And nope. The only firewall in the laptop is the Windows firewall.
VBS/Autorun.worm.zo, Yuyun_Cantix and no connectivity.
Started by
Greki
, Mar 28 2010 04:36 PM
#61
Posted 02 April 2010 - 08:14 PM
Greki
- Topic Starter
-
- Member
-
- 78 posts
Member
And nope. The only firewall in the laptop is the Windows firewall.
#62
Posted 02 April 2010 - 08:24 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Try a different address. Add about 5 to the last number. See if that works.
If it doesn't then try:
Start, Run, CMD, OK to open a command prompt.
netsh winsock reset catalog
netsh int ip reset reset.log
Reboot the machine.
Ron
Does the cable work if you plug it into your PC?
If it doesn't then try:
Start, Run, CMD, OK to open a command prompt.
netsh winsock reset catalog
netsh int ip reset reset.log
Reboot the machine.
Ron
Does the cable work if you plug it into your PC?
#63
Posted 02 April 2010 - 08:46 PM
Greki
- Topic Starter
-
- Member
-
- 78 posts
Member
Hmmm... the small PC tray icon is connecting perpetually and doesn't seem to decide whether it wants to stay logged in or just simply say its not connected.
The cable works fine in the good PC, that's how I got it connected. Should I try it out on the laptop, while I run the last scans and everything? (Gotta say, though, that I'd have to disconnect this PC).
The cable works fine in the good PC, that's how I got it connected. Should I try it out on the laptop, while I run the last scans and everything? (Gotta say, though, that I'd have to disconnect this PC).
#65
Posted 02 April 2010 - 09:07 PM
Greki
- Topic Starter
-
- Member
-
- 78 posts
Member
The cable worked. I'm connected from the laptop.
#66
Posted 02 April 2010 - 09:13 PM
Greki
- Topic Starter
-
- Member
-
- 78 posts
Member
Okay. I updated MBAM;
#67
Posted 02 April 2010 - 09:29 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Great. Let's run MBAM and Combofix again just to make sure we are clean.
We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f
I usually recommend a free BitDefender online scan as a final check to see if we missed anything. http://www.bitdefend...nline/free.html
If windows blocks the active x then try putting Bitdefender in your trusted sites: In IE, Tool, Internet Options, Security, Trusted Sites, Sites. Then uncheck the HTTPS box and put in *.bitdefender.com then ADD. OK.
Also update Java and then remove any old version. Latest version is 6.19 but 6.18 is OK. Anything else should be uninstalled. Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.
I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html
It's a small program that will sit in your systray and warn you if something tries to make changes to your system.
Ron
We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f
I usually recommend a free BitDefender online scan as a final check to see if we missed anything. http://www.bitdefend...nline/free.html
If windows blocks the active x then try putting Bitdefender in your trusted sites: In IE, Tool, Internet Options, Security, Trusted Sites, Sites. Then uncheck the HTTPS box and put in *.bitdefender.com then ADD. OK.
Also update Java and then remove any old version. Latest version is 6.19 but 6.18 is OK. Anything else should be uninstalled. Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.
I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html
It's a small program that will sit in your systray and warn you if something tries to make changes to your system.
Ron
#68
Posted 02 April 2010 - 10:17 PM
Greki
- Topic Starter
-
- Member
-
- 78 posts
Member
MBAM didn't detect anything.
Here's the Combofix log:
ComboFix 10-04-01.02 - Utilisateur 02/04/2010 21:58:04.7.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1014.342 [GMT -6:00]
Lancé depuis: c:\documents and settings\Utilisateur\Bureau\george1.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.
c:\windows\AppPatch\AcAdProc.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-03 au 2010-04-03 ))))))))))))))))))))))))))))))))))))
.
2010-04-03 03:12 . 2010-04-03 03:12 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-04-03 03:12 . 2010-04-03 03:12 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-04-03 03:12 . 2010-04-03 03:12 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-04-03 03:12 . 2010-04-03 03:12 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-04-03 03:11 . 2010-04-03 03:11 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-04-03 03:11 . 2010-04-03 03:11 4250976 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-04-03 03:11 . 2010-04-03 03:11 341272 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxch32.dll
2010-04-03 03:11 . 2010-04-03 03:11 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-04-03 03:11 . 2010-04-03 03:11 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-04-03 03:11 . 2010-04-03 03:11 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-04-03 03:11 . 2010-04-03 03:11 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-04-03 03:11 . 2010-04-03 03:11 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-04-03 03:11 . 2010-04-03 03:11 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-04-03 03:09 . 2010-04-03 03:09 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-03 03:09 . 2010-04-03 03:09 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-03 03:09 . 2010-04-03 03:09 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-02 00:23 . 2010-04-02 00:23 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\WMTools Downloaded Files
2010-03-31 07:36 . 2010-03-31 07:36 -------- d-----w- C:\_OTL
2010-03-30 00:14 . 2010-03-30 00:24 -------- d-----w- C:\george
2010-03-29 02:18 . 2010-03-29 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Autorun Eater
2010-03-29 02:18 . 2010-03-31 21:52 -------- d-----w- c:\program files\Autorun Eater
2010-03-29 02:14 . 2010-03-29 02:14 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Malwarebytes
2010-03-29 02:14 . 2010-03-30 06:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 02:14 . 2010-03-29 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-29 02:14 . 2010-04-03 03:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-29 02:14 . 2010-03-30 06:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 02:06 . 2010-03-29 04:44 -------- d-----w- c:\program files\ERUNT
2010-03-22 21:44 . 2010-03-29 04:55 -------- d-----w- c:\program files\Recuva
2010-03-18 05:32 . 2010-04-03 03:03 439816 ----a-w- c:\documents and settings\Utilisateur\Application Data\Real\Update\setup3.10\setup.exe
2010-03-16 00:30 . 2010-03-16 03:59 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\IObit
2010-03-15 22:24 . 2010-03-15 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-03-15 22:24 . 2010-03-29 04:44 -------- d-----w- c:\program files\IObit
2010-03-15 21:37 . 2010-03-29 04:17 -------- d-----w- C:\$AVG
2010-03-15 21:17 . 2010-03-15 21:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-15 21:17 . 2010-03-15 21:17 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-15 21:17 . 2010-03-15 21:17 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-15 21:17 . 2010-03-15 21:17 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-15 21:17 . 2010-04-03 03:12 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-15 21:16 . 2010-03-29 04:37 -------- d-----w- c:\program files\AVG
2010-03-15 21:16 . 2010-03-15 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-15 20:10 . 2010-03-29 05:00 -------- d-----w- c:\windows\BDOSCAN8
2010-03-15 19:57 . 2010-03-15 20:02 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\QuickScan
2010-03-15 19:57 . 2010-03-06 00:33 791456 ----a-w- c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\4xmwg7xk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-03-15 19:57 . 2010-03-06 00:03 629152 ----a-w- c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\4xmwg7xk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-03 04:00 . 2009-06-08 21:50 82172 ----a-w- c:\windows\system32\perfc00C.dat
2010-04-03 04:00 . 2009-06-08 21:50 504226 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-31 22:24 . 2009-06-08 21:53 -------- d-----w- c:\program files\ASUS
2010-03-31 22:21 . 2010-03-31 22:21 449 ----a-w- c:\program files\Raccourci vers ASUS.lnk
2010-03-31 08:33 . 2009-06-08 20:06 -------- d-----w- c:\program files\Services en ligne
2010-03-29 04:54 . 2009-06-08 22:02 -------- d-----w- c:\program files\Windows Live
2010-03-29 04:53 . 2009-06-09 14:17 -------- d-----w- c:\program files\SRS Labs
2010-03-29 04:52 . 2009-09-17 12:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-29 04:52 . 2009-09-17 13:09 -------- d-----w- c:\program files\Reference Assemblies
2010-03-29 04:50 . 2009-09-17 12:23 -------- d-----w- c:\program files\OpenOffice.org 3
2010-03-29 04:47 . 2009-09-17 13:09 -------- d-----w- c:\program files\MSBuild
2010-03-29 04:44 . 2009-09-17 12:23 -------- d-----w- c:\program files\JRE
2010-03-29 04:44 . 2009-06-08 21:14 -------- d-----w- c:\program files\Intel
2010-03-29 04:44 . 2009-06-08 21:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-29 04:44 . 2009-10-17 20:12 -------- d-----w- c:\program files\Google
2010-03-29 04:44 . 2009-07-15 07:54 -------- d-----w- c:\program files\EeePC
2010-03-29 04:44 . 2009-09-17 12:10 -------- d-----w- c:\program files\DynGate
2010-03-29 04:44 . 2009-09-22 16:38 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-03-29 04:42 . 2009-06-08 22:02 -------- d-----w- c:\program files\Microsoft
2010-03-29 04:42 . 2009-06-08 20:09 -------- d-----w- c:\program files\microsoft frontpage
2010-03-29 04:38 . 2009-09-17 12:10 -------- d-----w- c:\program files\CyberLink
2010-03-29 04:37 . 2009-06-08 21:19 -------- d-----w- c:\program files\Atheros
2010-03-29 04:37 . 2009-09-17 12:12 -------- d-----w- c:\program files\Alwil Software
2010-03-27 02:12 . 2009-10-05 02:47 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Skype
2010-03-26 22:03 . 2009-10-05 02:49 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\skypePM
2010-03-16 00:26 . 2009-09-17 12:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-11 15:34 . 2009-06-08 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-09 19:49 . 2010-02-22 17:54 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\U3
2010-02-02 16:27 . 2009-09-19 09:52 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\dvdcss
2010-01-15 11:46 . 2009-09-17 15:21 74632 -c--a-w- c:\documents and settings\Utilisateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( SnapShot@2010-03-30_00.21.55 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-06-08 21:50 . 2010-03-30 00:14 68804 c:\windows\system32\perfc009.dat
+ 2009-06-08 21:50 . 2010-04-03 04:00 68804 c:\windows\system32\perfc009.dat
+ 2009-06-08 21:50 . 2010-04-03 04:00 435908 c:\windows\system32\perfh009.dat
- 2009-06-08 21:50 . 2010-03-30 00:14 435908 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2008-07-25 09:16 282112 ----a-w- c:\windows\system32\mscoree.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2008-07-25 09:16 282112 ----a-w- c:\windows\system32\mscoree.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-05-19 3417336]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-06-16 397312]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-17 39408]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-02-08 2343632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-11 17881600]
"EasyMode"="c:\program files\\ASUS\\Easy Mode\\Easy Mode.exe" [2009-03-18 1249280]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-06 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-06 354840]
"PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2009-07-06 96792]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-06-18 696320]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-05-08 98304]
"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2009-06-25 712704]
"EeeStorageBackup"="c:\program files\ASUS\Eee Storage\BackupService.exe" [2009-06-08 935184]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-07-15 3054136]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-10-17 198160]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]
"Autorun Eater"="c:\program files\Autorun Eater\oldmcdonald.exe" [2009-05-27 549400]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-15 21:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin]
2009-06-24 22:13 65536 ----a-w- c:\windows\system32\igdlogin.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Utilisateur^Menu Démarrer^Programmes^Démarrage^ERUNT AutoBackup.lnk]
path=c:\documents and settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15/03/2010 15:17 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [15/03/2010 15:17 242696]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15/03/2010 15:16 308064]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [15/03/2010 16:24 311568]
R2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [19/05/2009 10:29 107744]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [15/07/2009 01:54 5097632]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [29/04/2009 03:10 38912]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [09/06/2009 08:17 233512]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [21/04/2009 05:25 39040]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22/09/2009 10:32 685816]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 12:13 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [08/06/2009 15:16 1684736]
.
Contenu du dossier 'Tâches planifiées'
2010-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:13]
2010-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:13]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\4xmwg7xk.default\
FF - component: c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\4xmwg7xk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\4xmwg7xk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-02 22:04
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(2044)
c:\program files\ASUS\Eee Storage\XPClient.dll
c:\program files\ASUS\Eee Storage\LogicNP.EZShellExtensions.dll
c:\program files\ASUS\Eee Storage\EcaremeDLL.dll
c:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3446.18361__0d0f4b69e50e559b\SqliteShared.dll
c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2010-04-02 22:07:36
ComboFix-quarantined-files.txt 2010-04-03 04:07
ComboFix2.txt 2010-03-31 06:05
ComboFix3.txt 2010-03-30 00:24
Avant-CF: 60 827 512 832 octets libres
Après-CF: 60 796 743 680 octets libres
- - End Of File - - B06279808CFE3353BDC0E3B1C3E9FC41
I'll proceed to install, Avast, Winpatrol and the other updates after I scan with Bitdefender and clean System Restore, or do I install Avast first?
Do I unistall Combofix now or after the Bitdefender scan?
Here's the Combofix log:
ComboFix 10-04-01.02 - Utilisateur 02/04/2010 21:58:04.7.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1014.342 [GMT -6:00]
Lancé depuis: c:\documents and settings\Utilisateur\Bureau\george1.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.
c:\windows\AppPatch\AcAdProc.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-03 au 2010-04-03 ))))))))))))))))))))))))))))))))))))
.
2010-04-03 03:12 . 2010-04-03 03:12 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-04-03 03:12 . 2010-04-03 03:12 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-04-03 03:12 . 2010-04-03 03:12 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-04-03 03:12 . 2010-04-03 03:12 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-04-03 03:11 . 2010-04-03 03:11 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-04-03 03:11 . 2010-04-03 03:11 4250976 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-04-03 03:11 . 2010-04-03 03:11 341272 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxch32.dll
2010-04-03 03:11 . 2010-04-03 03:11 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-04-03 03:11 . 2010-04-03 03:11 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-04-03 03:11 . 2010-04-03 03:11 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-04-03 03:11 . 2010-04-03 03:11 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-04-03 03:11 . 2010-04-03 03:11 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-04-03 03:11 . 2010-04-03 03:11 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-04-03 03:09 . 2010-04-03 03:09 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-03 03:09 . 2010-04-03 03:09 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-03 03:09 . 2010-04-03 03:09 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-02 00:23 . 2010-04-02 00:23 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\WMTools Downloaded Files
2010-03-31 07:36 . 2010-03-31 07:36 -------- d-----w- C:\_OTL
2010-03-30 00:14 . 2010-03-30 00:24 -------- d-----w- C:\george
2010-03-29 02:18 . 2010-03-29 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Autorun Eater
2010-03-29 02:18 . 2010-03-31 21:52 -------- d-----w- c:\program files\Autorun Eater
2010-03-29 02:14 . 2010-03-29 02:14 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Malwarebytes
2010-03-29 02:14 . 2010-03-30 06:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 02:14 . 2010-03-29 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-29 02:14 . 2010-04-03 03:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-29 02:14 . 2010-03-30 06:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 02:06 . 2010-03-29 04:44 -------- d-----w- c:\program files\ERUNT
2010-03-22 21:44 . 2010-03-29 04:55 -------- d-----w- c:\program files\Recuva
2010-03-18 05:32 . 2010-04-03 03:03 439816 ----a-w- c:\documents and settings\Utilisateur\Application Data\Real\Update\setup3.10\setup.exe
2010-03-16 00:30 . 2010-03-16 03:59 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\IObit
2010-03-15 22:24 . 2010-03-15 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-03-15 22:24 . 2010-03-29 04:44 -------- d-----w- c:\program files\IObit
2010-03-15 21:37 . 2010-03-29 04:17 -------- d-----w- C:\$AVG
2010-03-15 21:17 . 2010-03-15 21:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-15 21:17 . 2010-03-15 21:17 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-15 21:17 . 2010-03-15 21:17 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-15 21:17 . 2010-03-15 21:17 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-15 21:17 . 2010-04-03 03:12 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-15 21:16 . 2010-03-29 04:37 -------- d-----w- c:\program files\AVG
2010-03-15 21:16 . 2010-03-15 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-15 20:10 . 2010-03-29 05:00 -------- d-----w- c:\windows\BDOSCAN8
2010-03-15 19:57 . 2010-03-15 20:02 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\QuickScan
2010-03-15 19:57 . 2010-03-06 00:33 791456 ----a-w- c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\4xmwg7xk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-03-15 19:57 . 2010-03-06 00:03 629152 ----a-w- c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\4xmwg7xk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-03 04:00 . 2009-06-08 21:50 82172 ----a-w- c:\windows\system32\perfc00C.dat
2010-04-03 04:00 . 2009-06-08 21:50 504226 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-31 22:24 . 2009-06-08 21:53 -------- d-----w- c:\program files\ASUS
2010-03-31 22:21 . 2010-03-31 22:21 449 ----a-w- c:\program files\Raccourci vers ASUS.lnk
2010-03-31 08:33 . 2009-06-08 20:06 -------- d-----w- c:\program files\Services en ligne
2010-03-29 04:54 . 2009-06-08 22:02 -------- d-----w- c:\program files\Windows Live
2010-03-29 04:53 . 2009-06-09 14:17 -------- d-----w- c:\program files\SRS Labs
2010-03-29 04:52 . 2009-09-17 12:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-29 04:52 . 2009-09-17 13:09 -------- d-----w- c:\program files\Reference Assemblies
2010-03-29 04:50 . 2009-09-17 12:23 -------- d-----w- c:\program files\OpenOffice.org 3
2010-03-29 04:47 . 2009-09-17 13:09 -------- d-----w- c:\program files\MSBuild
2010-03-29 04:44 . 2009-09-17 12:23 -------- d-----w- c:\program files\JRE
2010-03-29 04:44 . 2009-06-08 21:14 -------- d-----w- c:\program files\Intel
2010-03-29 04:44 . 2009-06-08 21:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-29 04:44 . 2009-10-17 20:12 -------- d-----w- c:\program files\Google
2010-03-29 04:44 . 2009-07-15 07:54 -------- d-----w- c:\program files\EeePC
2010-03-29 04:44 . 2009-09-17 12:10 -------- d-----w- c:\program files\DynGate
2010-03-29 04:44 . 2009-09-22 16:38 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-03-29 04:42 . 2009-06-08 22:02 -------- d-----w- c:\program files\Microsoft
2010-03-29 04:42 . 2009-06-08 20:09 -------- d-----w- c:\program files\microsoft frontpage
2010-03-29 04:38 . 2009-09-17 12:10 -------- d-----w- c:\program files\CyberLink
2010-03-29 04:37 . 2009-06-08 21:19 -------- d-----w- c:\program files\Atheros
2010-03-29 04:37 . 2009-09-17 12:12 -------- d-----w- c:\program files\Alwil Software
2010-03-27 02:12 . 2009-10-05 02:47 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Skype
2010-03-26 22:03 . 2009-10-05 02:49 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\skypePM
2010-03-16 00:26 . 2009-09-17 12:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-11 15:34 . 2009-06-08 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-09 19:49 . 2010-02-22 17:54 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\U3
2010-02-02 16:27 . 2009-09-19 09:52 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\dvdcss
2010-01-15 11:46 . 2009-09-17 15:21 74632 -c--a-w- c:\documents and settings\Utilisateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( SnapShot@2010-03-30_00.21.55 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-06-08 21:50 . 2010-03-30 00:14 68804 c:\windows\system32\perfc009.dat
+ 2009-06-08 21:50 . 2010-04-03 04:00 68804 c:\windows\system32\perfc009.dat
+ 2009-06-08 21:50 . 2010-04-03 04:00 435908 c:\windows\system32\perfh009.dat
- 2009-06-08 21:50 . 2010-03-30 00:14 435908 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2008-07-25 09:16 282112 ----a-w- c:\windows\system32\mscoree.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2008-07-25 09:16 282112 ----a-w- c:\windows\system32\mscoree.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-05-19 3417336]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-06-16 397312]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-17 39408]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-02-08 2343632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-11 17881600]
"EasyMode"="c:\program files\\ASUS\\Easy Mode\\Easy Mode.exe" [2009-03-18 1249280]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-06 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-06 354840]
"PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2009-07-06 96792]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-06-18 696320]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-05-08 98304]
"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2009-06-25 712704]
"EeeStorageBackup"="c:\program files\ASUS\Eee Storage\BackupService.exe" [2009-06-08 935184]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-07-15 3054136]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-10-17 198160]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]
"Autorun Eater"="c:\program files\Autorun Eater\oldmcdonald.exe" [2009-05-27 549400]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-15 21:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin]
2009-06-24 22:13 65536 ----a-w- c:\windows\system32\igdlogin.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Utilisateur^Menu Démarrer^Programmes^Démarrage^ERUNT AutoBackup.lnk]
path=c:\documents and settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15/03/2010 15:17 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [15/03/2010 15:17 242696]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15/03/2010 15:16 308064]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [15/03/2010 16:24 311568]
R2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [19/05/2009 10:29 107744]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [15/07/2009 01:54 5097632]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [29/04/2009 03:10 38912]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [09/06/2009 08:17 233512]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [21/04/2009 05:25 39040]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22/09/2009 10:32 685816]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 12:13 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [08/06/2009 15:16 1684736]
.
Contenu du dossier 'Tâches planifiées'
2010-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:13]
2010-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:13]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\4xmwg7xk.default\
FF - component: c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\4xmwg7xk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\4xmwg7xk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-02 22:04
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(2044)
c:\program files\ASUS\Eee Storage\XPClient.dll
c:\program files\ASUS\Eee Storage\LogicNP.EZShellExtensions.dll
c:\program files\ASUS\Eee Storage\EcaremeDLL.dll
c:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3446.18361__0d0f4b69e50e559b\SqliteShared.dll
c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2010-04-02 22:07:36
ComboFix-quarantined-files.txt 2010-04-03 04:07
ComboFix2.txt 2010-03-31 06:05
ComboFix3.txt 2010-03-30 00:24
Avant-CF: 60 827 512 832 octets libres
Après-CF: 60 796 743 680 octets libres
- - End Of File - - B06279808CFE3353BDC0E3B1C3E9FC41
I'll proceed to install, Avast, Winpatrol and the other updates after I scan with Bitdefender and clean System Restore, or do I install Avast first?
Do I unistall Combofix now or after the Bitdefender scan?
Edited by Greki, 02 April 2010 - 10:18 PM.
#69
Posted 03 April 2010 - 12:48 AM
Greki
- Topic Starter
-
- Member
-
- 78 posts
Member
Okay, Bit Defender caught the following:
Trojan.Lnk.Runner.A
Trojan.Lnk.Runner.B
Win32.Worm.Palevo.N
In places such as these (I didn't add all the ones from E: because they were... many):
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003170.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003171.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003172.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003173.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003174.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003175.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003177.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003178.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003884.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003885.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003886.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003887.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003888.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003889.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003890.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003891.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003892.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003893.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003894.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003895.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003896.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003897.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003898.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003899.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003900.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003901.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003902.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003903.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003904.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003905.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003906.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003907.lnk
E:\System Volume Information\_restore{AF9E44F7-C1D8-4702-8FA1-FD4274DC5CC8}\RP48\A0035723.lnk
E:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP1\A0001774.lnk
E:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP1\A0001775.exe
And deleted them, which is curious because I thought I had deleted all .lnk files myself.
Anyway, do I uninstall Combofix to install Avast and perform a quick scan? Or do I first clean up System Restore?
Trojan.Lnk.Runner.A
Trojan.Lnk.Runner.B
Win32.Worm.Palevo.N
In places such as these (I didn't add all the ones from E: because they were... many):
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003170.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003171.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003172.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003173.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003174.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003175.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003177.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003178.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003884.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003885.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003886.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003887.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003888.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003889.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003890.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003891.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003892.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003893.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003894.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003895.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003896.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003897.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003898.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003899.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003900.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003901.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003902.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003903.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003904.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003905.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003906.lnk
D:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP2\A0003907.lnk
E:\System Volume Information\_restore{AF9E44F7-C1D8-4702-8FA1-FD4274DC5CC8}\RP48\A0035723.lnk
E:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP1\A0001774.lnk
E:\System Volume Information\_restore{4DE446B4-E797-4967-BFAF-C9FA9070F7C4}\RP1\A0001775.exe
And deleted them, which is curious because I thought I had deleted all .lnk files myself.
Anyway, do I uninstall Combofix to install Avast and perform a quick scan? Or do I first clean up System Restore?
#70
Posted 03 April 2010 - 01:09 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
I'm wondering what this does:
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2008-07-25 09:16 282112 ----a-w- c:\windows\system32\mscoree.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2008-07-25 09:16 282112 ----a-w- c:\windows\system32\mscoree.dll
Do you have any icons that look funny? Apparently that is what the above does.
The System Volume Information is the system restore copies. That's why I asked you to follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f
That would have removed the old System Restore files.
I know your IT people like IObit Security 360 & Advanced SystemCare but I don't trust them. IOBIT is a ripoff copy of MBAM & Advanced System Care can do more bad than good so I think it would be best to uninstall them.
If we need to remove those two registry entries it would be best to keep Combofix until after we remove them.
Ron
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2008-07-25 09:16 282112 ----a-w- c:\windows\system32\mscoree.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2008-07-25 09:16 282112 ----a-w- c:\windows\system32\mscoree.dll
Do you have any icons that look funny? Apparently that is what the above does.
The System Volume Information is the system restore copies. That's why I asked you to follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f
That would have removed the old System Restore files.
I know your IT people like IObit Security 360 & Advanced SystemCare but I don't trust them. IOBIT is a ripoff copy of MBAM & Advanced System Care can do more bad than good so I think it would be best to uninstall them.
If we need to remove those two registry entries it would be best to keep Combofix until after we remove them.
Ron
#71
Posted 03 April 2010 - 01:19 AM
Greki
- Topic Starter
-
- Member
-
- 78 posts
Member
Oh, yes, I was gonna unistall IObit and Advanced System care but first I wanted to get the scan and such out of the way. I'll uninstall them now.
And the WinPatrol setup icon got changed from the dog look-alike icon to a red arrow pointing downwards... But other than that, I don't think there's anything. A little while ago, though, I had issues with Windows Explorer. Whenever I tried to right-click any document, an error appeared saying that Windows Explorer had to close (which wasn't even open, btw).
Let me, then, clean the System Restore.
And the WinPatrol setup icon got changed from the dog look-alike icon to a red arrow pointing downwards... But other than that, I don't think there's anything. A little while ago, though, I had issues with Windows Explorer. Whenever I tried to right-click any document, an error appeared saying that Windows Explorer had to close (which wasn't even open, btw).
Let me, then, clean the System Restore.
#72
Posted 03 April 2010 - 01:32 AM
Greki
- Topic Starter
-
- Member
-
- 78 posts
Member
Okay, I uninstalled IObit's software and cleaned up System Restore.
#73
Posted 03 April 2010 - 08:49 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Windows Explorer is also used to provide the desktop so it is always running. There should be something in the event logs about it. Start, Run, eventvwr.msc, OK to bing up the event logs. Open System by double clicking on it and look for entries with a red mark and a time stamp about when the problem happened. Double click on the entry. There are three buttons in a column. Click on the bottom one to copy the text then move to a reply and paste it in.
I think we should remove those registry entries.
Copy the text between the lines of stars by highlighting and Ctrl + c.
******************************************
Killall:
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
[-HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
[-HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
******************************************
Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.
Drag it over to george and let it start as before.
Post the new log.
Be sure and get all of the Microsoft security upgrades before you give it back to her. It's been off line long enough to be missing a few. Make sure it's getting the update automatically.
Ron
I think we should remove those registry entries.
Copy the text between the lines of stars by highlighting and Ctrl + c.
******************************************
Killall:
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
[-HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
[-HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
******************************************
Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.
Drag it over to george and let it start as before.
Post the new log.
Be sure and get all of the Microsoft security upgrades before you give it back to her. It's been off line long enough to be missing a few. Make sure it's getting the update automatically.
Ron
#74
Posted 03 April 2010 - 02:39 PM
Greki
- Topic Starter
-
- Member
-
- 78 posts
Member
I'm currently running Combofix. Here's the error entry:
Type de l'événement : Erreur
Source de l'événement : Service Control Manager
Catégorie de l'événement : Aucun
ID de l'événement : 7023
Date : 02/04/2010
Heure : 23:29:55
Utilisateur : N/A
Ordinateur : YOUR-2NALM312DA
Description :
Le service Gestion d'applications s'est arrêté avec l'erreur :
Le module spécifié est introuvable.
Pour plus d'informations, consultez le centre Aide et support à l'adresse http://go.microsoft....link/events.asp.
Type de l'événement : Erreur
Source de l'événement : Service Control Manager
Catégorie de l'événement : Aucun
ID de l'événement : 7023
Date : 02/04/2010
Heure : 23:29:55
Utilisateur : N/A
Ordinateur : YOUR-2NALM312DA
Description :
Le service Gestion d'applications s'est arrêté avec l'erreur :
Le module spécifié est introuvable.
Pour plus d'informations, consultez le centre Aide et support à l'adresse http://go.microsoft....link/events.asp.
Edited by Greki, 03 April 2010 - 03:04 PM.
#75
Posted 03 April 2010 - 03:03 PM
Greki
- Topic Starter
-
- Member
-
- 78 posts
Member
ComboFix 10-04-01.02 - Utilisateur 03/04/2010 14:41:13.8.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1014.468 [GMT -6:00]
Lancé depuis: c:\documents and settings\Utilisateur\Bureau\george1.exe
Commutateurs utilisés :: c:\documents and settings\Utilisateur\Bureau\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-03 au 2010-04-03 ))))))))))))))))))))))))))))))))))))
.
2010-04-03 03:12 . 2010-04-03 03:12 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-04-03 03:12 . 2010-04-03 03:12 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-04-03 03:12 . 2010-04-03 03:12 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-04-03 03:12 . 2010-04-03 03:12 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-04-03 03:11 . 2010-04-03 03:11 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-04-03 03:11 . 2010-04-03 03:11 4250976 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-04-03 03:11 . 2010-04-03 03:11 341272 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxch32.dll
2010-04-03 03:11 . 2010-04-03 03:11 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-04-03 03:11 . 2010-04-03 03:11 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-04-03 03:11 . 2010-04-03 03:11 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-04-03 03:11 . 2010-04-03 03:11 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-04-03 03:11 . 2010-04-03 03:11 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-04-03 03:11 . 2010-04-03 03:11 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-04-03 03:09 . 2010-04-03 03:09 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-03 03:09 . 2010-04-03 03:09 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-03 03:09 . 2010-04-03 03:09 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-02 00:23 . 2010-04-02 00:23 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\WMTools Downloaded Files
2010-03-31 07:36 . 2010-03-31 07:36 -------- d-----w- C:\_OTL
2010-03-30 00:14 . 2010-03-30 00:24 -------- d-----w- C:\george
2010-03-29 02:18 . 2010-03-29 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Autorun Eater
2010-03-29 02:18 . 2010-03-31 21:52 -------- d-----w- c:\program files\Autorun Eater
2010-03-29 02:14 . 2010-03-29 02:14 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Malwarebytes
2010-03-29 02:14 . 2010-03-30 06:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 02:14 . 2010-03-29 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-29 02:14 . 2010-04-03 03:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-29 02:14 . 2010-03-30 06:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 02:06 . 2010-03-29 04:44 -------- d-----w- c:\program files\ERUNT
2010-03-22 21:44 . 2010-03-29 04:55 -------- d-----w- c:\program files\Recuva
2010-03-18 05:32 . 2010-04-03 03:03 439816 ----a-w- c:\documents and settings\Utilisateur\Application Data\Real\Update\setup3.10\setup.exe
2010-03-16 00:30 . 2010-03-16 03:59 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\IObit
2010-03-15 22:24 . 2010-03-15 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-03-15 22:24 . 2010-03-29 04:44 -------- d-----w- c:\program files\IObit
2010-03-15 21:37 . 2010-03-29 04:17 -------- d-----w- C:\$AVG
2010-03-15 21:17 . 2010-03-15 21:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-15 21:17 . 2010-03-15 21:17 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-15 21:17 . 2010-03-15 21:17 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-15 21:17 . 2010-03-15 21:17 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-15 21:17 . 2010-04-03 03:12 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-15 21:16 . 2010-03-29 04:37 -------- d-----w- c:\program files\AVG
2010-03-15 21:16 . 2010-03-15 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-15 20:10 . 2010-04-03 05:16 -------- d-----w- c:\windows\BDOSCAN8
2010-03-15 19:57 . 2010-03-15 20:02 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\QuickScan
2010-03-15 19:57 . 2010-03-06 00:33 791456 ----a-w- c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\4xmwg7xk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-03-15 19:57 . 2010-03-06 00:03 629152 ----a-w- c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\4xmwg7xk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-03 20:44 . 2009-06-08 21:50 82172 ----a-w- c:\windows\system32\perfc00C.dat
2010-04-03 20:44 . 2009-06-08 21:50 504226 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-31 22:24 . 2009-06-08 21:53 -------- d-----w- c:\program files\ASUS
2010-03-31 22:21 . 2010-03-31 22:21 449 ----a-w- c:\program files\Raccourci vers ASUS.lnk
2010-03-31 08:33 . 2009-06-08 20:06 -------- d-----w- c:\program files\Services en ligne
2010-03-29 04:54 . 2009-06-08 22:02 -------- d-----w- c:\program files\Windows Live
2010-03-29 04:53 . 2009-06-09 14:17 -------- d-----w- c:\program files\SRS Labs
2010-03-29 04:52 . 2009-09-17 12:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-29 04:52 . 2009-09-17 13:09 -------- d-----w- c:\program files\Reference Assemblies
2010-03-29 04:50 . 2009-09-17 12:23 -------- d-----w- c:\program files\OpenOffice.org 3
2010-03-29 04:47 . 2009-09-17 13:09 -------- d-----w- c:\program files\MSBuild
2010-03-29 04:44 . 2009-09-17 12:23 -------- d-----w- c:\program files\JRE
2010-03-29 04:44 . 2009-06-08 21:14 -------- d-----w- c:\program files\Intel
2010-03-29 04:44 . 2009-06-08 21:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-29 04:44 . 2009-10-17 20:12 -------- d-----w- c:\program files\Google
2010-03-29 04:44 . 2009-07-15 07:54 -------- d-----w- c:\program files\EeePC
2010-03-29 04:44 . 2009-09-17 12:10 -------- d-----w- c:\program files\DynGate
2010-03-29 04:44 . 2009-09-22 16:38 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-03-29 04:42 . 2009-06-08 22:02 -------- d-----w- c:\program files\Microsoft
2010-03-29 04:42 . 2009-06-08 20:09 -------- d-----w- c:\program files\microsoft frontpage
2010-03-29 04:38 . 2009-09-17 12:10 -------- d-----w- c:\program files\CyberLink
2010-03-29 04:37 . 2009-06-08 21:19 -------- d-----w- c:\program files\Atheros
2010-03-29 04:37 . 2009-09-17 12:12 -------- d-----w- c:\program files\Alwil Software
2010-03-27 02:12 . 2009-10-05 02:47 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Skype
2010-03-26 22:03 . 2009-10-05 02:49 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\skypePM
2010-03-16 00:26 . 2009-09-17 12:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-11 15:34 . 2009-06-08 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-09 19:49 . 2010-02-22 17:54 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\U3
2010-02-25 06:17 . 2009-06-08 21:50 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-15 11:46 . 2009-09-17 15:21 74632 -c--a-w- c:\documents and settings\Utilisateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( SnapShot@2010-03-30_00.21.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-08 21:50 . 2010-04-03 20:51 68804 c:\windows\system32\perfc009.dat
- 2009-06-08 21:50 . 2010-03-30 00:14 68804 c:\windows\system32\perfc009.dat
- 2009-06-08 21:50 . 2009-12-21 19:06 25600 c:\windows\system32\jsproxy.dll
+ 2009-06-08 21:50 . 2010-02-25 06:17 25600 c:\windows\system32\jsproxy.dll
+ 2009-09-17 13:27 . 2010-02-25 06:17 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-09-17 13:27 . 2009-12-21 19:07 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-08 22:24 . 2009-12-21 19:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-06-08 22:24 . 2010-02-25 06:17 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-06-08 21:50 . 2009-12-21 19:06 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-06-08 21:50 . 2010-02-25 06:17 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-04-03 07:57 . 2009-12-21 19:07 12800 c:\windows\ie8updates\KB980182-IE8\xpshims.dll
+ 2010-04-03 07:57 . 2009-12-21 19:06 55296 c:\windows\ie8updates\KB980182-IE8\msfeedsbs.dll
+ 2010-04-03 07:57 . 2009-12-21 19:06 25600 c:\windows\ie8updates\KB980182-IE8\jsproxy.dll
- 2009-06-08 21:50 . 2010-03-30 00:14 435908 c:\windows\system32\perfh009.dat
+ 2009-06-08 21:50 . 2010-04-03 20:51 435908 c:\windows\system32\perfh009.dat
- 2009-06-08 21:50 . 2009-12-21 19:07 206848 c:\windows\system32\occache.dll
+ 2009-06-08 21:50 . 2010-02-25 06:17 206848 c:\windows\system32\occache.dll
- 2009-06-08 21:50 . 2009-03-08 02:32 611840 c:\windows\system32\mstime.dll
+ 2009-06-08 21:50 . 2010-02-25 06:17 611840 c:\windows\system32\mstime.dll
- 2009-06-08 21:50 . 2009-12-21 19:07 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-06-08 21:50 . 2010-02-25 06:17 916480 c:\windows\system32\dllcache\wininet.dll
- 2009-06-08 21:50 . 2009-12-21 19:07 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-06-08 21:50 . 2010-02-25 06:17 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-06-08 21:50 . 2010-02-25 06:17 611840 c:\windows\system32\dllcache\mstime.dll
- 2009-06-08 21:50 . 2009-03-08 02:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-06-08 22:24 . 2010-02-25 06:17 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2009-06-08 22:24 . 2009-12-21 19:06 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-09-17 13:27 . 2010-02-25 06:17 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2010-04-03 07:57 . 2009-12-21 19:07 916480 c:\windows\ie8updates\KB980182-IE8\wininet.dll
+ 2010-04-03 07:57 . 2009-05-26 11:40 406392 c:\windows\ie8updates\KB980182-IE8\spuninst\updspapi.dll
+ 2010-04-03 07:57 . 2009-05-26 11:40 234872 c:\windows\ie8updates\KB980182-IE8\spuninst\spuninst.exe
+ 2010-04-03 07:57 . 2009-12-21 19:07 206848 c:\windows\ie8updates\KB980182-IE8\occache.dll
+ 2010-04-03 07:57 . 2009-03-08 02:32 611840 c:\windows\ie8updates\KB980182-IE8\mstime.dll
+ 2010-04-03 07:57 . 2009-12-21 19:06 594432 c:\windows\ie8updates\KB980182-IE8\msfeeds.dll
+ 2010-04-03 07:57 . 2009-12-21 19:06 246272 c:\windows\ie8updates\KB980182-IE8\ieproxy.dll
+ 2010-04-03 07:57 . 2009-12-21 19:06 184320 c:\windows\ie8updates\KB980182-IE8\iepeers.dll
+ 2010-04-03 07:57 . 2009-12-21 19:06 387584 c:\windows\ie8updates\KB980182-IE8\iedkcs32.dll
+ 2010-04-03 07:57 . 2009-12-21 13:20 173056 c:\windows\ie8updates\KB980182-IE8\ie4uinit.exe
+ 2009-06-08 21:50 . 2010-02-25 06:17 1209344 c:\windows\system32\urlmon.dll
+ 2009-06-08 21:50 . 2010-02-25 06:17 5944832 c:\windows\system32\mshtml.dll
+ 2009-06-08 21:50 . 2010-02-25 06:17 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2009-06-08 21:50 . 2010-02-25 06:17 5944832 c:\windows\system32\dllcache\mshtml.dll
- 2009-06-08 22:24 . 2009-12-21 19:06 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-06-08 22:24 . 2010-02-25 06:17 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2010-04-03 07:57 . 2009-12-21 19:07 1208832 c:\windows\ie8updates\KB980182-IE8\urlmon.dll
+ 2010-04-03 07:57 . 2009-12-21 19:07 5942784 c:\windows\ie8updates\KB980182-IE8\mshtml.dll
+ 2010-04-03 07:57 . 2009-12-21 19:06 1985536 c:\windows\ie8updates\KB980182-IE8\iertutil.dll
+ 2009-06-08 22:24 . 2010-02-25 17:47 11070976 c:\windows\system32\dllcache\ieframe.dll
+ 2010-04-03 07:57 . 2009-12-21 19:06 11070464 c:\windows\ie8updates\KB980182-IE8\ieframe.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-05-19 3417336]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-06-16 397312]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-17 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-11 17881600]
"EasyMode"="c:\program files\\ASUS\\Easy Mode\\Easy Mode.exe" [2009-03-18 1249280]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-06 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-06 354840]
"PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2009-07-06 96792]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-06-18 696320]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-05-08 98304]
"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2009-06-25 712704]
"EeeStorageBackup"="c:\program files\ASUS\Eee Storage\BackupService.exe" [2009-06-08 935184]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-07-15 3054136]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-10-17 198160]
"Autorun Eater"="c:\program files\Autorun Eater\oldmcdonald.exe" [2009-05-27 549400]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-15 21:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin]
2009-06-24 22:13 65536 ----a-w- c:\windows\system32\igdlogin.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Utilisateur^Menu Démarrer^Programmes^Démarrage^ERUNT AutoBackup.lnk]
path=c:\documents and settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22/09/2009 10:32 685816]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15/03/2010 15:17 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [15/03/2010 15:17 242696]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15/03/2010 15:16 308064]
R2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [19/05/2009 10:29 107744]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [15/07/2009 01:54 5097632]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [29/04/2009 03:10 38912]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [09/06/2009 08:17 233512]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [21/04/2009 05:25 39040]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 12:13 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [08/06/2009 15:16 1684736]
.
Contenu du dossier 'Tâches planifiées'
2010-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:13]
2010-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:13]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: bitdefender.com\download
Trusted Zone: bitdefender.com\www
FF - ProfilePath - c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\4xmwg7xk.default\
FF - component: c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\4xmwg7xk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\4xmwg7xk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-03 14:48
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x865818AC]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7634f28
\Driver\ACPI -> ACPI.sys @ 0xf73c4cb8
\Driver\atapi -> atapi.sys @ 0xf737fb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Atheros AR8132 PCI-E Fast Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xf7275bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7264a0d
SendHandler -> NDIS.sys @ 0xf7278b40
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(3320)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\program files\Autorun Eater\billy.exe
c:\program files\ASUS\Eee Storage\EeeStorageUploader.exe
.
**************************************************************************
.
Heure de fin: 2010-04-03 14:54:40 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-04-03 20:54
ComboFix2.txt 2010-04-03 04:07
ComboFix3.txt 2010-03-31 06:05
ComboFix4.txt 2010-03-30 00:24
Avant-CF: 60 927 471 616 octets libres
Après-CF: 60 892 344 320 octets libres
- - End Of File - - 314AFE4298A0EB6D9CA7CC9F2CF65EA2
Should I install Avast first before making all updates? (I still haven't done the Java and Adobe updates.)
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1014.468 [GMT -6:00]
Lancé depuis: c:\documents and settings\Utilisateur\Bureau\george1.exe
Commutateurs utilisés :: c:\documents and settings\Utilisateur\Bureau\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-03 au 2010-04-03 ))))))))))))))))))))))))))))))))))))
.
2010-04-03 03:12 . 2010-04-03 03:12 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-04-03 03:12 . 2010-04-03 03:12 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-04-03 03:12 . 2010-04-03 03:12 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-04-03 03:12 . 2010-04-03 03:12 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-04-03 03:11 . 2010-04-03 03:11 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-04-03 03:11 . 2010-04-03 03:11 4250976 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-04-03 03:11 . 2010-04-03 03:11 341272 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxch32.dll
2010-04-03 03:11 . 2010-04-03 03:11 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-04-03 03:11 . 2010-04-03 03:11 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-04-03 03:11 . 2010-04-03 03:11 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-04-03 03:11 . 2010-04-03 03:11 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-04-03 03:11 . 2010-04-03 03:11 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-04-03 03:11 . 2010-04-03 03:11 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-04-03 03:09 . 2010-04-03 03:09 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-03 03:09 . 2010-04-03 03:09 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-03 03:09 . 2010-04-03 03:09 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-02 00:23 . 2010-04-02 00:23 -------- d-----w- c:\documents and settings\Utilisateur\Local Settings\Application Data\WMTools Downloaded Files
2010-03-31 07:36 . 2010-03-31 07:36 -------- d-----w- C:\_OTL
2010-03-30 00:14 . 2010-03-30 00:24 -------- d-----w- C:\george
2010-03-29 02:18 . 2010-03-29 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Autorun Eater
2010-03-29 02:18 . 2010-03-31 21:52 -------- d-----w- c:\program files\Autorun Eater
2010-03-29 02:14 . 2010-03-29 02:14 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Malwarebytes
2010-03-29 02:14 . 2010-03-30 06:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 02:14 . 2010-03-29 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-29 02:14 . 2010-04-03 03:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-29 02:14 . 2010-03-30 06:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 02:06 . 2010-03-29 04:44 -------- d-----w- c:\program files\ERUNT
2010-03-22 21:44 . 2010-03-29 04:55 -------- d-----w- c:\program files\Recuva
2010-03-18 05:32 . 2010-04-03 03:03 439816 ----a-w- c:\documents and settings\Utilisateur\Application Data\Real\Update\setup3.10\setup.exe
2010-03-16 00:30 . 2010-03-16 03:59 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\IObit
2010-03-15 22:24 . 2010-03-15 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-03-15 22:24 . 2010-03-29 04:44 -------- d-----w- c:\program files\IObit
2010-03-15 21:37 . 2010-03-29 04:17 -------- d-----w- C:\$AVG
2010-03-15 21:17 . 2010-03-15 21:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-15 21:17 . 2010-03-15 21:17 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-15 21:17 . 2010-03-15 21:17 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-15 21:17 . 2010-03-15 21:17 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-15 21:17 . 2010-04-03 03:12 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-15 21:16 . 2010-03-29 04:37 -------- d-----w- c:\program files\AVG
2010-03-15 21:16 . 2010-03-15 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-15 20:10 . 2010-04-03 05:16 -------- d-----w- c:\windows\BDOSCAN8
2010-03-15 19:57 . 2010-03-15 20:02 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\QuickScan
2010-03-15 19:57 . 2010-03-06 00:33 791456 ----a-w- c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\4xmwg7xk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-03-15 19:57 . 2010-03-06 00:03 629152 ----a-w- c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\4xmwg7xk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-03 20:44 . 2009-06-08 21:50 82172 ----a-w- c:\windows\system32\perfc00C.dat
2010-04-03 20:44 . 2009-06-08 21:50 504226 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-31 22:24 . 2009-06-08 21:53 -------- d-----w- c:\program files\ASUS
2010-03-31 22:21 . 2010-03-31 22:21 449 ----a-w- c:\program files\Raccourci vers ASUS.lnk
2010-03-31 08:33 . 2009-06-08 20:06 -------- d-----w- c:\program files\Services en ligne
2010-03-29 04:54 . 2009-06-08 22:02 -------- d-----w- c:\program files\Windows Live
2010-03-29 04:53 . 2009-06-09 14:17 -------- d-----w- c:\program files\SRS Labs
2010-03-29 04:52 . 2009-09-17 12:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-29 04:52 . 2009-09-17 13:09 -------- d-----w- c:\program files\Reference Assemblies
2010-03-29 04:50 . 2009-09-17 12:23 -------- d-----w- c:\program files\OpenOffice.org 3
2010-03-29 04:47 . 2009-09-17 13:09 -------- d-----w- c:\program files\MSBuild
2010-03-29 04:44 . 2009-09-17 12:23 -------- d-----w- c:\program files\JRE
2010-03-29 04:44 . 2009-06-08 21:14 -------- d-----w- c:\program files\Intel
2010-03-29 04:44 . 2009-06-08 21:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-29 04:44 . 2009-10-17 20:12 -------- d-----w- c:\program files\Google
2010-03-29 04:44 . 2009-07-15 07:54 -------- d-----w- c:\program files\EeePC
2010-03-29 04:44 . 2009-09-17 12:10 -------- d-----w- c:\program files\DynGate
2010-03-29 04:44 . 2009-09-22 16:38 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-03-29 04:42 . 2009-06-08 22:02 -------- d-----w- c:\program files\Microsoft
2010-03-29 04:42 . 2009-06-08 20:09 -------- d-----w- c:\program files\microsoft frontpage
2010-03-29 04:38 . 2009-09-17 12:10 -------- d-----w- c:\program files\CyberLink
2010-03-29 04:37 . 2009-06-08 21:19 -------- d-----w- c:\program files\Atheros
2010-03-29 04:37 . 2009-09-17 12:12 -------- d-----w- c:\program files\Alwil Software
2010-03-27 02:12 . 2009-10-05 02:47 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Skype
2010-03-26 22:03 . 2009-10-05 02:49 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\skypePM
2010-03-16 00:26 . 2009-09-17 12:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-11 15:34 . 2009-06-08 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-09 19:49 . 2010-02-22 17:54 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\U3
2010-02-25 06:17 . 2009-06-08 21:50 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-15 11:46 . 2009-09-17 15:21 74632 -c--a-w- c:\documents and settings\Utilisateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( SnapShot@2010-03-30_00.21.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-08 21:50 . 2010-04-03 20:51 68804 c:\windows\system32\perfc009.dat
- 2009-06-08 21:50 . 2010-03-30 00:14 68804 c:\windows\system32\perfc009.dat
- 2009-06-08 21:50 . 2009-12-21 19:06 25600 c:\windows\system32\jsproxy.dll
+ 2009-06-08 21:50 . 2010-02-25 06:17 25600 c:\windows\system32\jsproxy.dll
+ 2009-09-17 13:27 . 2010-02-25 06:17 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-09-17 13:27 . 2009-12-21 19:07 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-08 22:24 . 2009-12-21 19:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-06-08 22:24 . 2010-02-25 06:17 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-06-08 21:50 . 2009-12-21 19:06 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-06-08 21:50 . 2010-02-25 06:17 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-04-03 07:57 . 2009-12-21 19:07 12800 c:\windows\ie8updates\KB980182-IE8\xpshims.dll
+ 2010-04-03 07:57 . 2009-12-21 19:06 55296 c:\windows\ie8updates\KB980182-IE8\msfeedsbs.dll
+ 2010-04-03 07:57 . 2009-12-21 19:06 25600 c:\windows\ie8updates\KB980182-IE8\jsproxy.dll
- 2009-06-08 21:50 . 2010-03-30 00:14 435908 c:\windows\system32\perfh009.dat
+ 2009-06-08 21:50 . 2010-04-03 20:51 435908 c:\windows\system32\perfh009.dat
- 2009-06-08 21:50 . 2009-12-21 19:07 206848 c:\windows\system32\occache.dll
+ 2009-06-08 21:50 . 2010-02-25 06:17 206848 c:\windows\system32\occache.dll
- 2009-06-08 21:50 . 2009-03-08 02:32 611840 c:\windows\system32\mstime.dll
+ 2009-06-08 21:50 . 2010-02-25 06:17 611840 c:\windows\system32\mstime.dll
- 2009-06-08 21:50 . 2009-12-21 19:07 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-06-08 21:50 . 2010-02-25 06:17 916480 c:\windows\system32\dllcache\wininet.dll
- 2009-06-08 21:50 . 2009-12-21 19:07 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-06-08 21:50 . 2010-02-25 06:17 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-06-08 21:50 . 2010-02-25 06:17 611840 c:\windows\system32\dllcache\mstime.dll
- 2009-06-08 21:50 . 2009-03-08 02:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-06-08 22:24 . 2010-02-25 06:17 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2009-06-08 22:24 . 2009-12-21 19:06 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-09-17 13:27 . 2010-02-25 06:17 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2010-04-03 07:57 . 2009-12-21 19:07 916480 c:\windows\ie8updates\KB980182-IE8\wininet.dll
+ 2010-04-03 07:57 . 2009-05-26 11:40 406392 c:\windows\ie8updates\KB980182-IE8\spuninst\updspapi.dll
+ 2010-04-03 07:57 . 2009-05-26 11:40 234872 c:\windows\ie8updates\KB980182-IE8\spuninst\spuninst.exe
+ 2010-04-03 07:57 . 2009-12-21 19:07 206848 c:\windows\ie8updates\KB980182-IE8\occache.dll
+ 2010-04-03 07:57 . 2009-03-08 02:32 611840 c:\windows\ie8updates\KB980182-IE8\mstime.dll
+ 2010-04-03 07:57 . 2009-12-21 19:06 594432 c:\windows\ie8updates\KB980182-IE8\msfeeds.dll
+ 2010-04-03 07:57 . 2009-12-21 19:06 246272 c:\windows\ie8updates\KB980182-IE8\ieproxy.dll
+ 2010-04-03 07:57 . 2009-12-21 19:06 184320 c:\windows\ie8updates\KB980182-IE8\iepeers.dll
+ 2010-04-03 07:57 . 2009-12-21 19:06 387584 c:\windows\ie8updates\KB980182-IE8\iedkcs32.dll
+ 2010-04-03 07:57 . 2009-12-21 13:20 173056 c:\windows\ie8updates\KB980182-IE8\ie4uinit.exe
+ 2009-06-08 21:50 . 2010-02-25 06:17 1209344 c:\windows\system32\urlmon.dll
+ 2009-06-08 21:50 . 2010-02-25 06:17 5944832 c:\windows\system32\mshtml.dll
+ 2009-06-08 21:50 . 2010-02-25 06:17 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2009-06-08 21:50 . 2010-02-25 06:17 5944832 c:\windows\system32\dllcache\mshtml.dll
- 2009-06-08 22:24 . 2009-12-21 19:06 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-06-08 22:24 . 2010-02-25 06:17 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2010-04-03 07:57 . 2009-12-21 19:07 1208832 c:\windows\ie8updates\KB980182-IE8\urlmon.dll
+ 2010-04-03 07:57 . 2009-12-21 19:07 5942784 c:\windows\ie8updates\KB980182-IE8\mshtml.dll
+ 2010-04-03 07:57 . 2009-12-21 19:06 1985536 c:\windows\ie8updates\KB980182-IE8\iertutil.dll
+ 2009-06-08 22:24 . 2010-02-25 17:47 11070976 c:\windows\system32\dllcache\ieframe.dll
+ 2010-04-03 07:57 . 2009-12-21 19:06 11070464 c:\windows\ie8updates\KB980182-IE8\ieframe.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-05-19 3417336]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-06-16 397312]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-17 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-11 17881600]
"EasyMode"="c:\program files\\ASUS\\Easy Mode\\Easy Mode.exe" [2009-03-18 1249280]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-06 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-06 354840]
"PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2009-07-06 96792]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-06-18 696320]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-05-08 98304]
"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2009-06-25 712704]
"EeeStorageBackup"="c:\program files\ASUS\Eee Storage\BackupService.exe" [2009-06-08 935184]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-07-15 3054136]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-10-17 198160]
"Autorun Eater"="c:\program files\Autorun Eater\oldmcdonald.exe" [2009-05-27 549400]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-15 21:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin]
2009-06-24 22:13 65536 ----a-w- c:\windows\system32\igdlogin.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Utilisateur^Menu Démarrer^Programmes^Démarrage^ERUNT AutoBackup.lnk]
path=c:\documents and settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22/09/2009 10:32 685816]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15/03/2010 15:17 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [15/03/2010 15:17 242696]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15/03/2010 15:16 308064]
R2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [19/05/2009 10:29 107744]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [15/07/2009 01:54 5097632]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [29/04/2009 03:10 38912]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [09/06/2009 08:17 233512]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [21/04/2009 05:25 39040]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 12:13 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [08/06/2009 15:16 1684736]
.
Contenu du dossier 'Tâches planifiées'
2010-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:13]
2010-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:13]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: bitdefender.com\download
Trusted Zone: bitdefender.com\www
FF - ProfilePath - c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\4xmwg7xk.default\
FF - component: c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\4xmwg7xk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\4xmwg7xk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-03 14:48
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x865818AC]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7634f28
\Driver\ACPI -> ACPI.sys @ 0xf73c4cb8
\Driver\atapi -> atapi.sys @ 0xf737fb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Atheros AR8132 PCI-E Fast Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xf7275bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7264a0d
SendHandler -> NDIS.sys @ 0xf7278b40
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(3320)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\program files\Autorun Eater\billy.exe
c:\program files\ASUS\Eee Storage\EeeStorageUploader.exe
.
**************************************************************************
.
Heure de fin: 2010-04-03 14:54:40 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-04-03 20:54
ComboFix2.txt 2010-04-03 04:07
ComboFix3.txt 2010-03-31 06:05
ComboFix4.txt 2010-03-30 00:24
Avant-CF: 60 927 471 616 octets libres
Après-CF: 60 892 344 320 octets libres
- - End Of File - - 314AFE4298A0EB6D9CA7CC9F2CF65EA2
Should I install Avast first before making all updates? (I still haven't done the Java and Adobe updates.)
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
