 11:40 281,600 --------- C:\WINDOWS\system32\efcArpoP.dll_old

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-27 21:55 348,160 ----a-w C:\WINDOWS\system32\Msvcr71.dll

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll

2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2006-04-14 07:21 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe

1999-07-07 00:00 6 --sh--r C:\WINDOWS\@[email protected]

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ÇlÇments vides & les ÇlÇments initiaux lÇgitimes ne sont pas listÇs

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51C325F2-00A5-45B2-BB69-E2863E8279E4}]

C:\WINDOWS\system32\efcArpoP.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8BAC0033-AF00-4694-B0CC-169777C79C9B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC7D8DE8-EF3D-4F44-8B54-03759FAC1367}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DDF2660A-891F-41F6-85C4-5D8440218114}]

C:\WINDOWS\system32\rqRkKaBq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

"Acmw"="C:\DOCUME~1\DUPONG~1\MESDOC~1\DOBE~1\dexplore.exe" [ ]

"ares"="C:\Program Files\Ares\Ares.exe" [ ]

"VoipStunt"="C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" [ ]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2005-06-16 15:48 86016]

"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-12-22 01:23 98394]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-12-22 01:23 688218]

"Zshutdown"="c:\sysprep\patch\sysprep.cmd" [ ]

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-05-31 22:46 401408]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-06-03 01:31 385024]

"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-05-31 22:50 356352]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-23 07:27 7286784]

"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 17:06 406016]

"Pinnacle WebUpdater"="C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" [2006-03-26 12:10 380928]

"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36 81920]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-05-02 20:24 180269]

"StandardInstall"="" []

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22 35328]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]

"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]

"isCfgWiz"="C:\Program Files\Fichiers communs\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" [ ]

"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [ ]

"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [ ]

"e8c34cf4"="C:\WINDOWS\system32\fwrcsjpf.dll" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"SymLnch"="C:\Documents and Settings\Dupong IrËne\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"AllowLegacyWebView"= 1 (0x1)

"AllowUnhashedWebView"= 1 (0x1)

"NoBandCustomize"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoBandCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXnnkiG]

cbXnnkiG.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2005-05-31 22:46 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winopn32]

winopn32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.asv2"= asusasv2.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu DÈmarrer^Programmes^DÈmarrage^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu DÈmarrer\Programmes\DÈmarrage\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]

--a------ 2005-07-28 09:29 102400 C:\WINDOWS\ATK0100\HControl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2004-09-13 15:49 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NB Probe]

--a------ 2005-07-27 17:07 765952 C:\Program Files\ASUS\NB Probe\NBProbe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]

--------- 2006-04-27 15:45 94208 C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCS]

--------- 2006-04-27 15:47 65536 C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2007-05-15 00:22 35328 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console]

--a------ 2005-07-22 14:36 57344 C:\Program Files\ASUS\Wireless Console\wcourier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\MSMSGS.EXE"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Shareaza\\Shareaza.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"16586:TCP"= 16586:TCP:NortonAV

"14063:TCP"= 14063:TCP:NortonAV

R0 R592;R592;C:\WINDOWS\system32\DRIVERS\R592.sys [2004-10-15 19:26]

R0 risdpntk;risdpntk;C:\WINDOWS\system32\DRIVERS\risdpntk.sys [2004-10-15 19:26]

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]

S3 Asushwio;Asushwio;C:\WINDOWS\system32\drivers\Asushwio.sys [2000-03-29 14:17]

S3 USB28xxBGA;Pinnacle PCTV DVB-T USB Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2005-11-22 19:04]

S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2005-11-22 19:04]

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{533badc2-45dd-11dc-8d4f-001500462162}]

\Shell\Auto\command - bittorrent.exe e

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{558120f6-60de-11db-8c54-001500462162}]

\Shell\AutoRun\command - H:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{861dbae8-145c-11dd-8dc5-001500462162}]

\Shell\AutoRun\command - H:\LaunchU3.exe -a

.

Contenu du dossier 'Scheduled Tasks/TÉches planifiÇes'

"2008-05-09 13:48:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-28 01:22:01

Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cachÇs ...

Balayage cachÇ autostart entries ...

Balayage des fichiers cachÇs ...

Scan terminÇ avec succäs

Les fichiers cachÇs: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE

C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE

C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE

C:\WINDOWS\ATKKBSERVICE.EXE

C:\WINDOWS\SYSTEM32\NVSVC32.EXE

C:\PROGRAM FILES\INTEL\WIRELESS\BIN\OPROTSVC.EXE

C:\WINDOWS\SYSTEM32\HPZIPM12.EXE

C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE

C:\PROGRAM FILES\ASUS\NB PROBE\SPM\SPMGR.EXE

C:\PROGRAM FILES\INTEL\WIRELESS\BIN\1XCONFIG.EXE

C:\WINDOWS\SYSTEM32\TABLET.EXE

C:\WINDOWS\SYSTEM32\WSCNTFY.EXE

C:\PROGRAM FILES\SONY\SONICSTAGE\SSAAD.EXE

C:\WINDOWS\SYSTEM32\RUNDLL32.EXE

C:\WINDOWS\system32\Wtablet\TabUserW.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\PROGRAM FILES\YZ_DCK0083\YZDOCK.EXE

C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE

.

**************************************************************************

.

Temps d'accomplissement: 2008-05-28 1:24:31 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-27 23:24:26

Pre-Run: 10,230,792,192 octets libres

Post-Run: 11,369,709,568 octets libres

276 --- E O F --- 2008-05-24 21:20:00

#4
Rorschach112

Posted 28 May 2008 - 09:39 AM

Ralphie

Retired Staff
47,710 posts

Something is messing up the ComboFix log

Can you open notepad, click Format, uncheck wordwrap

Then post it again

#5
iclover

Posted 28 May 2008 - 10:35 AM

Member

Topic Starter
Member
10 posts

The thing is that my friend's computer is a Mac and sometimes it doesn't read .txt correctly.

But i think i found a way to keep it similar to the original text:

ComboFix 08-05-27.4 - Dupong Irène 2008-05-28 1:14:44.1 - FAT32x86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.272 [GMT 2:00]

Endroit: C:\Documents and Settings\Dupong Irène\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Dupong Irène\Mes documents\DOBE~1

C:\Documents and Settings\Dupong Irène\Mes documents\DOBE~1\?dobe\

C:\Program Files\outlook

C:\WINDOWS\adober.exe

C:\WINDOWS\BMebf07f68.xml

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\awkudegr.exe

C:\WINDOWS\system32\bqulvirs.dll

C:\WINDOWS\system32\burnkmub.ini

C:\WINDOWS\system32\cbXPjJaw.dll

C:\WINDOWS\system32\ckjshmhp.exe

C:\WINDOWS\system32\cmd.com

C:\WINDOWS\system32\cnrbkhfk.ini

C:\WINDOWS\system32\components

C:\WINDOWS\system32\components\flx1.dll

C:\WINDOWS\system32\ctcnpenw.dll

C:\WINDOWS\system32\ddhhdwdp.dll

C:\WINDOWS\system32\djqixldq.dll

C:\WINDOWS\system32\dvqwpvwk.ini

C:\WINDOWS\system32\eabvqvan.ini

C:\WINDOWS\system32\ejhexlyu.dll

C:\WINDOWS\system32\ensmjxdn.ini

C:\WINDOWS\system32\flxaoeuy.ini

C:\WINDOWS\system32\fpjscrwf.ini

C:\WINDOWS\system32\fqccmkqg.ini

C:\WINDOWS\system32\ghswswyq.ini

C:\WINDOWS\system32\gqkmccqf.dll

C:\WINDOWS\system32\gxtpffrl.ini

C:\WINDOWS\system32\ilsggksb.exe

C:\WINDOWS\system32\jbmlindy.dll

C:\WINDOWS\system32\kscavokq.ini

C:\WINDOWS\system32\kssuvpce.ini

C:\WINDOWS\system32\lutrrrew.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\mxxtibjv.ini

C:\WINDOWS\system32\netstat.com

C:\WINDOWS\system32\ngftghlf.ini

C:\WINDOWS\system32\nmiujuvd.dll

C:\WINDOWS\system32\npqxgfxv.ini

C:\WINDOWS\system32\odtqsjmv.ini

C:\WINDOWS\system32\ping.com

C:\WINDOWS\system32\PoprAcfe.ini

C:\WINDOWS\system32\PoprAcfe.ini2

C:\WINDOWS\system32\pridhimp.dll

C:\WINDOWS\system32\qBaKkRqr.ini

C:\WINDOWS\system32\qBaKkRqr.ini2

C:\WINDOWS\system32\qrylrwyu.exe

C:\WINDOWS\system32\scdrmfbd.dll

C:\WINDOWS\system32\sjiscdre.exe

C:\WINDOWS\system32\soysoyck.exe

C:\WINDOWS\system32\taskkill.com

C:\WINDOWS\system32\tasklist.com

C:\WINDOWS\system32\tracert.com

C:\WINDOWS\system32\uylxehje.ini

C:\WINDOWS\system32\vbhcoarj.ini

C:\WINDOWS\system32\vqkceqnf.exe

C:\WINDOWS\system32\waJjPXbc.ini

C:\WINDOWS\system32\waJjPXbc.ini2

C:\WINDOWS\system32\werrrtul.dll

C:\WINDOWS\system32\wgnitjsw.exe

C:\WINDOWS\system32\wqrvuqod.exe

C:\WINDOWS\system32\wrvjijcq.exe

C:\WINDOWS\system32\xjlnsyvf.exe

C:\WINDOWS\system32\xtnqhayl.exe

C:\WINDOWS\system32\yeuhkmrp.exe

C:\WINDOWS\system32\ylylbevl.exe

C:\WINDOWS\system32\ytydspjh.exe

D:\Autorun.inf

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-27 to 2008-05-27 ))))))))))))))))))))))))))))))))))))

.

2008-05-27 23:19 . 2008-05-27 23:19 <REP> d-------- C:\Program Files\Trend Micro

2008-05-25 16:41 . 2008-05-25 16:41 103,488 --------- C:\WINDOWS\system32\ollabiwu.dll_old

2008-05-24 23:19 . 2008-05-24 23:19 206 --a------ C:\WINDOWS\system32\MRT.INI

2008-05-18 15:04 . 2008-05-18 15:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-05-18 11:50 . 2008-05-18 11:50 100,928 --------- C:\WINDOWS\system32\rhblfpam.dll_old

2008-05-17 11:00 . 2008-05-17 11:00 100,928 --------- C:\WINDOWS\system32\cuialfdu.dll_old

2008-05-17 10:57 . 2008-05-17 10:57 275,968 --------- C:\WINDOWS\system32\rqRkKaBq.dll_old

2008-05-12 13:36 . 2008-05-12 13:36 100,416 --------- C:\WINDOWS\system32\uhhpgomj.dll_old

2008-05-10 12:00 . 2008-05-10 12:00 100,416 --------- C:\WINDOWS\system32\upudsnbe.dll_old

2008-05-08 11:57 . 2008-05-08 11:57 105,024 --------- C:\WINDOWS\system32\pgegxbnp.dll_old

2008-05-07 12:05 . 2008-05-27 21:12 680 --a------ C:\WINDOWS\wininit.ini

2008-05-07 11:22 . 2008-05-07 11:22 105,024 --------- C:\WINDOWS\system32\htaqtpsk.dll_old

2008-05-07 11:20 . 2008-05-07 11:20 105,024 --------- C:\WINDOWS\system32\ussshwlu.dll_old

2008-05-05 23:45 . 2008-05-05 23:45 104,000 --------- C:\WINDOWS\system32\uncsawbq.dll_old

2008-05-04 23:44 . 2008-05-04 23:44 104,512 --------- C:\WINDOWS\system32\opnwqiaa.dll_old

2008-05-04 18:08 . 2008-05-04 18:01 691,545 --a------ C:\WINDOWS\unins000.exe

2008-05-04 18:08 . 2008-05-04 18:08 2,552 --a------ C:\WINDOWS\unins000.dat

2008-05-03 23:42 . 2008-05-03 23:42 103,488 --------- C:\WINDOWS\system32\ldknqvmv.dll_old

2008-05-03 12:04 . 2008-05-03 12:04 <REP> d-------- C:\WINDOWS\SxsCaPendDel

2008-05-03 11:40 . 2008-05-03 11:40 281,600 --------- C:\WINDOWS\system32\efcArpoP.dll_old

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-27 21:55 348,160 ----a-w C:\WINDOWS\system32\Msvcr71.dll

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll

2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2006-04-14 07:21 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe

1999-07-07 00:00 6 --sh--r C:\WINDOWS\@[email protected]

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51C325F2-00A5-45B2-BB69-E2863E8279E4}]

C:\WINDOWS\system32\efcArpoP.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8BAC0033-AF00-4694-B0CC-169777C79C9B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC7D8DE8-EF3D-4F44-8B54-03759FAC1367}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DDF2660A-891F-41F6-85C4-5D8440218114}]

C:\WINDOWS\system32\rqRkKaBq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

"Acmw"="C:\DOCUME~1\DUPONG~1\MESDOC~1\DOBE~1\dexplore.exe" [ ]

"ares"="C:\Program Files\Ares\Ares.exe" [ ]

"VoipStunt"="C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" [ ]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2005-06-16 15:48 86016]

"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-12-22 01:23 98394]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-12-22 01:23 688218]

"Zshutdown"="c:\sysprep\patch\sysprep.cmd" [ ]

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-05-31 22:46 401408]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-06-03 01:31 385024]

"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-05-31 22:50 356352]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-23 07:27 7286784]

"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 17:06 406016]

"Pinnacle WebUpdater"="C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" [2006-03-26 12:10 380928]

"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36 81920]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-05-02 20:24 180269]

"StandardInstall"="" []

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22 35328]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]

"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]

"isCfgWiz"="C:\Program Files\Fichiers communs\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" [ ]

"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [ ]

"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [ ]

"e8c34cf4"="C:\WINDOWS\system32\fwrcsjpf.dll" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"SymLnch"="C:\Documents and Settings\Dupong Irène\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"AllowLegacyWebView"= 1 (0x1)

"AllowUnhashedWebView"= 1 (0x1)

"NoBandCustomize"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoBandCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXnnkiG]

cbXnnkiG.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2005-05-31 22:46 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winopn32]

winopn32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.asv2"= asusasv2.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]

--a------ 2005-07-28 09:29 102400 C:\WINDOWS\ATK0100\HControl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2004-09-13 15:49 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NB Probe]

--a------ 2005-07-27 17:07 765952 C:\Program Files\ASUS\NB Probe\NBProbe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]

--------- 2006-04-27 15:45 94208 C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCS]

--------- 2006-04-27 15:47 65536 C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2007-05-15 00:22 35328 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console]

--a------ 2005-07-22 14:36 57344 C:\Program Files\ASUS\Wireless Console\wcourier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\MSMSGS.EXE"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Shareaza\\Shareaza.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"16586:TCP"= 16586:TCP:NortonAV

"14063:TCP"= 14063:TCP:NortonAV

R0 R592;R592;C:\WINDOWS\system32\DRIVERS\R592.sys [2004-10-15 19:26]

R0 risdpntk;risdpntk;C:\WINDOWS\system32\DRIVERS\risdpntk.sys [2004-10-15 19:26]

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]

S3 Asushwio;Asushwio;C:\WINDOWS\system32\drivers\Asushwio.sys [2000-03-29 14:17]

S3 USB28xxBGA;Pinnacle PCTV DVB-T USB Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2005-11-22 19:04]

S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2005-11-22 19:04]

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{533badc2-45dd-11dc-8d4f-001500462162}]

\Shell\Auto\command - bittorrent.exe e

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{558120f6-60de-11db-8c54-001500462162}]

\Shell\AutoRun\command - H:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{861dbae8-145c-11dd-8dc5-001500462162}]

\Shell\AutoRun\command - H:\LaunchU3.exe -a

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-05-09 13:48:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-28 01:22:01

Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE

C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE

C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE

C:\WINDOWS\ATKKBSERVICE.EXE

C:\WINDOWS\SYSTEM32\NVSVC32.EXE

C:\PROGRAM FILES\INTEL\WIRELESS\BIN\OPROTSVC.EXE

C:\WINDOWS\SYSTEM32\HPZIPM12.EXE

C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE

C:\PROGRAM FILES\ASUS\NB PROBE\SPM\SPMGR.EXE

C:\PROGRAM FILES\INTEL\WIRELESS\BIN\1XCONFIG.EXE

C:\WINDOWS\SYSTEM32\TABLET.EXE

C:\WINDOWS\SYSTEM32\WSCNTFY.EXE

C:\PROGRAM FILES\SONY\SONICSTAGE\SSAAD.EXE

C:\WINDOWS\SYSTEM32\RUNDLL32.EXE

C:\WINDOWS\system32\Wtablet\TabUserW.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\PROGRAM FILES\YZ_DCK0083\YZDOCK.EXE

C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE

.

**************************************************************************

.

Temps d'accomplissement: 2008-05-28 1:24:31 - machine was rebooted [Dupong IrŠne]

ComboFix-quarantined-files.txt 2008-05-27 23:24:26

Pre-Run: 10,230,792,192 octets libres

Post-Run: 11,369,709,568 octets libres

276 --- E O F --- 2008-05-24 21:20:00

#6
Rorschach112

Posted 28 May 2008 - 10:41 AM

Ralphie

Retired Staff
47,710 posts

The logs are unreadable

You need to post them from a Windows machine

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\ollabiwu.dll_old
C:\WINDOWS\system32\rhblfpam.dll_old
C:\WINDOWS\system32\cuialfdu.dll_old
C:\WINDOWS\system32\rqRkKaBq.dll_old
C:\WINDOWS\system32\uhhpgomj.dll_old
C:\WINDOWS\system32\upudsnbe.dll_old
C:\WINDOWS\system32\pgegxbnp.dll_old
C:\WINDOWS\system32\htaqtpsk.dll_old
C:\WINDOWS\system32\ussshwlu.dll_old
C:\WINDOWS\system32\uncsawbq.dll_old
C:\WINDOWS\system32\opnwqiaa.dll_old
H:\LaunchU3.exe
C:\WINDOWS\system32\ldknqvmv.dll_old
C:\WINDOWS\system32\efcArpoP.dll_old
H:\SETUP.EXE

Folder::

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{533badc2-45dd-11dc-8d4f-001500462162}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{558120f6-60de-11db-8c54-001500462162}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{861dbae8-145c-11dd-8dc5-001500462162}]

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

#7
iclover

Posted 30 May 2008 - 06:35 AM

Member

Topic Starter
Member
10 posts

I was finally able to get online

Here is the Combofix log:

ComboFix 08-05-27.4 - Dupong Irène 2008-05-28 1:14:44.1 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.272 [GMT 2:00]
Endroit: C:\Documents and Settings\Dupong Irène\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Dupong Irène\Mes documents\DOBE~1
C:\Documents and Settings\Dupong Irène\Mes documents\DOBE~1\?dobe\
C:\Program Files\outlook
C:\WINDOWS\adober.exe
C:\WINDOWS\BMebf07f68.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\awkudegr.exe
C:\WINDOWS\system32\bqulvirs.dll
C:\WINDOWS\system32\burnkmub.ini
C:\WINDOWS\system32\cbXPjJaw.dll
C:\WINDOWS\system32\ckjshmhp.exe
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\cnrbkhfk.ini
C:\WINDOWS\system32\components
C:\WINDOWS\system32\components\flx1.dll
C:\WINDOWS\system32\ctcnpenw.dll
C:\WINDOWS\system32\ddhhdwdp.dll
C:\WINDOWS\system32\djqixldq.dll
C:\WINDOWS\system32\dvqwpvwk.ini
C:\WINDOWS\system32\eabvqvan.ini
C:\WINDOWS\system32\ejhexlyu.dll
C:\WINDOWS\system32\ensmjxdn.ini
C:\WINDOWS\system32\flxaoeuy.ini
C:\WINDOWS\system32\fpjscrwf.ini
C:\WINDOWS\system32\fqccmkqg.ini
C:\WINDOWS\system32\ghswswyq.ini
C:\WINDOWS\system32\gqkmccqf.dll
C:\WINDOWS\system32\gxtpffrl.ini
C:\WINDOWS\system32\ilsggksb.exe
C:\WINDOWS\system32\jbmlindy.dll
C:\WINDOWS\system32\kscavokq.ini
C:\WINDOWS\system32\kssuvpce.ini
C:\WINDOWS\system32\lutrrrew.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mxxtibjv.ini
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ngftghlf.ini
C:\WINDOWS\system32\nmiujuvd.dll
C:\WINDOWS\system32\npqxgfxv.ini
C:\WINDOWS\system32\odtqsjmv.ini
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\PoprAcfe.ini
C:\WINDOWS\system32\PoprAcfe.ini2
C:\WINDOWS\system32\pridhimp.dll
C:\WINDOWS\system32\qBaKkRqr.ini
C:\WINDOWS\system32\qBaKkRqr.ini2
C:\WINDOWS\system32\qrylrwyu.exe
C:\WINDOWS\system32\scdrmfbd.dll
C:\WINDOWS\system32\sjiscdre.exe
C:\WINDOWS\system32\soysoyck.exe
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\uylxehje.ini
C:\WINDOWS\system32\vbhcoarj.ini
C:\WINDOWS\system32\vqkceqnf.exe
C:\WINDOWS\system32\waJjPXbc.ini
C:\WINDOWS\system32\waJjPXbc.ini2
C:\WINDOWS\system32\werrrtul.dll
C:\WINDOWS\system32\wgnitjsw.exe
C:\WINDOWS\system32\wqrvuqod.exe
C:\WINDOWS\system32\wrvjijcq.exe
C:\WINDOWS\system32\xjlnsyvf.exe
C:\WINDOWS\system32\xtnqhayl.exe
C:\WINDOWS\system32\yeuhkmrp.exe
C:\WINDOWS\system32\ylylbevl.exe
C:\WINDOWS\system32\ytydspjh.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-27 to 2008-05-27 ))))))))))))))))))))))))))))))))))))
.

2008-05-27 23:19 . 2008-05-27 23:19 <REP> d-------- C:\Program Files\Trend Micro
2008-05-25 16:41 . 2008-05-25 16:41 103,488 --------- C:\WINDOWS\system32\ollabiwu.dll_old
2008-05-24 23:19 . 2008-05-24 23:19 206 --a------ C:\WINDOWS\system32\MRT.INI
2008-05-18 15:04 . 2008-05-18 15:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-18 11:50 . 2008-05-18 11:50 100,928 --------- C:\WINDOWS\system32\rhblfpam.dll_old
2008-05-17 11:00 . 2008-05-17 11:00 100,928 --------- C:\WINDOWS\system32\cuialfdu.dll_old
2008-05-17 10:57 . 2008-05-17 10:57 275,968 --------- C:\WINDOWS\system32\rqRkKaBq.dll_old
2008-05-12 13:36 . 2008-05-12 13:36 100,416 --------- C:\WINDOWS\system32\uhhpgomj.dll_old
2008-05-10 12:00 . 2008-05-10 12:00 100,416 --------- C:\WINDOWS\system32\upudsnbe.dll_old
2008-05-08 11:57 . 2008-05-08 11:57 105,024 --------- C:\WINDOWS\system32\pgegxbnp.dll_old
2008-05-07 12:05 . 2008-05-27 21:12 680 --a------ C:\WINDOWS\wininit.ini
2008-05-07 11:22 . 2008-05-07 11:22 105,024 --------- C:\WINDOWS\system32\htaqtpsk.dll_old
2008-05-07 11:20 . 2008-05-07 11:20 105,024 --------- C:\WINDOWS\system32\ussshwlu.dll_old
2008-05-05 23:45 . 2008-05-05 23:45 104,000 --------- C:\WINDOWS\system32\uncsawbq.dll_old
2008-05-04 23:44 . 2008-05-04 23:44 104,512 --------- C:\WINDOWS\system32\opnwqiaa.dll_old
2008-05-04 18:08 . 2008-05-04 18:01 691,545 --a------ C:\WINDOWS\unins000.exe
2008-05-04 18:08 . 2008-05-04 18:08 2,552 --a------ C:\WINDOWS\unins000.dat
2008-05-03 23:42 . 2008-05-03 23:42 103,488 --------- C:\WINDOWS\system32\ldknqvmv.dll_old
2008-05-03 12:04 . 2008-05-03 12:04 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-05-03 11:40 . 2008-05-03 11:40 281,600 --------- C:\WINDOWS\system32\efcArpoP.dll_old

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 21:55 348,160 ----a-w C:\WINDOWS\system32\Msvcr71.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2006-04-14 07:21 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
1999-07-07 00:00 6 --sh--r C:\WINDOWS\@[email protected]
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51C325F2-00A5-45B2-BB69-E2863E8279E4}]
C:\WINDOWS\system32\efcArpoP.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8BAC0033-AF00-4694-B0CC-169777C79C9B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC7D8DE8-EF3D-4F44-8B54-03759FAC1367}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DDF2660A-891F-41F6-85C4-5D8440218114}]
C:\WINDOWS\system32\rqRkKaBq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"Acmw"="C:\DOCUME~1\DUPONG~1\MESDOC~1\DOBE~1\dexplore.exe" [ ]
"ares"="C:\Program Files\Ares\Ares.exe" [ ]
"VoipStunt"="C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2005-06-16 15:48 86016]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-12-22 01:23 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-12-22 01:23 688218]
"Zshutdown"="c:\sysprep\patch\sysprep.cmd" [ ]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-05-31 22:46 401408]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-06-03 01:31 385024]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-05-31 22:50 356352]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-23 07:27 7286784]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 17:06 406016]
"Pinnacle WebUpdater"="C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" [2006-03-26 12:10 380928]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36 81920]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-05-02 20:24 180269]
"StandardInstall"="" []
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22 35328]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"isCfgWiz"="C:\Program Files\Fichiers communs\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" [ ]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [ ]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [ ]
"e8c34cf4"="C:\WINDOWS\system32\fwrcsjpf.dll" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SymLnch"="C:\Documents and Settings\Dupong Irène\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
"NoBandCustomize"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXnnkiG]
cbXnnkiG.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2005-05-31 22:46 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winopn32]
winopn32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]
--a------ 2005-07-28 09:29 102400 C:\WINDOWS\ATK0100\HControl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 15:49 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NB Probe]
--a------ 2005-07-27 17:07 765952 C:\Program Files\ASUS\NB Probe\NBProbe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
--------- 2006-04-27 15:45 94208 C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCS]
--------- 2006-04-27 15:47 65536 C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-05-15 00:22 35328 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console]
--a------ 2005-07-22 14:36 57344 C:\Program Files\ASUS\Wireless Console\wcourier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"16586:TCP"= 16586:TCP:NortonAV
"14063:TCP"= 14063:TCP:NortonAV

R0 R592;R592;C:\WINDOWS\system32\DRIVERS\R592.sys [2004-10-15 19:26]
R0 risdpntk;risdpntk;C:\WINDOWS\system32\DRIVERS\risdpntk.sys [2004-10-15 19:26]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]
S3 Asushwio;Asushwio;C:\WINDOWS\system32\drivers\Asushwio.sys [2000-03-29 14:17]
S3 USB28xxBGA;Pinnacle PCTV DVB-T USB Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2005-11-22 19:04]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2005-11-22 19:04]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{533badc2-45dd-11dc-8d4f-001500462162}]
\Shell\Auto\command - bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{558120f6-60de-11db-8c54-001500462162}]
\Shell\AutoRun\command - H:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{861dbae8-145c-11dd-8dc5-001500462162}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-09 13:48:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 01:22:01
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
C:\WINDOWS\ATKKBSERVICE.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\OPROTSVC.EXE
C:\WINDOWS\SYSTEM32\HPZIPM12.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE
C:\PROGRAM FILES\ASUS\NB PROBE\SPM\SPMGR.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\1XCONFIG.EXE
C:\WINDOWS\SYSTEM32\TABLET.EXE
C:\WINDOWS\SYSTEM32\WSCNTFY.EXE
C:\PROGRAM FILES\SONY\SONICSTAGE\SSAAD.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRAM FILES\YZ_DCK0083\YZDOCK.EXE
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-28 1:24:31 - machine was rebooted [Dupong IrŠne]
ComboFix-quarantined-files.txt 2008-05-27 23:24:26

Pre-Run: 10,230,792,192 octets libres
Post-Run: 11,369,709,568 octets libres

276 --- E O F --- 2008-05-24 21:20:00

But I can do the Kaspersky scan

#8
Rorschach112

Posted 30 May 2008 - 10:55 AM

Ralphie

Retired Staff
47,710 posts

Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\ollabiwu.dll_old
C:\WINDOWS\system32\rhblfpam.dll_old
C:\WINDOWS\system32\cuialfdu.dll_old
C:\WINDOWS\system32\rqRkKaBq.dll_old
C:\WINDOWS\system32\uhhpgomj.dll_old
C:\WINDOWS\system32\upudsnbe.dll_old
C:\WINDOWS\system32\pgegxbnp.dll_old
C:\WINDOWS\system32\htaqtpsk.dll_old
C:\WINDOWS\system32\ussshwlu.dll_old
C:\WINDOWS\system32\uncsawbq.dll_old
C:\WINDOWS\system32\opnwqiaa.dll_old
C:\WINDOWS\system32\ldknqvmv.dll_old
C:\WINDOWS\system32\efcArpoP.dll_old
H:\SETUP.EXE
H:\LaunchU3.exe

Folder::

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{533badc2-45dd-11dc-8d4f-001500462162}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{558120f6-60de-11db-8c54-001500462162}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{861dbae8-145c-11dd-8dc5-001500462162}]

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

#9
iclover

Posted 31 May 2008 - 02:44 AM

Member

Topic Starter
Member
10 posts

The new Combofix log:

ComboFix 08-05-27.4 - Dupong Irène 2008-05-31 8:30:50.2 - FAT32x86
Endroit: C:\Documents and Settings\Dupong Irène\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dupong Irène\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\WINDOWS\system32\cuialfdu.dll_old
C:\WINDOWS\system32\efcArpoP.dll_old
C:\WINDOWS\system32\htaqtpsk.dll_old
C:\WINDOWS\system32\ldknqvmv.dll_old
C:\WINDOWS\system32\ollabiwu.dll_old
C:\WINDOWS\system32\opnwqiaa.dll_old
C:\WINDOWS\system32\pgegxbnp.dll_old
C:\WINDOWS\system32\rhblfpam.dll_old
C:\WINDOWS\system32\rqRkKaBq.dll_old
C:\WINDOWS\system32\uhhpgomj.dll_old
C:\WINDOWS\system32\uncsawbq.dll_old
C:\WINDOWS\system32\upudsnbe.dll_old
C:\WINDOWS\system32\ussshwlu.dll_old
H:\LaunchU3.exe
H:\SETUP.EXE
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Dupong Irène\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\b.exe
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\cuialfdu.dll_old
C:\WINDOWS\system32\efcArpoP.dll_old
C:\WINDOWS\system32\htaqtpsk.dll_old
C:\WINDOWS\system32\ollabiwu.dll_old
C:\WINDOWS\system32\pgegxbnp.dll_old
C:\WINDOWS\system32\rhblfpam.dll_old
C:\WINDOWS\system32\rqRkKaBq.dll_old
C:\WINDOWS\system32\uhhpgomj.dll_old
C:\WINDOWS\system32\upudsnbe.dll_old
C:\WINDOWS\system32\ussshwlu.dll_old

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-28 to 2008-05-31 ))))))))))))))))))))))))))))))))))))
.

2008-05-28 09:41 . 2007-03-17 18:11 675,840 -ra------ C:\WINDOWS\system32\hpowiax3.dll
2008-05-28 09:41 . 2007-03-17 18:11 569,344 -ra------ C:\WINDOWS\system32\hpotscl3.dll
2008-05-28 09:41 . 2007-03-17 18:11 303,104 -ra------ C:\WINDOWS\system32\hpovst10.dll
2008-05-28 09:38 . 2008-05-28 09:46 160,191 --a------ C:\WINDOWS\hpoins14.dat
2008-05-28 09:38 . 2007-09-20 03:14 2,000 --------- C:\WINDOWS\hpomdl14.dat
2008-05-28 09:36 . 2008-05-28 09:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-05-28 09:36 . 2007-03-30 17:07 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-05-28 09:35 . 2007-03-08 06:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-05-28 09:35 . 2007-03-28 14:01 117,760 --a------ C:\WINDOWS\system32\hpzll5ha.dll
2008-05-28 01:24 . 2008-05-28 01:24 <REP> d-------- C:\Documents and Settings\Dupong IrÞne
2008-05-27 23:19 . 2008-05-27 23:19 <REP> d-------- C:\Program Files\Trend Micro
2008-05-24 23:19 . 2008-05-24 23:19 206 --a------ C:\WINDOWS\system32\MRT.INI
2008-05-18 15:04 . 2008-05-18 15:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-07 12:05 . 2008-05-28 01:49 854 --a------ C:\WINDOWS\wininit.ini
2008-05-04 18:08 . 2008-05-04 18:01 691,545 --a------ C:\WINDOWS\unins000.exe
2008-05-04 18:08 . 2008-05-04 18:08 2,552 --a------ C:\WINDOWS\unins000.dat
2008-05-03 12:04 . 2008-05-03 12:04 <REP> d-------- C:\WINDOWS\SxsCaPendDel

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-27 21:55 348,160 ----a-w C:\WINDOWS\system32\Msvcr71.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-26 12:00 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
2008-02-26 12:00 294,912 ------w C:\WINDOWS\system32\dllcache\msctf.dll
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-05-23 10:35 324 ----a-w C:\Documents and Settings\Dupong Irène\Application Data\wklnhst.dat
2006-04-14 07:21 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
1999-07-07 00:00 6 --sh--r C:\WINDOWS\@[email protected]
.

((((((((((((((((((((((((((((( snapshot@2008-05-28_ 1.24.08.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-27 23:21:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-30 17:09:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2005-04-13 13:54:22 331,184 ----a-w C:\WINDOWS\system32\difxapi.dll
+ 2007-03-08 04:20:46 309,760 ----a-r C:\WINDOWS\system32\difxapi.dll
- 2004-12-14 15:06:28 51,120 ----a-r C:\WINDOWS\system32\drivers\HPZid412.sys
+ 2007-03-08 04:20:48 49,920 ----a-r C:\WINDOWS\system32\drivers\HPZid412.sys
- 2004-12-14 15:06:28 16,496 ----a-r C:\WINDOWS\system32\drivers\HPZipr12.sys
+ 2007-03-08 04:20:50 16,496 ----a-r C:\WINDOWS\system32\drivers\HPZipr12.sys
- 2004-12-14 15:06:28 21,744 ----a-r C:\WINDOWS\system32\drivers\HPZius12.sys
+ 2007-03-08 04:20:50 21,568 ----a-r C:\WINDOWS\system32\drivers\HPZius12.sys
+ 2007-03-26 08:17:44 2,862,592 ----a-w C:\WINDOWS\system32\DRVSTORE\hpodcsla_AA90739FE6CE6410E6FD075E7696EADED8A3F90D\hpbcfgre.dll
+ 2006-11-30 09:14:06 671,816 ----a-w C:\WINDOWS\system32\DRVSTORE\hpodcsla_AA90739FE6CE6410E6FD075E7696EADED8A3F90D\hpcdmc32.dll
+ 2007-02-22 17:35:00 314,880 ----a-w C:\WINDOWS\system32\DRVSTORE\hpodcsla_AA90739FE6CE6410E6FD075E7696EADED8A3F90D\hpfie5ha.dll
+ 2007-02-20 09:29:02 337,920 ----a-w C:\WINDOWS\system32\DRVSTORE\hpodcsla_AA90739FE6CE6410E6FD075E7696EADED8A3F90D\hpfig5ha.dll
+ 2006-12-06 14:31:56 113,152 ----a-w C:\WINDOWS\system32\DRVSTORE\hpodcsla_AA90739FE6CE6410E6FD075E7696EADED8A3F90D\hpfrs5ha.dll
+ 2007-03-28 10:53:28 977,920 ----a-w C:\WINDOWS\system32\DRVSTORE\hpodcsla_AA90739FE6CE6410E6FD075E7696EADED8A3F90D\hpz3c5ha.dll
+ 2007-03-28 12:01:08 1,739,264 ----a-w C:\WINDOWS\system32\DRVSTORE\hpodcsla_AA90739FE6CE6410E6FD075E7696EADED8A3F90D\hpz3r5ha.dll
+ 2007-03-28 12:01:28 233,472 ----a-w C:\WINDOWS\system32\DRVSTORE\hpodcsla_AA90739FE6CE6410E6FD075E7696EADED8A3F90D\hpzc35ha.dll
+ 2007-03-28 11:59:04 446,976 ----a-w C:\WINDOWS\system32\DRVSTORE\hpodcsla_AA90739FE6CE6410E6FD075E7696EADED8A3F90D\hpzev5ha.dll
+ 2007-03-30 15:07:42 267,864 ----a-r C:\WINDOWS\system32\DRVSTORE\hpodcsla_AA90739FE6CE6410E6FD075E7696EADED8A3F90D\hpzids01.dll
+ 2007-03-28 12:00:22 5,189,120 ----a-w C:\WINDOWS\system32\DRVSTORE\hpodcsla_AA90739FE6CE6410E6FD075E7696EADED8A3F90D\hpzla5ha.dll
+ 2007-03-28 11:57:04 782,848 ----a-w C:\WINDOWS\system32\DRVSTORE\hpodcsla_AA90739FE6CE6410E6FD075E7696EADED8A3F90D\hpzle5ha.dll
+ 2007-03-28 12:01:18 117,760 ----a-w C:\WINDOWS\system32\DRVSTORE\hpodcsla_AA90739FE6CE6410E6FD075E7696EADED8A3F90D\hpzll5ha.dll
+ 2007-03-28 11:57:34 274,944 ----a-w C:\WINDOWS\system32\DRVSTORE\hpodcsla_AA90739FE6CE6410E6FD075E7696EADED8A3F90D\hpzpp5ha.dll
+ 2007-03-28 11:59:20 299,520 ----a-w C:\WINDOWS\system32\DRVSTORE\hpodcsla_AA90739FE6CE6410E6FD075E7696EADED8A3F90D\hpzpr5ha.dll
+ 2007-03-28 11:57:18 853,504 ----a-w C:\WINDOWS\system32\DRVSTORE\hpodcsla_AA90739FE6CE6410E6FD075E7696EADED8A3F90D\hpzse5ha.dll
+ 2007-03-28 11:32:56 670,208 ----a-w C:\WINDOWS\system32\DRVSTORE\hpodcsla_AA90739FE6CE6410E6FD075E7696EADED8A3F90D\hpzss5ha.dll
+ 2007-03-28 10:52:24 8,602,112 ----a-w C:\WINDOWS\system32\DRVSTORE\hpodcsla_AA90739FE6CE6410E6FD075E7696EADED8A3F90D\hpzst5ha.dll
+ 2007-03-28 11:58:06 3,291,648 ----a-w C:\WINDOWS\system32\DRVSTORE\hpodcsla_AA90739FE6CE6410E6FD075E7696EADED8A3F90D\hpzui5ha.dll
+ 2007-03-28 10:53:22 3,419,648 ----a-w C:\WINDOWS\system32\DRVSTORE\hpodcsla_AA90739FE6CE6410E6FD075E7696EADED8A3F90D\hpzur5ha.dll
+ 2006-12-20 10:50:04 269,824 ----a-w C:\WINDOWS\system32\DRVSTORE\hpodcsla_AA90739FE6CE6410E6FD075E7696EADED8A3F90D\UNIDRV.dll
+ 2006-12-20 10:48:34 208,384 ----a-w C:\WINDOWS\system32\DRVSTORE\hpodcsla_AA90739FE6CE6410E6FD075E7696EADED8A3F90D\UNIDRVUI.dll
+ 2006-12-20 10:48:32 620,544 ----a-w C:\WINDOWS\system32\DRVSTORE\hpodcsla_AA90739FE6CE6410E6FD075E7696EADED8A3F90D\UNIRES.dll
+ 2007-03-08 04:20:46 309,760 ----a-r C:\WINDOWS\system32\DRVSTORE\hposcu10_4FC8229DA1D7F81E72322B6F2DBB249746ABAFD7\drivers\dot4\Win2000\difxapi.dll
+ 2007-03-08 04:20:46 364,544 ----a-r C:\WINDOWS\system32\DRVSTORE\hposcu10_4FC8229DA1D7F81E72322B6F2DBB249746ABAFD7\drivers\dot4\Win2000\hppldcoi.dll
+ 2007-03-17 16:11:12 229,376 ----a-r C:\WINDOWS\system32\DRVSTORE\hposcu10_4FC8229DA1D7F81E72322B6F2DBB249746ABAFD7\drivers\scanner\x32\hpotpusd.dll
+ 2007-03-17 16:11:12 569,344 ----a-r C:\WINDOWS\system32\DRVSTORE\hposcu10_4FC8229DA1D7F81E72322B6F2DBB249746ABAFD7\drivers\scanner\x32\hpotscl3.dll
+ 2007-03-17 16:11:14 303,104 ----a-r C:\WINDOWS\system32\DRVSTORE\hposcu10_4FC8229DA1D7F81E72322B6F2DBB249746ABAFD7\drivers\scanner\x32\hpovst10.dll
+ 2007-03-17 16:11:14 675,840 ----a-r C:\WINDOWS\system32\DRVSTORE\hposcu10_4FC8229DA1D7F81E72322B6F2DBB249746ABAFD7\drivers\scanner\x32\hpowiax3.dll
+ 2007-03-08 04:20:48 49,920 ----a-r C:\WINDOWS\system32\DRVSTORE\hpzid413_F75AD070CF6AC37359152FFE52115AEC89378C94\drivers\dot4\Win2000\HPZid412.sys
+ 2007-03-08 04:20:46 309,760 ----a-r C:\WINDOWS\system32\DRVSTORE\hpzipa13_DB40AE39DB38AD8D2AF2D8E4340ABA1C191DE2CE\drivers\dot4\Win2000\difxapi.dll
+ 2007-03-08 04:20:46 364,544 ----a-r C:\WINDOWS\system32\DRVSTORE\hpzipa13_DB40AE39DB38AD8D2AF2D8E4340ABA1C191DE2CE\drivers\dot4\Win2000\hppldcoi.dll
+ 2007-03-08 04:20:48 49,920 ----a-r C:\WINDOWS\system32\DRVSTORE\hpzipa13_DB40AE39DB38AD8D2AF2D8E4340ABA1C191DE2CE\drivers\dot4\Win2000\HPZid412.sys
+ 2007-03-08 04:20:50 16,496 ----a-r C:\WINDOWS\system32\DRVSTORE\hpzipa13_DB40AE39DB38AD8D2AF2D8E4340ABA1C191DE2CE\drivers\dot4\Win2000\HPzipr12.sys
+ 2007-03-08 04:20:50 21,568 ----a-r C:\WINDOWS\system32\DRVSTORE\hpzipa13_DB40AE39DB38AD8D2AF2D8E4340ABA1C191DE2CE\drivers\dot4\Win2000\HPZius12.sys
+ 2007-03-08 04:20:38 282,624 ----a-r C:\WINDOWS\system32\DRVSTORE\hpzipa13_DB40AE39DB38AD8D2AF2D8E4340ABA1C191DE2CE\HPZc3212.dll
+ 2007-03-08 04:20:50 16,496 ----a-r C:\WINDOWS\system32\DRVSTORE\hpzipr13_9B62D8E7E43E761D5D4A9F1967C0FC868E8BC390\drivers\dot4\Win2000\HPZipr12.sys
+ 2007-03-08 04:20:46 309,760 ----a-r C:\WINDOWS\system32\DRVSTORE\hpzius13_9B9B07948B5298EA9F9D379B539EC8677D74FF6B\drivers\dot4\Win2000\difxapi.dll
+ 2007-03-08 04:20:46 364,544 ----a-r C:\WINDOWS\system32\DRVSTORE\hpzius13_9B9B07948B5298EA9F9D379B539EC8677D74FF6B\drivers\dot4\Win2000\hppldcoi.dll
+ 2007-03-08 04:20:48 49,920 ----a-r C:\WINDOWS\system32\DRVSTORE\hpzius13_9B9B07948B5298EA9F9D379B539EC8677D74FF6B\drivers\dot4\Win2000\hpzid412.sys
+ 2007-03-08 04:20:50 16,496 ----a-r C:\WINDOWS\system32\DRVSTORE\hpzius13_9B9B07948B5298EA9F9D379B539EC8677D74FF6B\drivers\dot4\Win2000\hpzipr12.sys
+ 2007-03-08 04:20:50 21,568 ----a-r C:\WINDOWS\system32\DRVSTORE\hpzius13_9B9B07948B5298EA9F9D379B539EC8677D74FF6B\drivers\dot4\Win2000\HPZius12.sys
+ 2007-03-08 04:20:52 16,800 ----a-r C:\WINDOWS\system32\DRVSTORE\hpzius13_9B9B07948B5298EA9F9D379B539EC8677D74FF6B\drivers\dot4\WinxP\Hppaufd0.sys
+ 2007-03-08 04:20:38 282,624 ----a-r C:\WINDOWS\system32\DRVSTORE\hpzius13_9B9B07948B5298EA9F9D379B539EC8677D74FF6B\HPZc3212.dll
- 2004-09-29 10:12:48 278,584 ----a-w C:\WINDOWS\system32\HPZidr12.dll
+ 2006-11-08 14:35:38 49,152 ----a-w C:\WINDOWS\system32\HPZidr12.dll
+ 2006-11-08 14:35:36 43,520 ----a-w C:\WINDOWS\system32\HPZinw12.dll
+ 2006-11-08 14:35:38 53,248 ----a-w C:\WINDOWS\system32\HPZipm12.dll
- 2004-09-29 10:15:16 204,800 ----a-w C:\WINDOWS\system32\HPZipr12.dll
+ 2006-11-08 14:35:40 33,280 ----a-w C:\WINDOWS\system32\HPZipr12.dll
- 2004-09-29 10:09:26 94,208 ----a-w C:\WINDOWS\system32\HPZipt12.dll
+ 2006-11-08 14:35:40 29,696 ----a-w C:\WINDOWS\system32\HPZipt12.dll
- 2004-09-29 10:09:32 57,344 ----a-w C:\WINDOWS\system32\HPZisn12.dll
+ 2006-11-08 14:35:40 20,480 ----a-w C:\WINDOWS\system32\HPZisn12.dll
+ 2007-03-26 08:17:44 2,862,592 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpbcfgre.dll
+ 2006-11-30 09:14:06 671,816 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpcdmc32.dll
+ 2007-02-22 17:35:00 314,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpfie5ha.dll
+ 2007-02-20 09:29:02 337,920 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpfig5ha.dll
+ 2006-12-06 14:31:56 113,152 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpfrs5ha.dll
+ 2007-03-28 10:53:28 977,920 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpz3c5ha.dll
+ 2007-03-28 12:01:08 1,739,264 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpz3r5ha.dll
+ 2007-03-28 12:01:28 233,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzc35ha.dll
+ 2007-03-28 11:59:04 446,976 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzev5ha.dll
+ 2007-03-28 12:00:22 5,189,120 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzla5ha.dll
+ 2007-03-28 11:57:04 782,848 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzle5ha.dll
+ 2007-03-28 11:59:20 299,520 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpr5ha.dll
+ 2007-03-28 11:57:18 853,504 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzse5ha.dll
+ 2007-03-28 11:32:56 670,208 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzss5ha.dll
+ 2007-03-28 10:52:24 8,602,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzst5ha.dll
+ 2007-03-28 11:58:06 3,291,648 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzui5ha.dll
+ 2007-03-28 10:53:22 3,419,648 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzur5ha.dll
+ 2007-03-26 08:17:44 2,862,592 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpbcfgre.dll
+ 2006-11-30 09:14:06 671,816 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpcdmc32.dll
+ 2007-02-22 17:35:00 314,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpfie5ha.dll
+ 2007-02-20 09:29:02 337,920 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpfig5ha.dll
+ 2006-12-06 14:31:56 113,152 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpfrs5ha.dll
+ 2007-03-28 10:53:28 977,920 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpz3c5ha.dll
+ 2007-03-28 12:01:08 1,739,264 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpz3r5ha.dll
+ 2007-03-28 12:01:28 233,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpzc35ha.dll
+ 2007-03-28 11:59:04 446,976 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpzev5ha.dll
+ 2007-03-28 12:00:22 5,189,120 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpzla5ha.dll
+ 2007-03-28 11:57:04 782,848 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpzle5ha.dll
+ 2007-03-28 11:59:20 299,520 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpzpr5ha.dll
+ 2007-03-28 11:57:18 853,504 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpzse5ha.dll
+ 2007-03-28 11:32:56 670,208 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpzss5ha.dll
+ 2007-03-28 10:52:24 8,602,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpzst5ha.dll
+ 2007-03-28 11:58:06 3,291,648 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpzui5ha.dll
+ 2007-03-28 10:53:22 3,419,648 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\hpzur5ha.dll
+ 2006-12-20 10:50:04 269,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\UNIDRV.DLL
+ 2006-12-20 10:48:34 208,384 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\UNIDRVUI.DLL
+ 2006-12-20 10:48:32 620,544 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_f4100_seri8252\UNIRES.DLL
+ 2007-03-28 11:57:34 274,944 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
+ 2007-03-12 01:35:12 12,288 ----a-r C:\WINDOWS\Twunk_16.dll
+ 2007-03-12 01:35:12 12,288 ----a-r C:\WINDOWS\Twunk_32.dll
+ 2008-05-28 07:44:36 1,230,336 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
+ 2007-03-08 18:38:58 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_6e85597b\ATL80.dll
+ 2007-06-27 21:16:00 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcm80.dll
+ 2007-06-27 21:16:02 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcp80.dll
+ 2007-06-27 21:16:00 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcr80.dll
+ 2007-03-08 18:38:58 1,093,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80.dll
+ 2007-03-08 18:38:58 1,079,808 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80u.dll
+ 2007-03-08 18:38:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfcm80.dll
+ 2007-03-08 18:38:58 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfcm80u.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51C325F2-00A5-45B2-BB69-E2863E8279E4}]
C:\WINDOWS\system32\efcArpoP.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8BAC0033-AF00-4694-B0CC-169777C79C9B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DDF2660A-891F-41F6-85C4-5D8440218114}]
C:\WINDOWS\system32\rqRkKaBq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"Acmw"="C:\DOCUME~1\DUPONG~1\MESDOC~1\DOBE~1\dexplore.exe" [ ]
"ares"="C:\Program Files\Ares\Ares.exe" [ ]
"VoipStunt"="C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2005-06-16 15:48 86016]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-12-22 01:23 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-12-22 01:23 688218]
"Zshutdown"="c:\sysprep\patch\sysprep.cmd" [ ]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-05-31 22:46 401408]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-06-03 01:31 385024]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-05-31 22:50 356352]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-23 07:27 7286784]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 17:06 406016]
"Pinnacle WebUpdater"="C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" [2006-03-26 12:10 380928]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36 81920]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-05-02 20:24 180269]
"StandardInstall"="" []
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22 35328]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"isCfgWiz"="C:\Program Files\Fichiers communs\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" [ ]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [ ]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [ ]
"e8c34cf4"="C:\WINDOWS\system32\fwrcsjpf.dll" [ ]
"BMebf07f68"="C:\WINDOWS\system32\jbmlindy.dll" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SymLnch"="C:\Documents and Settings\Dupong Irène\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" [2007-08-27 02:04 687976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

C:\Documents and Settings\Dupong IrŠne\Menu D‚marrer\Programmes\D‚marrage\
Raccourci vers YzDock.lnk - C:\Program Files\yz_dck0083\YzDock.exe [2003-06-03 22:38:40 386560]

C:\Documents and Settings\Dupong IrŠne\Menu D‚marrer\Programmes\D‚marrage\
Raccourci vers YzDock.lnk - C:\Program Files\yz_dck0083\YzDock.exe [2003-06-03 22:38:40 386560]

C:\Documents and Settings\Dupong IrŠne\Menu D‚marrer\Programmes\D‚marrage\
Raccourci vers YzDock.lnk - C:\Program Files\yz_dck0083\YzDock.exe [2003-06-03 22:38:40 386560]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
TabUserW.exe.lnk - C:\WINDOWS\system32\Wtablet\TabUserW.exe [2003-12-04 18:48:40 77824]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-11-17 19:53:32 688128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
"NoBandCustomize"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXnnkiG]
cbXnnkiG.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2005-05-31 22:46 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winopn32]
winopn32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]
--a------ 2005-07-28 09:29 102400 C:\WINDOWS\ATK0100\HControl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 15:49 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NB Probe]
--a------ 2005-07-27 17:07 765952 C:\Program Files\ASUS\NB Probe\NBProbe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
--------- 2006-04-27 15:45 94208 C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCS]
--------- 2006-04-27 15:47 65536 C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-05-15 00:22 35328 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console]
--a------ 2005-07-22 14:36 57344 C:\Program Files\ASUS\Wireless Console\wcourier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"16586:TCP"= 16586:TCP:NortonAV
"14063:TCP"= 14063:TCP:NortonAV

R0 R592;R592;C:\WINDOWS\system32\DRIVERS\R592.sys [2004-10-15 19:26]
R0 risdpntk;risdpntk;C:\WINDOWS\system32\DRIVERS\risdpntk.sys [2004-10-15 19:26]
S3 Asushwio;Asushwio;C:\WINDOWS\system32\drivers\Asushwio.sys [2000-03-29 14:17]
S3 USB28xxBGA;Pinnacle PCTV DVB-T USB Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2005-11-22 19:04]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2005-11-22 19:04]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-09 13:48:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-31 08:33:35
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-31 8:34:05
ComboFix-quarantined-files.txt 2008-05-31 06:34:04
ComboFix2.txt 2008-05-27 23:24:34

Pre-Run: 13,709,246,464 octets libres
Post-Run: 13,701,939,200 octets libres

347 --- E O F --- 2008-05-29 20:51:26

And here is the kaspersky log:

KASPERSKY ONLINE SCANNER REPORT
Saturday, May 31, 2008 10:11:20 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 31/05/2008
Kaspersky Anti-Virus database records: 816364
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 73299
Number of viruses found: 32
Number of infected objects: 156
Number of suspicious objects: 0
Duration of the scan process: 00:52:14

Infected Object Name / Virus Name / Last Action
C:\QooBox\Quarantine\C\WINDOWS\system32\components\flx1.dll.vir Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\djqixldq.dll.vir Infected: Trojan.Win32.KillAV.rf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\scdrmfbd.dll.vir Infected: Trojan.Win32.KillAV.rf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ddhhdwdp.dll.vir Infected: Trojan.Win32.KillAV.rf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ctcnpenw.dll.vir Infected: Trojan.Win32.Monder.gz skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ejhexlyu.dll.vir Infected: Trojan.Win32.Monder.ij skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gqkmccqf.dll.vir Infected: Trojan.Win32.Monder.kf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nmiujuvd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.tsp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\werrrtul.dll.vir Infected: Trojan.Win32.Monder.dj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\cuialfdu.dll_old.vir Infected: Trojan.Win32.Monder.ik skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\efcArpoP.dll_old.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\htaqtpsk.dll_old.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pgegxbnp.dll_old.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rhblfpam.dll_old.vir Infected: Trojan.Win32.Monder.ik skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rqRkKaBq.dll_old.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.trr skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uhhpgomj.dll_old.vir Infected: Trojan.Win32.Monder.di skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\upudsnbe.dll_old.vir Infected: Trojan.Win32.Monder.dl skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ussshwlu.dll_old.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\AdobeR.exe.vir Infected: Worm.Win32.RJump.a skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{B1C5E8C3-8293-4C44-B41B-C6AAA393A5D9}.bin Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll.zip/opnwqiaa.dll Infected: Trojan.Win32.Monder.cz skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll1.zip/ldknqvmv.dll Infected: Trojan.Win32.Monder.cy skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll2.zip/yueoaxlf.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll3.zip/uncsawbq.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll4.zip/pgegxbnp.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll5.zip/ecpvussk.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll6.zip/nrdhxble.dll Infected: Trojan.Win32.Monder.de skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll7.zip/htaqtpsk.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll7.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll8.zip/ndxjmsne.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll8.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll9.zip/qywswshg.dll Infected: Trojan.Win32.Monder.df skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll9.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll10.zip/upudsnbe.dll Infected: Trojan.Win32.Monder.dl skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll10.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll11.zip/qkovacsk.dll Infected: Trojan.Win32.Monder.dm skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll11.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll12.zip/strltgbb.dll Infected: Trojan.Win32.Monder.dk skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll12.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll13.zip/efcArpoP.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll13.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll14.zip/cuialfdu.dll Infected: Trojan.Win32.Monder.ik skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll14.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll15.zip/navqvbae.dll Infected: Trojan.Win32.Monder.ij skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll15.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll16.zip/rhblfpam.dll Infected: Trojan.Win32.Monder.ik skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll16.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll17.zip/rqRkKaBq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.trr skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll17.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll18.zip/opnwqiaa.dll_old Infected: Trojan.Win32.Monder.cz skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll18.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll22.zip/opnwqiaa.dll_old Infected: Trojan.Win32.Monder.cz skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll22.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll23.zip/ldknqvmv.dll_old Infected: Trojan.Win32.Monder.cy skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll23.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll24.zip/uncsawbq.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll24.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll25.zip/ussshwlu.dll_old Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll25.zip ZIP: infected - 1 skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Dupong Irène\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dupong Irène\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Dupong Irène\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dupong Irène\Local Settings\Historique\History.IE5\MSHist012008053120080601\index.dat Object is locked skipped
C:\Documents and Settings\Dupong Irène\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dupong Irène\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Dupong Irène\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dupong Irène\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dupong Irène\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Dupong Irène\Local Settings\Application Data\Mozilla\Firefox\Profiles\1wfjxx3j.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Dupong Irène\Local Settings\Application Data\Mozilla\Firefox\Profiles\1wfjxx3j.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Dupong Irène\Local Settings\Application Data\Mozilla\Firefox\Profiles\1wfjxx3j.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Dupong Irène\Local Settings\Application Data\Mozilla\Firefox\Profiles\1wfjxx3j.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Dupong Irène\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dupong Irène\Application Data\Mozilla\Firefox\Profiles\1wfjxx3j.default\history.dat Object is locked skipped
C:\Documents and Settings\Dupong Irène\Application Data\Mozilla\Firefox\Profiles\1wfjxx3j.default\cert8.db Object is locked skipped
C:\Documents and Settings\Dupong Irène\Application Data\Mozilla\Firefox\Profiles\1wfjxx3j.default\key3.db Object is locked skipped
C:\Documents and Settings\Dupong Irène\Application Data\Mozilla\Firefox\Profiles\1wfjxx3j.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Dupong Irène\Application Data\Mozilla\Firefox\Profiles\1wfjxx3j.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Dupong Irène\Application Data\Mozilla\Firefox\Profiles\1wfjxx3j.default\parent.lock Object is locked skipped
C:\Documents and Settings\Dupong Irène\Application Data\Mozilla\Firefox\Profiles\1wfjxx3j.default\formhistory.dat Object is locked skipped
C:\Program Files\Morpheus\morpheustoolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037275.dll Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037276.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037277.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037278.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037279.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037280.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037281.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037282.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037283.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037284.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037285.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037286.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037287.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037288.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037289.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037290.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037291.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037292.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037293.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037294.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037295.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037296.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037297.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037298.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037299.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037300.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037301.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037302.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037303.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037304.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037305.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037306.exe Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037307.dll Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037308.dll Infected: Trojan-Downloader.Win32.Zlob.ant skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037309.exe Infected: Trojan-Downloader.Win32.Zlob.yt skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037310.exe Infected: Trojan-Downloader.Win32.Zlob.apm skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037312.exe Infected: Backdoor.Win32.IRCBot.dd skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037313.dll Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037314.exe Infected: Email-Worm.Win32.Rays skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037315.exe Infected: Email-Worm.Win32.Rays skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037316.exe Infected: Email-Worm.Win32.Rays skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037317.exe Infected: Email-Worm.Win32.Rays skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037318.exe Infected: Email-Worm.Win32.Rays skipped
C:\System Volume Information\_restore{596A3259-756B-4151-94C2-1D02782CCCAA}\RP411\A0037319.exe Infe

#10
Rorschach112

Posted 31 May 2008 - 05:58 AM

Ralphie

Retired Staff
47,710 posts

Delete this file in bold

C:\Program Files\Morpheus\morpheustoolbar.exe

Also post a new HijackThis log

#11
iclover

Posted 31 May 2008 - 07:57 AM

Member

Topic Starter
Member
10 posts

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:56:45, on 31/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\yz_dck0083\YzDock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {51C325F2-00A5-45B2-BB69-E2863E8279E4} - C:\WINDOWS\system32\efcArpoP.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8BAC0033-AF00-4694-B0CC-169777C79C9B} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {BC7D8DE8-EF3D-4F44-8B54-03759FAC1367} - (no file)
O2 - BHO: (no name) - {DDF2660A-891F-41F6-85C4-5D8440218114} - C:\WINDOWS\system32\rqRkKaBq.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [isCfgWiz] "C:\Program Files\Fichiers communs\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [e8c34cf4] rundll32.exe "C:\WINDOWS\system32\fwrcsjpf.dll",b
O4 - HKLM\..\Run: [BMebf07f68] Rundll32.exe "C:\WINDOWS\system32\jbmlindy.dll",s
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\Dupong Irène\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Dupong Irène\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Setup.exe" "/REALUPREBOOT /temp /patched"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acmw] "C:\DOCUME~1\DUPONG~1\MESDOC~1\DOBE~1\dexplore.exe" -vt yazr
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Raccourci vers YzDock.lnk = C:\Program Files\yz_dck0083\YzDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Raccourci vers YzDock.lnk = C:\Program Files\yz_dck0083\YzDock.exe (User 'Default user')
O4 - Startup: Raccourci vers YzDock.lnk = C:\Program Files\yz_dck0083\YzDock.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://cloverish.spa...ad/MsnPUpld.cab
O20 - Winlogon Notify: cbXnnkiG - cbXnnkiG.dll (file missing)
O20 - Winlogon Notify: winopn32 - winopn32.dll (file missing)
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/DUPONG~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 12556 bytes

#12
Rorschach112

Posted 31 May 2008 - 08:13 AM

Ralphie

Retired Staff
47,710 posts

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {51C325F2-00A5-45B2-BB69-E2863E8279E4} - C:\WINDOWS\system32\efcArpoP.dll (file missing)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8BAC0033-AF00-4694-B0CC-169777C79C9B} - (no file)
O2 - BHO: (no name) - {BC7D8DE8-EF3D-4F44-8B54-03759FAC1367} - (no file)
O2 - BHO: (no name) - {DDF2660A-891F-41F6-85C4-5D8440218114} - C:\WINDOWS\system32\rqRkKaBq.dll (file missing)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [e8c34cf4] rundll32.exe "C:\WINDOWS\system32\fwrcsjpf.dll",b
O4 - HKLM\..\Run: [BMebf07f68] Rundll32.exe "C:\WINDOWS\system32\jbmlindy.dll",s
O4 - HKCU\..\Run: [Acmw] "C:\DOCUME~1\DUPONG~1\MESDOC~1\DOBE~1\dexplore.exe" -vt yazr
O20 - Winlogon Notify: cbXnnkiG - cbXnnkiG.dll (file missing)
O20 - Winlogon Notify: winopn32 - winopn32.dll (file missing)
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Reboot and post a new HijackThis log

#13
iclover

Posted 31 May 2008 - 08:47 AM

Member

Topic Starter
Member
10 posts

Malwarebytes' Anti-Malware 1.14
Database version: 807

16:41:18 31/05/2008
mbam-log-5-31-2008 (16-41-18).txt

Scan type: Quick Scan
Objects scanned: 34439
Time elapsed: 4 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (StartMenu.Hijack) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowNetPlaces (StartMenu.Hijack) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (StartMenu.Hijack) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47:28, on 31/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\yz_dck0083\YzDock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [isCfgWiz] "C:\Program Files\Fichiers communs\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [e8c34cf4] rundll32.exe "C:\WINDOWS\system32\fwrcsjpf.dll",b
O4 - HKLM\..\Run: [BMebf07f68] Rundll32.exe "C:\WINDOWS\system32\jbmlindy.dll",s
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\Dupong Irène\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Dupong Irène\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Setup.exe" "/REALUPREBOOT /temp /patched"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Acmw] "C:\DOCUME~1\DUPONG~1\MESDOC~1\DOBE~1\dexplore.exe" -vt yazr
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Raccourci vers YzDock.lnk = C:\Program Files\yz_dck0083\YzDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Raccourci vers YzDock.lnk = C:\Program Files\yz_dck0083\YzDock.exe (User 'Default user')
O4 - Startup: Raccourci vers YzDock.lnk = C:\Program Files\yz_dck0083\YzDock.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://cloverish.spa...ad/MsnPUpld.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/DUPONG~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 11648 bytes

#14
Rorschach112

Posted 31 May 2008 - 09:00 AM

Ralphie

Retired Staff
47,710 posts

Hello

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
In the File menu click "Exit" to exit Spybot Search & Destroy.

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [e8c34cf4] rundll32.exe "C:\WINDOWS\system32\fwrcsjpf.dll",b
O4 - HKLM\..\Run: [BMebf07f68] Rundll32.exe "C:\WINDOWS\system32\jbmlindy.dll",s
O4 - HKCU\..\Run: [Acmw] "C:\DOCUME~1\DUPONG~1\MESDOC~1\DOBE~1\dexplore.exe" -vt yazr

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Reboot and post a new HijackThis log

#15
iclover

Posted 31 May 2008 - 10:03 AM

Member

Topic Starter
Member
10 posts

I think i finally got them fixed, here is the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:03:30, on 31/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\yz_dck0083\YzDock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [isCfgWiz] "C:\Program Files\Fichiers communs\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\Dupong Irène\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Dupong Irène\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Setup.exe" "/REALUPREBOOT /temp /patched"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Raccourci vers YzDock.lnk = C:\Program Files\yz_dck0083\YzDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Raccourci vers YzDock.lnk = C:\Program Files\yz_dck0083\YzDock.exe (User 'Default user')
O4 - Startup: Raccourci vers YzDock.lnk = C:\Program Files\yz_dck0083\YzDock.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://cloverish.spa...ad/MsnPUpld.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/DUPONG~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 10792 bytes

Edited by iclover, 31 May 2008 - 10:15 AM.