|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
03-25-2008, 08:44 PM
|
#1 (permalink) |
|
Registered User
Join Date: Mar 2008
Posts: 7
OS: Win XP
|
Spyware, Adware, Trojan, Malware and internet explorer crash
Hi,
My computer has recently been infected by many viruses when I unfortunately open a file I shouldn't have. From this instant, I had some program opening themselves. When I tried to closed them, they re-open by themsleves few minutes later. Also, Internet Explorer doesn't work anymore. It opens on a white window. Impossible to close it except via the task manager. That is why I could not run PandaActiveScan, as it doesn't seem to be working with Firefox. I have run Ad-Aware Se Professional, and found 119 bad elements which I deleted. I have run also Avast Antivirus and found 54 infected files, which I put in quarantine or deleted. I have not closed my cumputer since then and don't really want to for now until I can do a backup of my important files in the next days. I have run Prevx CSI and it tells me that I still have 7 active threats. Which are: C:\WINDOWS\system32\fccdawv.dll - [b] >> SpywareQuake C:\WINDOWS\ZnJhbmNvaXMgbGFtYmVydA\asappsrv.dll - [b] >> Adware Generic.GMD C:\WINDOWS\system32\vtsqr.dll - [b] >> Generic.Malware - Trojan.Vundo C:\WINDOWS\system32\atgban.dll - [b] >> Generic.Malware C:\Documents and Settings\francois lambert\lsass.exe - [b] >> Trojan.SystemPoser C:\WINDOWS\system32\wem4\begmgr11.exe - [b] >> TROJAN.AGENT.GEN C:\Documents and Settings\francois lambert\Bureau\dss.exe - [b] >> Generic.Malware Here is main.txt from DSS Deckard's System Scanner v20071014.68 Run by francois lambert on 2008-03-25 22:20:13 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 90: 2008-03-26 02:20:21 UTC - RP1120 - Deckard's System Scanner Restore Point 89: 2008-03-25 23:45:47 UTC - RP1119 - Spybot-S&D Spyware removal 88: 2008-03-25 20:20:15 UTC - RP1118 - Last known good configuration 87: 2008-03-24 22:18:49 UTC - RP1117 - Point de vérification système 86: 2008-03-23 22:04:56 UTC - RP1116 - Removed Norton Security Scan -- First Restore Point -- 1: 2007-12-27 18:12:48 UTC - RP1031 - Point de vérification système Backed up registry hives. Performed disk cleanup. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-03-25 22:22:15 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Fichiers communs\Symantec Shared\CCSETMGR.EXE C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Fichiers communs\Symantec Shared\CCEVTMGR.EXE C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\alg.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\PrevxCSI\PrevxCSI.exe C:\Program Files\PrevxCSI\PrevxCSI.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Windows Live Toolbar\msn_sl.exe C:\Documents and Settings\francois lambert\Bureau\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: targettedbanner.biz browser enhancer - {16B435F6-B6CE-4F24-A568-944B27ED919C} - C:\WINDOWS\system32\atgban.dll O2 - BHO: (no name) - {56145F37-5416-431B-8A49-5BBA6F2993C0} - blank (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {D3BB487D-0EF1-4135-AE08-AA34733937DF} - C:\WINDOWS\system32\vtsqr.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - blank (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [{0B-BF-FB-B1-DW}] C:\WINDOWS\system32\wem4\begmgr11.exe DWram O4 - HKLM\..\Run: [PostSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\atgban.dll" DllStart O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\francois lambert\lsass.exe O4 - HKLM\..\Run: [PrevxCSI] "C:\Program Files\PrevxCSI\prevxcsi.exe" /bootupreg O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\wem4\begmgr11.exe O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\NetAssistant\bin\matcli.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?3df5f9a509184b3c90443e09ccd58454 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?3df5f9a509184b3c90443e09ccd58454 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {D27CDB6E-AE6F-11CF-96B8-444553540000} () - http://download.macromedia.com/pub/s...sh/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll O20 - Winlogon Notify: fccdawv - C:\WINDOWS\system32\fccdawv.dll O20 - Winlogon Notify: kscacl - C:\WINDOWS\system32\kscacl.dll (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCEVTMGR.EXE O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPWDSVC.EXE O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCSETMGR.EXE O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\ZnJhbmNvaXMgbGFtYmVydA\command.exe O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\\PrevxCSI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVSCAN.EXE O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Script Blocking\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe -- End of file - 11849 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 pxark - c:\windows\system32\drivers\pxark.sys <Not Verified; ; Prevx CSI> R1 SSHDRV65 - c:\windows\system32\drivers\sshdrv65.sys R1 SSHDRV85 - c:\windows\system32\drivers\sshdrv85.sys <Not Verified; ; ProtectCD> R3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt92> S3 driverhardwarev2 - c:\program files\hardwaredetection\driverhardwarev2.sys (file missing) S3 gsplittm - c:\docume~1\franco~1\locals~1\temp\gsplittm.sys (file missing) S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys (file missing) S3 PCD65X2 - c:\docume~1\franco~1\locals~1\temp\pcd65x2.sys (file missing) S3 SunkFilt39 (Alcor Micro Corp - 3239) - c:\windows\system32\drivers\sunkfilt39.sys <Not Verified; Alcor Micro Corp.; SunkFilt39> S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing) S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\fichiers communs\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; > R2 CSIScanner - "c:\program files\prevxcsi\\prevxcsi.exe" /service <Not Verified; Prevx; Prevx CSI> S? Network Monitor - S2 cmdService (Command Service) - c:\windows\znjhbmnvaxmgbgftymvyda\command.exe (file missing) -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-03-25 21:47:04 378 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job 2008-03-21 17:15:00 412 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job 2008-03-08 00:46:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2005-09-05 19:05:54 378 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job 2005-03-25 20:39:08 540 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - francois lambert.job -- Files created between 2008-02-25 and 2008-03-25 ----------------------------- 2008-03-25 21:34:25 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-25 21:34:04 0 d-------- C:\Program Files\SpywareBlaster 2008-03-25 17:20:21 10880 --a------ C:\WINDOWS\system32\drivers\pxark.sys <Not Verified; ; Prevx CSI> 2008-03-25 17:20:21 0 d-------- C:\Program Files\PrevxCSI 2008-03-25 17:20:13 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI 2008-03-25 16:20:01 33277 --ahs---- C:\WINDOWS\system32\rqstv.ini2 2008-03-25 16:19:58 290816 --a------ C:\WINDOWS\system32\vtsqr.dll 2008-03-25 16:18:45 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ> 2008-03-25 16:15:20 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon 2008-03-25 16:15:16 1989 --a------ C:\WINDOWS\uninstall_nmon.vbs 2008-03-25 16:15:16 0 d-a------ C:\Program Files\Network Monitor 2008-03-25 16:15:15 0 d--hs---- C:\WINDOWS\ZnJhbmNvaXMgbGFtYmVydA 2008-03-25 16:15:13 39883 --a------ C:\WINDOWS\system32\targetedbanner-uninst.exe 2008-03-25 16:15:11 29696 ---hs---- C:\Documents and Settings\francois lambert\lsass.exe 2008-03-25 16:15:08 0 d-------- C:\WINDOWS\system32\wem4 2008-03-25 16:15:08 0 d-------- C:\WINDOWS\system32\ide 2008-03-25 16:15:07 0 d-------- C:\WINDOWS\system32\UDE 2008-03-25 16:15:07 0 d-------- C:\WINDOWS\system32\hcb 2008-03-25 16:15:05 0 d-------- C:\WINDOWS\system32\aqVreo18 2008-03-25 16:14:55 38400 --a------ C:\WINDOWS\system32\fccdawv.dll 2008-03-21 11:25:29 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI 2008-03-21 10:55:06 0 --a------ C:\WINDOWS\ativpsrm.bin 2008-03-21 10:42:44 0 d-------- C:\ATI 2008-03-21 10:28:06 0 d-------- C:\Program Files\Virtual VCR 2008-03-11 11:18:06 58880 --a------ C:\WINDOWS\system32\atgban.dll 2008-03-08 08:13:27 0 d-------- C:\Program Files\iPod 2008-03-08 08:13:21 0 d-------- C:\Program Files\iTunes 2008-03-08 08:11:25 0 d-------- C:\Program Files\QuickTime 2008-03-06 11:40:43 0 d--hs---- C:\WINDOWS\ftpcache -- Find3M Report --------------------------------------------------------------- 2008-03-25 22:12:00 0 d-------- C:\Program Files\HardwareDetection 2008-03-25 19:33:36 0 d-a------ C:\Program Files\CyberLink 2008-03-24 07:36:55 0 d-a------ C:\Program Files\Fichiers communs\Symantec Shared 2008-03-23 18:02:41 0 d-------- C:\Program Files\LimeWire 2008-03-23 11:07:20 0 d-------- C:\Documents and Settings\francois lambert\Application Data\AdobeUM 2008-03-22 07:26:25 0 d-------- C:\Program Files\GameShadow 2008-03-21 11:27:24 0 d-------- C:\Documents and Settings\francois lambert\Application Data\Adobe 2008-03-21 11:25:29 0 d-------- C:\Documents and Settings\francois lambert\Application Data\ATI 2008-03-21 11:20:55 468072 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-03-21 11:20:55 75266 --a------ C:\WINDOWS\system32\perfc00C.dat 2008-03-21 11:10:37 0 d-------- C:\Program Files\ATI Technologies 2008-03-21 11:10:08 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-03-20 17:30:52 0 d-a------ C:\Program Files\Java 2008-03-15 20:34:06 0 d-------- C:\Documents and Settings\francois lambert\Application Data\ZoomBrowser EX 2008-02-25 21:05:00 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart> 2008-02-21 18:29:20 0 d-------- C:\Program Files\AFT software 2008-02-10 19:26:15 796672 --a------ C:\WINDOWS\GPInstall.exe <Not Verified; Qsc; GP-Install> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16B435F6-B6CE-4F24-A568-944B27ED919C}] 2008-03-11 11:18 58880 --a------ C:\WINDOWS\system32\atgban.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56145F37-5416-431B-8A49-5BBA6F2993C0}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D3BB487D-0EF1-4135-AE08-AA34733937DF}] 2008-03-25 16:19 290816 --a------ C:\WINDOWS\system32\vtsqr.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CHotkey"="zHotkey.exe" [2004-05-17 21:30 C:\WINDOWS\zHotkey.exe] "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 11:45] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 14:22] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 14:19] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 14:23] "SoundMan"="SOUNDMAN.EXE" [2004-07-01 14:58 C:\WINDOWS\SOUNDMAN.EXE] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 09:00] "Motive SmartBridge"="C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe" [2004-05-19 10:24] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-02-21 09:49] "Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 12:49] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [] "{0B-BF-FB-B1-DW}"="C:\WINDOWS\system32\wem4\begmgr11.exe" [2008-02-14 10:42] "PostSetupCheck"="C:\WINDOWS\system32\atgban.dll" [2008-03-11 11:18] "LSA Shellu"="C:\Documents and Settings\francois lambert\lsass.exe" [2008-03-25 16:15] "PrevxCSI"="C:\Program Files\PrevxCSI\prevxcsi.exe" [2008-03-25 17:20] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 19:09] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] "AAW"="C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}"= C:\WINDOWS\system32\fccdawv.dll [2008-03-25 16:14 38400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccdawv] fccdawv.dll 2008-03-25 16:14 38400 C:\WINDOWS\system32\fccdawv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kscacl] kscacl.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtsqr.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^KODAK Software Updater.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\KODAK Software Updater.lnk backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^francois lambert^Menu Démarrer^Programmes^Démarrage^PowerReg Scheduler V3.exe] path=C:\Documents and Settings\francois lambert\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler V3.exe backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^francois lambert^Menu Démarrer^Programmes^Démarrage^PowerReg Scheduler.exe] path=C:\Documents and Settings\francois lambert\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler.exe backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd] ALCWZRD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Outlook] C:\PROGRA~1\MICROS~3\Office\OUTLOOK.EXE Outlook:Inbox /recycle [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe "ShowWnd"=ShowWnd.exe *Newly Created Service* - CMDSERVICE *Newly Created Service* - CSISCANNER *Newly Created Service* - MCHINJDRV *Newly Created Service* - NETWORK_MONITOR *Newly Created Service* - PXARK -- End of Deckard's System Scanner: finished at 2008-03-25 22:24:27 ------------ Thank you very much for any help. |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
03-31-2008, 05:51 PM
|
#2 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,948
OS: Windows 7 Ultimate
|
Re: Spyware, Adware, Trojan, Malware and internet explorer crash
Hi franc11,
Sorry for the delay in looking into your log, as we are extremely busy in this section of the forums. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions. Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription. -------------------------------------------------------------- Please download HijackThis. This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded. Click on the "Install" button. -------------------------------------------------------------- Please run DSS.exe (Deckard's System Scanner) and reply back with the results from main.txt Thanks
__________________
 Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
|
|
|
|
03-31-2008, 07:08 PM
|
#3 (permalink) |
|
Registered User
Join Date: Mar 2008
Posts: 7
OS: Win XP
|
Re: Spyware, Adware, Trojan, Malware and internet explorer crash
Hi. Thanks for the answer. I couple of things actually are back to normal, but I still have a couple of virus or malware and other things in my computer that I can't seem to be able to remove. Internet Explorer is ok now.
Deckard's System Scanner v20071014.68 Run by francois lambert on 2008-03-31 21:04:58 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as francois lambert.exe) ------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:05:00, on 2008-03-31 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\PrevxCSI\PrevxCSI.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\PrevxCSI\PrevxCSI.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\zHotkey.exe C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Documents and Settings\francois lambert\lsass.exe C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NetAssistant\bin\mpbtn.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\francois lambert\Bureau\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\francois lambert.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} - C:\WINDOWS\system32\fccdawv.dll (file missing) O2 - BHO: (no name) - {56145F37-5416-431B-8A49-5BBA6F2993C0} - blank (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {D3BB487D-0EF1-4135-AE08-AA34733937DF} - C:\WINDOWS\system32\vtsqr.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - blank (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [{0B-BF-FB-B1-DW}] C:\WINDOWS\system32\wem4\begmgr11.exe DWram O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\francois lambert\lsass.exe O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\wem4\begmgr11.exe O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\NetAssistant\bin\matcli.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?3df5f9a509184b3c90443e09ccd58454 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?3df5f9a509184b3c90443e09ccd58454 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O20 - Winlogon Notify: fccdawv - fccdawv.dll (file missing) O20 - Winlogon Notify: kscacl - kscacl.dll (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\ZnJhbmNvaXMgbGFtYmVydA\command.exe (file missing) O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\\PrevxCSI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe -- End of file - 12186 bytes -- Files created between 2008-02-29 and 2008-03-31 ----------------------------- 2008-03-31 21:02:43 0 d-------- C:\Program Files\Trend Micro 2008-03-31 17:00:58 0 d-------- C:\WINDOWS\LastGood 2008-03-31 16:15:16 0 d-------- C:\Program Files\Windows Live Favorites 2008-03-30 11:55:29 0 d-------- C:\Program Files\AIST 2008-03-30 11:20:39 0 d-------- C:\WINDOWS\avdv2.drv 2008-03-30 10:18:02 0 d-------- C:\Program Files\proDAD 2008-03-30 09:55:24 0 d-------- C:\Program Files\AdorageI-SAL 2008-03-30 09:55:24 0 d-------- C:\Program Files\AdorageI-GfxDatas 2008-03-29 23:28:58 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-03-29 20:53:57 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-03-29 20:45:34 0 d--hs--c- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-03-29 20:45:27 0 d-------- C:\Program Files\Windows Live 2008-03-29 20:45:15 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-27 20  16 153088 --a------ C:\Program Files\UNWISE.EXE2008-03-27 19:18:20 401408 --a------ C:\WINDOWS\system32\pvmjpg30.dll <Not Verified; Pegasus Imaging Corporation; PICVideo Codec Suite> 2008-03-27 19:18:13 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1> 2008-03-27 19:15:40 0 d-------- C:\Program Files\SmartSound Software 2008-03-27 19:15:40 0 d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc 2008-03-27 19:14:05 14165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI> 2008-03-27 19:14:01 41219 --a------ C:\WINDOWS\RSETPATH.exe <Not Verified; Pinnacle Systems; Pinnacle Systems RSETPATH> 2008-03-27 19:12:25 49152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll <Not Verified; Pinnacle Systems; Guid_dll> 2008-03-27 19:11:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio 2008-03-27 19:05:27 184320 -----n--- C:\WINDOWS\system32\RALMain.dll <Not Verified; Pinnacle Systems GmbH; Register Abstraction Layer> 2008-03-27 19:05:27 233472 -----n--- C:\WINDOWS\system32\DiskIO.dll <Not Verified; Pinnacle Systems GmbH; Media File Sequencer> 2008-03-27 19:05:26 73728 -----n--- C:\WINDOWS\system32\MMAviAx.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO MFP> 2008-03-27 19:05:26 32768 -----n--- C:\WINDOWS\system32\MLPagAx.dll <Not Verified; Pinnacle Systems GmbH; MLPag DLL> 2008-03-27 19:05:26 39936 -----n--- C:\WINDOWS\system32\CacheX.dll <Not Verified; Pinnacle Systems GmbH; Cache DLL> 2008-03-27 19:05:26 126976 -----n--- C:\WINDOWS\system32\AVIPrAx.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO AFP> 2008-03-27 19:05:17 171008 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete> 2008-03-27 19:03:16 138752 --a------ C:\WINDOWS\system32\mase32.dll 2008-03-27 19:03:16 57856 --a------ C:\WINDOWS\system32\masd32.dll 2008-03-27 19:03:16 136192 --a------ C:\WINDOWS\system32\mamc32.dll <Not Verified; ; MAMC32 Dynamic Link Library> 2008-03-27 19:03:16 196096 --a------ C:\WINDOWS\system32\macd32.dll <Not Verified; ; MACD32 Dynamic Link Library> 2008-03-27 19:03:16 27648 --a------ C:\WINDOWS\system32\ma32.dll 2008-03-27 19:03:16 884736 -----n--- C:\WINDOWS\system32\LMUIRes.dll <Not Verified; Fellowes, Inc.; MediaFACE> 2008-03-27 19:03:16 12288 -----n--- C:\WINDOWS\system32\LMLRes.dll <Not Verified; Fellowes, Inc.; MediaFACE> 2008-03-27 19:01:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle 2008-03-27 19:01:15 0 d-------- C:\Program Files\Pinnacle 2008-03-27 19:00:56 0 d-------- C:\Documents and Settings\francois lambert\Application Data\InstallShield 2008-03-26 21:26:46 0 d-------- C:\Documents and Settings\francois lambert\Application Data\Uniblue 2008-03-25 21:34:25 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-25 21:34:04 0 d-------- C:\Program Files\SpywareBlaster 2008-03-25 17:20:21 10880 --a------ C:\WINDOWS\system32\drivers\pxark.sys <Not Verified; ; Prevx CSI> 2008-03-25 17:20:21 0 d-------- C:\Program Files\PrevxCSI 2008-03-25 17:20:13 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI 2008-03-25 16:20:01 7378 --ahs---- C:\WINDOWS\system32\rqstv.ini2 2008-03-25 16:18:45 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ> 2008-03-25 16:15:20 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon 2008-03-25 16:15:16 1989 --a------ C:\WINDOWS\uninstall_nmon.vbs 2008-03-25 16:15:15 0 d--hs---- C:\WINDOWS\ZnJhbmNvaXMgbGFtYmVydA 2008-03-25 16:15:11 29696 ---hs---- C:\Documents and Settings\francois lambert\lsass.exe 2008-03-25 16:15:08 0 d-------- C:\WINDOWS\system32\wem4 2008-03-25 16:15:08 0 d-------- C:\WINDOWS\system32\ide 2008-03-25 16:15:07 0 d-------- C:\WINDOWS\system32\UDE 2008-03-25 16:15:07 0 d-------- C:\WINDOWS\system32\hcb 2008-03-25 16:15:05 0 d-------- C:\WINDOWS\system32\aqVreo18 2008-03-21 11:25:29 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI 2008-03-21 10:55:06 0 --a------ C:\WINDOWS\ativpsrm.bin 2008-03-21 10:42:44 0 d-------- C:\ATI 2008-03-21 10:28:06 0 d-------- C:\Program Files\Virtual VCR 2008-03-08 08:13:27 0 d-------- C:\Program Files\iPod 2008-03-08 08:13:21 0 d-------- C:\Program Files\iTunes 2008-03-08 08:11:25 0 d-------- C:\Program Files\QuickTime 2008-03-06 11:40:43 0 d--hs---- C:\WINDOWS\ftpcache -- Find3M Report --------------------------------------------------------------- 2008-03-31 17:16:11 0 d-a------ C:\Program Files\Fichiers communs 2008-03-31 16:25:55 468072 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-03-31 16:25:55 75266 --a------ C:\WINDOWS\system32\perfc00C.dat 2008-03-31 16:24:14 0 d-------- C:\Program Files\HardwareDetection 2008-03-31 16:15:20 0 d-------- C:\Program Files\Windows Live Toolbar 2008-03-27 19:23:23 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-03-27 19:14:14 0 d-------- C:\Program Files\DivX 2008-03-25 19:33:36 0 d-a------ C:\Program Files\CyberLink 2008-03-24 07:36:55 0 d-a------ C:\Program Files\Fichiers communs\Symantec Shared 2008-03-23 18:02:41 0 d-------- C:\Program Files\LimeWire 2008-03-23 11:07:20 0 d-------- C:\Documents and Settings\francois lambert\Application Data\AdobeUM 2008-03-22 07:26:25 0 d-------- C:\Program Files\GameShadow 2008-03-21 11:27:24 0 d-------- C:\Documents and Settings\francois lambert\Application Data\Adobe 2008-03-21 11:25:29 0 d-------- C:\Documents and Settings\francois lambert\Application Data\ATI 2008-03-21 11:10:37 0 d-------- C:\Program Files\ATI Technologies 2008-03-20 17:30:52 0 d-a------ C:\Program Files\Java 2008-03-15 20:34:06 0 d-------- C:\Documents and Settings\francois lambert\Application Data\ZoomBrowser EX 2008-02-25 21:05:00 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart> 2008-02-21 18:29:20 0 d-------- C:\Program Files\AFT software 2008-02-10 19:26:15 796672 --a------ C:\WINDOWS\GPInstall.exe <Not Verified; Qsc; GP-Install> 2008-02-01 11:17:40 587264 --a------ C:\WINDOWS\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Galerie de photos Windows Live> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}] C:\WINDOWS\system32\fccdawv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56145F37-5416-431B-8A49-5BBA6F2993C0}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D3BB487D-0EF1-4135-AE08-AA34733937DF}] C:\WINDOWS\system32\vtsqr.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CHotkey"="zHotkey.exe" [2004-05-17 21:30 C:\WINDOWS\zHotkey.exe] "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 11:45] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 14:22] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 14:19] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 14:23] "SoundMan"="SOUNDMAN.EXE" [2004-07-01 14:58 C:\WINDOWS\SOUNDMAN.EXE] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 09:00] "Motive SmartBridge"="C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe" [2004-05-19 10:24] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-02-21 09:49] "Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 12:49] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [] "{0B-BF-FB-B1-DW}"="C:\WINDOWS\system32\wem4\begmgr11.exe" [2008-02-14 10:42] "LSA Shellu"="C:\Documents and Settings\francois lambert\lsass.exe" [2008-03-25 16:15] "PCLEUSBTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2006-01-23 15:42] "PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 00:26] "USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [2005-12-21 10:14] "USBToolTip"="C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2006-01-23 15:42] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 19:09] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45] "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}"= C:\WINDOWS\system32\fccdawv.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccdawv] fccdawv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kscacl] kscacl.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtsqr.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^KODAK Software Updater.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\KODAK Software Updater.lnk backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^francois lambert^Menu Démarrer^Programmes^Démarrage^PowerReg Scheduler V3.exe] path=C:\Documents and Settings\francois lambert\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler V3.exe backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^francois lambert^Menu Démarrer^Programmes^Démarrage^PowerReg Scheduler.exe] path=C:\Documents and Settings\francois lambert\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler.exe backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd] ALCWZRD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Outlook] C:\PROGRA~1\MICROS~3\Office\OUTLOOK.EXE Outlook:Inbox /recycle [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe "ShowWnd"=ShowWnd.exe -- End of Deckard's System Scanner: finished at 2008-03-31 21:05:55 ------------ |
|
|
|
|
03-31-2008, 09:51 PM
|
#4 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,948
OS: Windows 7 Ultimate
|
Re: Spyware, Adware, Trojan, Malware and internet explorer crash
Hi franc11,
Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. Also be sure to carry out the instructions in the sequence listed below. Please stick with me until I say your system is clean, as this is going to take a few rounds to cleanup -------------------------------------------------------------- Multiple Antivirus It appears that you are running two antivirus programs: 1) Norton AntiVirus 2) avast! AntiVirus It does not provide you with any extra protection though it may seem so. On the contrary these two programs may interfere with each other creating serious problems regarding security vulnerability as well as system stability. Uninstall one of these two and keep the other of your choice. -------------------------------------------------------------- P2P Software I see you have P2P software ( BitLord 1.1, LimeWire 4.16.6, & Morpheus 5.0) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. -------------------------------------------------------------- Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/comb...o-use-combofix IMPORTANT: Make sure you install the Recovery Console before running ComboFix. Reply back with the following:
__________________
Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
|
|
|
|
04-03-2008, 03:42 PM
|
#5 (permalink) |
|
Registered User
Join Date: Mar 2008
Posts: 7
OS: Win XP
|
Re: Spyware, Adware, Trojan, Malware and internet explorer crash
Hi, I'm very sorry for the late answer. Seems like I needed to press internet explorer refresh button in order to see any new messages on a this page I already visited. I never saw your message before today.
ComboFix 08-04-03.3 - francois lambert 2008-04-03 17:23:14.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.578 [GMT -4:00] Endroit: C:\Documents and Settings\francois lambert\Bureau\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\francois lambert\lsass.exe C:\Documents and Settings\francois lambert\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk C:\Documents and Settings\LocalService\Application Data\NetMon C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt C:\Program Files\montorgueil C:\Program Files\montorgueil\14.03239 C:\Program Files\montorgueil\ParisVoyeur\ParisVoyeur.ico C:\Program Files\montorgueil\PhotosVideos\PhotosVideos.ico C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\Temp\gbRve12 C:\Temp\gbRve12\csLioes.log C:\WINDOWS\Fonts\' C:\WINDOWS\Fonts\a.zip C:\WINDOWS\system32\aqVreo18 C:\WINDOWS\system32\aqVreo18\aqVreo182328.exe C:\WINDOWS\system32\msnav32.ax C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\rqstv.ini C:\WINDOWS\system32\rqstv.ini2 C:\WINDOWS\uninstall_nmon.vbs C:\WINDOWS\ZnJhbmNvaXMgbGFtYmVydA\ . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CMDSERVICE -------\Legacy_NETWORK_MONITOR -------\Service_cmdService ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-03 to 2008-04-03 )))))))))))))))))))))))))))))))))))) . 2008-04-03 16:37 . 2008-04-03 16:42 <REP> d-------- C:\Documents and Settings\francois lambert\Application Data\U3 2008-03-31 21:02 . 2008-03-31 21:02 <REP> d-------- C:\Program Files\Trend Micro 2008-03-31 16:19 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-03-31 16:19 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-03-31 16:15 . 2008-03-31 16:15 <REP> d-------- C:\Program Files\Windows Live Favorites 2008-03-30 17:32 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-03-30 12:01 . 2008-03-30 12:10 161,792 --a------ C:\WINDOWS\mmproxy_40.mdb 2008-03-30 12:01 . 2008-03-30 12:08 155,648 --a------ C:\WINDOWS\mmproxy_40_Backup.mdb 2008-03-30 11:55 . 2008-03-30 11:55 <REP> d-------- C:\Program Files\AIST 2008-03-30 11:20 . 2008-03-30 11:20 <REP> d-------- C:\WINDOWS\avdv2.drv 2008-03-30 11:05 . 2008-03-30 11:24 17 --a------ C:\WINDOWS\MovingPicture.ini 2008-03-30 10:18 . 2008-03-30 10:18 <REP> d-------- C:\Program Files\proDAD 2008-03-30 09:55 . 2008-03-30 11:16 <REP> d-------- C:\Program Files\AdorageI-SAL 2008-03-30 09:55 . 2008-03-30 11:18 <REP> d-------- C:\Program Files\AdorageI-GfxDatas 2008-03-29 23:28 . 2008-03-29 23:28 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-03-29 20:54 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-03-29 20:53 . 2008-03-29 20:53 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-03-29 20:45 . 2008-03-31 17:00 <REP> d-------- C:\Program Files\Windows Live 2008-03-29 20:45 . 2008-03-29 20:50 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-03-29 20:45 . 2008-03-29 20:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-27 20:06 . 2002-07-26 17:02 153,088 --a------ C:\Program Files\UNWISE.EXE 2008-03-27 19:57 . 2008-03-27 19:58 455 --a------ C:\WINDOWS\VFO.VST 2008-03-27 19:57 . 2008-03-27 19:57 44 --a------ C:\WINDOWS\system32\blue.SITENAME 2008-03-27 19:15 . 2008-03-27 19:15 <REP> d-------- C:\Program Files\SmartSound Software 2008-03-27 19:15 . 2008-03-27 19:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc 2008-03-27 19:14 . 2004-02-24 12:04 41,219 --a------ C:\WINDOWS\RSETPATH.exe 2008-03-27 19:14 . 2005-02-09 11:59 14,165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys 2008-03-27 19:14 . 2008-04-01 22:56 1,208 --a------ C:\WINDOWS\VFO.INI 2008-03-27 19:14 . 2004-09-08 08:28 0 -rahs---- C:\__Argon__.tmp 2008-03-27 19:11 . 2008-03-27 19:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio 2008-03-27 19:05 . 2006-04-11 16:03 233,472 --------- C:\WINDOWS\system32\DiskIO.dll 2008-03-27 19:05 . 2006-04-11 16:03 184,320 --------- C:\WINDOWS\system32\RALMain.dll 2008-03-27 19:05 . 2005-06-02 19:28 171,008 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys 2008-03-27 19:05 . 2004-01-02 13:28 126,976 --------- C:\WINDOWS\system32\AVIPrAx.dll 2008-03-27 19:05 . 2001-12-11 23:21 73,728 --------- C:\WINDOWS\system32\MMAviAx.dll 2008-03-27 19:05 . 2006-07-06 14:32 39,936 --------- C:\WINDOWS\system32\CacheX.dll 2008-03-27 19:05 . 2005-12-12 16:57 32,768 --------- C:\WINDOWS\system32\MLPagAx.dll 2008-03-27 19:01 . 2008-03-30 11:20 <REP> d-------- C:\Program Files\Pinnacle 2008-03-27 19:01 . 2008-03-27 19:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle 2008-03-27 19:00 . 2008-03-27 19:00 <REP> d-------- C:\Documents and Settings\francois lambert\Application Data\InstallShield 2008-03-26 21:26 . 2008-03-26 21:26 <REP> d-------- C:\Documents and Settings\francois lambert\Application Data\Uniblue 2008-03-25 22:19 . 2008-03-25 22:19 <REP> d-------- C:\Deckard 2008-03-25 21:34 . 2008-03-25 21:34 <REP> d-------- C:\Program Files\SpywareBlaster 2008-03-25 21:34 . 2008-03-26 21:35 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-25 17:20 . 2008-03-25 17:20 <REP> d-------- C:\Program Files\PrevxCSI 2008-03-25 17:20 . 2008-04-03 17:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI 2008-03-25 17:20 . 2008-04-03 17:30 10,880 --a------ C:\WINDOWS\system32\drivers\pxark.sys 2008-03-25 16:18 . 2008-03-25 16:18 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2008-03-25 16:15 . 2008-03-25 16:15 <REP> d-------- C:\WINDOWS\system32\wem4 2008-03-25 16:15 . 2008-03-25 19:33 <REP> d-------- C:\WINDOWS\system32\UDE 2008-03-25 16:15 . 2008-03-25 16:15 <REP> d-------- C:\WINDOWS\system32\ide 2008-03-25 16:15 . 2008-03-25 19:33 <REP> d-------- C:\WINDOWS\system32\hcb 2008-03-21 11:25 . 2008-03-21 11:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI 2008-03-21 10:55 . 2008-03-21 10:55 0 --a------ C:\WINDOWS\ativpsrm.bin 2008-03-21 10:28 . 2008-03-21 10:28 <REP> d-------- C:\Program Files\Virtual VCR 2008-03-08 08:14 . 2008-04-03 17:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-08 08:14 . 2008-03-08 08:14 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-08 08:13 . 2008-03-08 08:13 <REP> d-------- C:\Program Files\iTunes 2008-03-08 08:13 . 2008-03-08 08:13 <REP> d-------- C:\Program Files\iPod 2008-03-08 08:11 . 2008-03-08 08:11 <REP> d-------- C:\Program Files\QuickTime 2008-03-06 11:40 . 2008-03-06 11:40 <REP> d--hs---- C:\WINDOWS\ftpcache . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-03 21:31 --------- d-----w C:\Program Files\HardwareDetection 2008-04-03 20:59 --------- d---a-w C:\Program Files\Fichiers communs\Symantec Shared 2008-04-03 20:58 --------- d---a-w C:\Program Files\Norton AntiVirus 2008-04-03 20:57 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Symantec 2008-04-01 22:55 --------- d-----w C:\Documents and Settings\francois lambert\Application Data\ZoomBrowser EX 2008-04-01 22:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser 2008-03-31 20:15 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-03-27 23:23 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-27 23:14 --------- d-----w C:\Program Files\DivX 2008-03-26 01:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-03-25 23:33 --------- d---a-w C:\Program Files\CyberLink 2008-03-23 22:02 --------- d-----w C:\Program Files\LimeWire 2008-03-23 15:07 --------- d-----w C:\Documents and Settings\francois lambert\Application Data\AdobeUM 2008-03-22 11:26 --------- d-----w C:\Program Files\GameShadow 2008-03-21 15:25 --------- d-----w C:\Documents and Settings\francois lambert\Application Data\ATI 2008-03-21 15:10 --------- d-----w C:\Program Files\ATI Technologies 2008-03-20 21:30 --------- d---a-w C:\Program Files\Java 2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys 2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll 2008-02-21 22:29 --------- d-----w C:\Program Files\AFT software 2008-02-10 23:26 796,672 ----a-w C:\WINDOWS\GPInstall.exe 2008-02-01 15:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR 2006-06-14 22:41 298 ----a-w C:\Program Files\INSTALL.LOG 2005-04-16 19:58 25,621 --sh--w C:\WINDOWS\Fonts\bd3pm.bak1 2005-04-17 19:58 25,763 --sh--w C:\WINDOWS\Fonts\bd3pm.bak2 . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56145F37-5416-431B-8A49-5BBA6F2993C0}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D3BB487D-0EF1-4135-AE08-AA34733937DF}] C:\WINDOWS\system32\vtsqr.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 19:09 15360] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472] "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CHotkey"="zHotkey.exe" [2004-05-17 21:30 543232 C:\WINDOWS\zHotkey.exe] "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 11:45 135214] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 14:22 94208] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 14:19 77824] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 14:23 114688] "SoundMan"="SOUNDMAN.EXE" [2004-07-01 14:58 73728 C:\WINDOWS\SOUNDMAN.EXE] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 09:00 79224] "Motive SmartBridge"="C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe" [2004-05-19 10:24 385024] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-02-21 09:49 180269] "Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 12:49 50688] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [ ] "{0B-BF-FB-B1-DW}"="c:\windows\system32\rwwnw64d.exe" [2008-04-03 17:34 49174] "PCLEUSBTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2006-01-23 15:42 196608] "PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 00:26 406016] "USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [2005-12-21 10:14 73728] "USBToolTip"="C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2006-01-23 15:42 196608] "g]eeV\mWhjlnspB"="C:\WINDOWS\system32\mcntokdn.exe" [2008-04-03 17:34 196678] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 19:09 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccdawv] fccdawv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kscacl] kscacl.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^KODAK Software Updater.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\KODAK Software Updater.lnk backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^francois lambert^Menu Démarrer^Programmes^Démarrage^PowerReg Scheduler V3.exe] path=C:\Documents and Settings\francois lambert\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler V3.exe backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^francois lambert^Menu Démarrer^Programmes^Démarrage^PowerReg Scheduler.exe] path=C:\Documents and Settings\francois lambert\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler.exe backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2004-07-02 22:49 57344 C:\WINDOWS\ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd] --a------ 2004-07-05 21:05 2550272 C:\WINDOWS\ALCWZRD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Outlook] -ra------ 1998-12-16 17:09 57393 C:\PROGRA~1\MICROS~3\Office\OUTLOOK.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio] --a------ 2004-03-17 18:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2003-10-31 22:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM] --a------ 2004-03-11 18:18 135168 C:\Program Files\Digital Media Reader\shwiconem.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] --a------ 2005-09-02 21:49 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2005-02-21 09:49 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe "ShowWnd"=ShowWnd.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\ICQLite\\ICQLite.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Jeux\\Starwars_battleground\\Star Wars Galactic Battlegrounds\\Game\\Battlegrounds.exe"= "C:\\Program Files\\BitLord\\BitLord.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-04-03 17:30] R1 SSHDRV65;SSHDRV65;C:\WINDOWS\System32\drivers\SSHDRV65.sys [2005-01-01 16:36] R1 SSHDRV85;SSHDRV85;C:\WINDOWS\system32\drivers\SSHDRV85.sys [2005-01-24 13:24] R2 CSIScanner;CSIScanner;"C:\Program Files\PrevxCSI\\PrevxCSI.exe" /service [] S3 gsplittm;gsplittm;C:\DOCUME~1\FRANCO~1\LOCALS~1\Temp\gsplittm.sys [] S3 PCD65X2;PCD65X2;C:\DOCUME~1\FRANCO~1\LOCALS~1\Temp\PCD65X2.sys [] S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-04 11:38] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K] \Shell\AutoRun\command - K:\LaunchU3.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-03-28 21:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe "2008-03-29 03:46:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2005-09-05 23:05:54 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-03 17:34:11 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "g]eeV\\mWhjlnspB"="C:\\WINDOWS\\system32\\mcntokdn.exe DWram" . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\PrevxCSI\PrevxCSI.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\PrevxCSI\PrevxCSI.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\NetAssistant\bin\mpbtn.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe . ************************************************************************** . Temps d'accomplissement: 2008-04-03 17:37:43 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-03 21:37:40 Pre-Run: 123,641,040,896 octets libres Post-Run: 126,931,992,576 octets libres . 2008-03-31 21:00:59 --- E O F --- |
|
|
|
|
04-03-2008, 06:50 PM
|
#6 (permalink) | |
|
Analyst, Security Team
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,948
OS: Windows 7 Ultimate
|
Re: Spyware, Adware, Trojan, Malware and internet explorer crash
franc11,
Open notepad and copy/paste the text in the quotebox below into it: Quote:
 Referring to the picture above, drag CFScript into ComboFix.exe Follow the prompts, and post the resulting log, C:\ComboFix.txt Warning: Do not mouseclick combofix's window whilst it's running. That may cause it to stall -------------------------------------------------------------- Please download ATF Cleaner * Double-click ATF-Cleaner.exe to run the program. * Click Select All found at the bottom of the list. * Click the Empty Selected button. If you use Firefox browser, do this also: * Click Firefox at the top and choose Select All from the list. * Click the Empty Selected button. * NOTE : If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser, do this also: * Click Opera at the top and choose Select All from the list. * Click the Empty Selected button. * NOTE : If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. -------------------------------------------------------------- Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component.
-------------------------------------------------------------- Please reply back with the following logs: C:\ComboFix.txt Kaspersky online scan results Update on how your system is behaving?
__________________
Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
|
|
|
|
|
04-04-2008, 05:49 PM
|
#7 (permalink) |
|
Registered User
Join Date: Mar 2008
Posts: 7
OS: Win XP
|
Re: Spyware, Adware, Trojan, Malware and internet explorer crash
Combo Fix
ComboFix 08-04-03.3 - francois lambert 2008-04-04 16:03:01.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.683 [GMT -4:00] Endroit: C:\Documents and Settings\francois lambert\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\francois lambert\Bureau\CFScript.txt * Création d'un nouveau point de restauration FILE :: C:\WINDOWS\GPInstall.exe C:\WINDOWS\system32\mcntokdn.exe c:\windows\system32\rwwnw64d.exe C:\WINDOWS\system32\vbzip10.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\francois lambert\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk C:\WINDOWS\ftpcache C:\WINDOWS\GPInstall.exe C:\WINDOWS\system32\hcb C:\WINDOWS\system32\ide C:\WINDOWS\system32\ide\TGbn1dll.exe C:\WINDOWS\system32\msnav32.ax c:\windows\system32\rwwnw64d.exe C:\WINDOWS\system32\UDE C:\WINDOWS\system32\vbzip10.dll C:\WINDOWS\system32\wem4 C:\WINDOWS\system32\wem4\begmgr11.exe C:\WINDOWS\system32\zxdnt3d.cfg . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))))))) . 2008-04-03 17:35 . 2008-04-03 17:35 935 --a------ C:\WINDOWS\system32\winpfz33.sys 2008-04-03 16:37 . 2008-04-03 16:42 <REP> d-------- C:\Documents and Settings\francois lambert\Application Data\U3 2008-03-31 21:02 . 2008-03-31 21:02 <REP> d-------- C:\Program Files\Trend Micro 2008-03-31 16:19 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-03-31 16:19 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-03-31 16:15 . 2008-03-31 16:15 <REP> d-------- C:\Program Files\Windows Live Favorites 2008-03-30 17:32 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-03-30 12:01 . 2008-03-30 12:10 161,792 --a------ C:\WINDOWS\mmproxy_40.mdb 2008-03-30 12:01 . 2008-03-30 12:08 155,648 --a------ C:\WINDOWS\mmproxy_40_Backup.mdb 2008-03-30 11:55 . 2008-03-30 11:55 <REP> d-------- C:\Program Files\AIST 2008-03-30 11:20 . 2008-03-30 11:20 <REP> d-------- C:\WINDOWS\avdv2.drv 2008-03-30 11:05 . 2008-03-30 11:24 17 --a------ C:\WINDOWS\MovingPicture.ini 2008-03-30 10:18 . 2008-03-30 10:18 <REP> d-------- C:\Program Files\proDAD 2008-03-30 09:55 . 2008-03-30 11:16 <REP> d-------- C:\Program Files\AdorageI-SAL 2008-03-30 09:55 . 2008-03-30 11:18 <REP> d-------- C:\Program Files\AdorageI-GfxDatas 2008-03-29 23:28 . 2008-03-29 23:28 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-03-29 20:54 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2008-03-29 20:53 . 2008-03-29 20:53 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-03-29 20:45 . 2008-03-31 17:00 <REP> d-------- C:\Program Files\Windows Live 2008-03-29 20:45 . 2008-03-29 20:50 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-03-29 20:45 . 2008-03-29 20:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-03-27 20:06 . 2002-07-26 17:02 153,088 --a------ C:\Program Files\UNWISE.EXE 2008-03-27 19:57 . 2008-03-27 19:58 455 --a------ C:\WINDOWS\VFO.VST 2008-03-27 19:57 . 2008-03-27 19:57 44 --a------ C:\WINDOWS\system32\blue.SITENAME 2008-03-27 19:15 . 2008-03-27 19:15 <REP> d-------- C:\Program Files\SmartSound Software 2008-03-27 19:15 . 2008-03-27 19:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc 2008-03-27 19:14 . 2004-02-24 12:04 41,219 --a------ C:\WINDOWS\RSETPATH.exe 2008-03-27 19:14 . 2005-02-09 11:59 14,165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys 2008-03-27 19:14 . 2008-04-01 22:56 1,208 --a------ C:\WINDOWS\VFO.INI 2008-03-27 19:14 . 2004-09-08 08:28 0 -rahs---- C:\__Argon__.tmp 2008-03-27 19:11 . 2008-03-27 19:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio 2008-03-27 19:05 . 2006-04-11 16:03 233,472 --------- C:\WINDOWS\system32\DiskIO.dll 2008-03-27 19:05 . 2006-04-11 16:03 184,320 --------- C:\WINDOWS\system32\RALMain.dll 2008-03-27 19:05 . 2005-06-02 19:28 171,008 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys 2008-03-27 19:05 . 2004-01-02 13:28 126,976 --------- C:\WINDOWS\system32\AVIPrAx.dll 2008-03-27 19:05 . 2001-12-11 23:21 73,728 --------- C:\WINDOWS\system32\MMAviAx.dll 2008-03-27 19:05 . 2006-07-06 14:32 39,936 --------- C:\WINDOWS\system32\CacheX.dll 2008-03-27 19:05 . 2005-12-12 16:57 32,768 --------- C:\WINDOWS\system32\MLPagAx.dll 2008-03-27 19:01 . 2008-03-30 11:20 <REP> d-------- C:\Program Files\Pinnacle 2008-03-27 19:01 . 2008-03-27 19:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle 2008-03-27 19:00 . 2008-03-27 19:00 <REP> d-------- C:\Documents and Settings\francois lambert\Application Data\InstallShield 2008-03-26 21:26 . 2008-03-26 21:26 <REP> d-------- C:\Documents and Settings\francois lambert\Application Data\Uniblue 2008-03-25 22:19 . 2008-03-25 22:19 <REP> d-------- C:\Deckard 2008-03-25 21:34 . 2008-03-25 21:34 <REP> d-------- C:\Program Files\SpywareBlaster 2008-03-25 21:34 . 2008-03-26 21:35 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-25 17:20 . 2008-03-25 17:20 <REP> d-------- C:\Program Files\PrevxCSI 2008-03-25 17:20 . 2008-04-03 17:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI 2008-03-25 17:20 . 2008-04-03 17:30 10,880 --a------ C:\WINDOWS\system32\drivers\pxark.sys 2008-03-21 11:25 . 2008-03-21 11:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI 2008-03-21 10:55 . 2008-03-21 10:55 0 --a------ C:\WINDOWS\ativpsrm.bin 2008-03-21 10:28 . 2008-03-21 10:28 <REP> d-------- C:\Program Files\Virtual VCR 2008-03-08 08:14 . 2008-04-04 16:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-08 08:14 . 2008-03-08 08:14 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-08 08:13 . 2008-03-08 08:13 <REP> d-------- C:\Program Files\iTunes 2008-03-08 08:13 . 2008-03-08 08:13 <REP> d-------- C:\Program Files\iPod 2008-03-08 08:11 . 2008-03-08 08:11 <REP> d-------- C:\Program Files\QuickTime . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-03 21:31 --------- d-----w C:\Program Files\HardwareDetection 2008-04-03 20:59 --------- d---a-w C:\Program Files\Fichiers communs\Symantec Shared 2008-04-03 20:58 --------- d---a-w C:\Program Files\Norton AntiVirus 2008-04-03 20:57 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Symantec 2008-04-01 22:55 --------- d-----w C:\Documents and Settings\francois lambert\Application Data\ZoomBrowser EX 2008-04-01 22:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser 2008-03-31 20:15 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-03-27 23:23 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-27 23:14 --------- d-----w C:\Program Files\DivX 2008-03-26 01:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-03-25 23:33 --------- d---a-w C:\Program Files\CyberLink 2008-03-23 22:02 --------- d-----w C:\Program Files\LimeWire 2008-03-23 15:07 --------- d-----w C:\Documents and Settings\francois lambert\Application Data\AdobeUM 2008-03-22 11:26 --------- d-----w C:\Program Files\GameShadow 2008-03-21 15:25 --------- d-----w C:\Documents and Settings\francois lambert\Application Data\ATI 2008-03-21 15:10 --------- d-----w C:\Program Files\ATI Technologies 2008-03-20 21:30 --------- d---a-w C:\Program Files\Java 2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys 2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll 2008-02-21 22:29 --------- d-----w C:\Program Files\AFT software 2008-02-01 15:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR 2006-06-14 22:41 298 ----a-w C:\Program Files\INSTALL.LOG 2005-04-16 19:58 25,621 --sh--w C:\WINDOWS\Fonts\bd3pm.bak1 2005-04-17 19:58 25,763 --sh--w C:\WINDOWS\Fonts\bd3pm.bak2 . ((((((((((((((((((((((((((((( snapshot@2008-04-03_17.37.28.17 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-03 21:33:38 62,344 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-04-04 19:58:26 62,344 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-04-03 21:33:39 75,266 ----a-w C:\WINDOWS\system32\perfc00C.dat + 2008-04-04 19:58:26 75,266 ----a-w C:\WINDOWS\system32\perfc00C.dat - 2008-04-03 21:33:39 401,064 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-04-04 19:58:26 401,064 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-04-03 21:33:39 468,072 ----a-w C:\WINDOWS\system32\perfh00C.dat + 2008-04-04 19:58:26 468,072 ----a-w C:\WINDOWS\system32\perfh00C.dat + 2008-04-04 20:08:25 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5cc.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 19:09 15360] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472] "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CHotkey"="zHotkey.exe" [2004-05-17 21:30 543232 C:\WINDOWS\zHotkey.exe] "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 11:45 135214] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 14:22 94208] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 14:19 77824] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 14:23 114688] "SoundMan"="SOUNDMAN.EXE" [2004-07-01 14:58 73728 C:\WINDOWS\SOUNDMAN.EXE] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 09:00 79224] "Motive SmartBridge"="C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe" [2004-05-19 10:24 385024] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-02-21 09:49 180269] "Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 12:49 50688] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [ ] "PCLEUSBTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2006-01-23 15:42 196608] "PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 00:26 406016] "USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [2005-12-21 10:14 73728] "USBToolTip"="C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2006-01-23 15:42 196608] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 19:09 15360] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^KODAK Software Updater.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\KODAK Software Updater.lnk backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^francois lambert^Menu Démarrer^Programmes^Démarrage^PowerReg Scheduler V3.exe] path=C:\Documents and Settings\francois lambert\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler V3.exe backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup [HKLM\~\startupfolder\C:^Documents and Settings^francois lambert^Menu Démarrer^Programmes^Démarrage^PowerReg Scheduler.exe] path=C:\Documents and Settings\francois lambert\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler.exe backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd] --a------ 2004-07-05 21:05 2550272 C:\WINDOWS\ALCWZRD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Outlook] -ra------ 1998-12-16 17:09 57393 C:\PROGRA~1\MICROS~3\Office\OUTLOOK.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio] --a------ 2004-03-17 18:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2003-10-31 22:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM] --a------ 2004-03-11 18:18 135168 C:\Program Files\Digital Media Reader\shwiconem.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] --a------ 2005-09-02 21:49 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2005-02-21 09:49 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe "ShowWnd"=ShowWnd.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\ICQLite\\ICQLite.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Jeux\\Starwars_battleground\\Star Wars Galactic Battlegrounds\\Game\\Battlegrounds.exe"= "C:\\Program Files\\BitLord\\BitLord.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-04-03 17:30] R1 SSHDRV65;SSHDRV65;C:\WINDOWS\System32\drivers\SSHDRV65.sys [2005-01-01 16:36] R1 SSHDRV85;SSHDRV85;C:\WINDOWS\system32\drivers\SSHDRV85.sys [2005-01-24 13:24] R2 CSIScanner;CSIScanner;"C:\Program Files\PrevxCSI\\PrevxCSI.exe" /service [] S3 gsplittm;gsplittm;C:\DOCUME~1\FRANCO~1\LOCALS~1\Temp\gsplittm.sys [] S3 PCD65X2;PCD65X2;C:\DOCUME~1\FRANCO~1\LOCALS~1\Temp\PCD65X2.sys [] S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-04 11:38] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K] \Shell\AutoRun\command - K:\LaunchU3.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-03-28 21:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe "2008-03-29 03:46:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2005-09-05 23:05:54 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-04 16:09:11 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\PrevxCSI\PrevxCSI.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\PrevxCSI\PrevxCSI.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\NetAssistant\bin\mpbtn.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe . ************************************************************************** . Temps d'accomplissement: 2008-04-04 16:12:48 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-04 20:12:44 ComboFix2.txt 2008-04-03 21:37:44 Pre-Run: 126,908,956,672 octets libres Post-Run: 126,889,635,840 octets libres . 2008-03-31 21:00:59 --- E O F --- Kaspersky ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Friday, April 04, 2008 7:43:07 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 4/04/2008 Kaspersky Anti-Virus database records: 682197 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: false Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan Statistics: Total number of scanned objects: 97324 Number of viruses found: 10 Number of infected objects: 20 Number of suspicious objects: 0 Duration of the scan process: 01:16:41 Infected Object Name / Virus Name / Last Action C:\Deckard\System Scanner\20080331210455\backup\DOCUME~1\FRANCO~1\LOCALS~1\Temp\WinAntiSpyware2006Setup.exe/file03 Infected: not-a-virus:FraudTool.Win32.WinAnti skipped C:\Deckard\System Scanner\20080331210455\backup\DOCUME~1\FRANCO~1\LOCALS~1\Temp\WinAntiSpyware2006Setup.exe Inno: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\francois lambert\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped C:\Documents and Settings\francois lambert\Application Data\Sun\Java\Deployment\cache\6.0\34\4e8812a2-1065e63a Infected: Trojan-Downloader.Java.OpenStream.y skipped C:\Documents and Settings\francois lambert\Application Data\Sun\Java\Deployment\cache\6.0\39\200077e7-6e76a465/BlackBox.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\francois lambert\Application Data\Sun\Java\Deployment\cache\6.0\39\200077e7-6e76a465/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\francois lambert\Application Data\Sun\Java\Deployment\cache\6.0\39\200077e7-6e76a465/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped C:\Documents and Settings\francois lambert\Application Data\Sun\Java\Deployment\cache\6.0\39\200077e7-6e76a465 ZIP: infected - 3 skipped C:\Documents and Settings\francois lambert\Cookies\index.dat Object is locked skipped C:\Documents and Settings\francois lambert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\francois lambert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\francois lambert\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\francois lambert\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\francois lambert\Mes documents\Incomplete\T-3545425-sonate clair de lune.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped C:\Documents and Settings\francois lambert\NTUSER.DAT Object is locked skipped C:\Documents and Settings\francois lambert\NTUSER.DAT.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt Object is locked skipped C:\Program Files\NetAssistant\log\mpbtn.log Object is locked skipped C:\Program Files\NetAssistant\SmartBridge\AlertFilter.log Object is locked skipped C:\Program Files\NetAssistant\SmartBridge\log\httpclient.log Object is locked skipped C:\Program Files\NetAssistant\SmartBridge\SmartBridge.log Object is locked skipped C:\QooBox\Quarantine\C\Documents and Settings\francois lambert\lsass.exe.vir Infected: Trojan.Win32.VB.cng skipped C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir ZIP: infected - 1 skipped C:\QooBox\Quarantine\C\WINDOWS\system32\aqVreo18\aqVreo182328.exe.vir Infected: Trojan-Downloader.Win32.VB.dht skipped C:\QooBox\Quarantine\C\WINDOWS\system32\rwwnw64d.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.am skipped C:\QooBox\Quarantine\C\WINDOWS\system32\wem4\begmgr11.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.am skipped C:\System Volume Information\_restore{FD800764-76F2-4733-8454-F2186A20644F}\RP1119\A0093348.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.am skipped C:\System Volume Information\_restore{FD800764-76F2-4733-8454-F2186A20644F}\RP1143\A0095211.exe Infected: Trojan-Downloader.Win32.VB.dht skipped C:\System Volume Information\_restore{FD800764-76F2-4733-8454-F2186A20644F}\RP1143\A0095216.exe Infected: Trojan.Win32.VB.cng skipped C:\System Volume Information\_restore{FD800764-76F2-4733-8454-F2186A20644F}\RP1143\A0096326.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.aw skipped C:\System Volume Information\_restore{FD800764-76F2-4733-8454-F2186A20644F}\RP1144\A0096373.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.am skipped C:\System Volume Information\_restore{FD800764-76F2-4733-8454-F2186A20644F}\RP1144\A0096377.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.am skipped C:\System Volume Information\_restore{FD800764-76F2-4733-8454-F2186A20644F}\RP1144\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{18EC50DF-04A1-43E3-965D-518CDF828A54}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_5cc.dat Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. Update on my computer Seems ok for now. Still slow to load at connection, but might not be the caused by viruses,most probably because of the amount of programs running at connection. One strange thing though, each time I do a "restart" on my computer, I always end up with a black screen,before even getting to the windows XP password page. Then I have to reboot the computer. I was notdoing this before. Thank you! |
|
|
|
|
04-05-2008, 10:28 AM
|
#8 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,948
OS: Windows 7 Ultimate
|
Re: Spyware, Adware, Trojan, Malware and internet explorer crash
Unfortunately, I'm not seeing anything malware related, which could be causing your problems:
------------------------------------------- Please download ATF Cleaner * Double-click ATF-Cleaner.exe to run the program. * Click Select All found at the bottom of the list. * Click the Empty Selected button. If you use Firefox browser, do this also: * Click Firefox at the top and choose Select All from the list. * Click the Empty Selected button. * NOTE : If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser, do this also: * Click Opera at the top and choose Select All from the list. * Click the Empty Selected button. * NOTE : If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. ----------------------------------------- Please go to: VirusTotal
If VirusTotal is busy, try the same at Jotti Please repeat the same steps for the following file: C:\WINDOWS\Fonts\bd3pm.bak2 ----------------------------------------------- Please reply back with the results from the VirusTotal scans
__________________
Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum Last edited by forhockey; 04-05-2008 at 10:30 AM. |
|
|
|
|
04-05-2008, 10:47 AM
|
#9 (permalink) |
|
Registered User
Join Date: Mar 2008
Posts: 7
OS: Win XP
|
Re: Spyware, Adware, Trojan, Malware and internet explorer crash
Fichier bd3pm.bak1 reçu le 2008.04.05 18:34:27 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE Résultat: 0/32 (0%) en train de charger les informations du serveur... Votre fichier est dans la file d'attente, en position: 3. L'heure estimée de démarrage est entre 45 et 65 secondes. Ne fermez pas la fenêtre avant la fin de l'analyse. L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats. Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier. Votre fichier est, en ce moment, en cours d'analyse par VirusTotal, les résultats seront affichés au fur et à mesure de leur génération. Formaté Impression des résultats Votre fichier a expiré ou n'existe pas. Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie. Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée. Email: Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.4.4.1 2008.04.04 - AntiVir 7.6.0.81 2008.04.04 - Authentium 4.93.8 2008.04.05 - Avast 4.7.1098.0 2008.04.04 - AVG 7.5.0.516 2008.04.05 - BitDefender 7.2 2008.04.05 - CAT-QuickHeal 9.50 2008.04.05 - ClamAV 0.92.1 2008.04.05 - DrWeb 4.44.0.09170 2008.04.05 - eSafe 7.0.15.0 2008.04.01 - eTrust-Vet 31.3.5672 2008.04.04 - Ewido 4.0 2008.04.05 - F-Prot 4.4.2.54 2008.04.05 - F-Secure 6.70.13260.0 2008.04.05 - FileAdvisor 1 2008.04.05 - Fortinet 3.14.0.0 2008.04.05 - Ikarus T3.1.1.20 2008.04.05 - Kaspersky 7.0.0.125 2008.04.05 - McAfee 5267 2008.04.04 - Microsoft 1.3408 2008.04.05 - NOD32v2 3004 2008.04.05 - Norman 5.80.02 2008.04.04 - Panda 9.0.0.4 2008.04.05 - Prevx1 V2 2008.04.05 - Rising 20.38.60.00 2008.04.03 - Sophos 4.28.0 2008.04.05 - Sunbelt 3.0.1032.0 2008.04.05 - Symantec 10 2008.04.05 - TheHacker 6.2.92.265 2008.04.04 - VBA32 3.12.6.3 2008.03.25 - VirusBuster 4.3.26:9 2008.04.04 - Webwasher-Gateway 6.6.2 2008.04.04 - Information additionnelle File size: 25621 bytes MD5...: 043d13691cbc1f4fe6c4f8604bf6a255 SHA1..: 4730945df8da167c6e7494aa991901f0d2d2cbd2 SHA256: 17fd78115bff342af6721f4f69cd68ee3c3fa15caed3a759f4a7c3d69ab27153 SHA512: bb2835f1802f82109d0bf0f884bb9932badbdf21e5120011535f9f92de358909 456acebcf410645b76bbea7118cb5c22424d2861c9a7cd1f0834e8336530fd85 PEiD..: - PEInfo: - Fichier bd3pm.bak2 reçu le 2008.04.05 18:43:36 (CET) Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE Résultat: 0/33 (0%) en train de charger les informations du serveur... Votre fichier est dans la file d'attente, en position: 3. L'heure estimée de démarrage est entre 45 et 65 secondes. Ne fermez pas la fenêtre avant la fin de l'analyse. L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats. Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier. Votre fichier est, en ce moment, en cours d'analyse par VirusTotal, les résultats seront affichés au fur et à mesure de leur génération. Formaté Impression des résultats Votre fichier a expiré ou n'existe pas. Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie. Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée. Email: Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.4.4.1 2008.04.04 - AntiVir 7.6.0.81 2008.04.04 - Authentium 4.93.8 2008.04.05 - Avast 4.7.1098.0 2008.04.04 - AVG 7.5.0.516 2008.04.05 - BitDefender 7.2 2008.04.05 - CAT-QuickHeal 9.50 2008.04.05 - ClamAV 0.92.1 2008.04.05 - DrWeb 4.44.0.09170 2008.04.05 - eSafe 7.0.15.0 2008.04.01 - eTrust-Vet 31.3.5672 2008.04.04 - Ewido 4.0 2008.04.05 - F-Prot 4.4.2.54 2008.04.05 - F-Secure 6.70.13260.0 2008.04.05 - FileAdvisor 1 2008.04.05 - Fortinet 3.14.0.0 2008.04.05 - Ikarus T3.1.1.20.0 2008.04.05 - Kaspersky 7.0.0.125 2008.04.05 - McAfee 5267 2008.04.04 - Microsoft 1.3408 2008.04.05 - NOD32v2 3004 2008.04.05 - Norman 5.80.02 2008.04.04 - Panda 9.0.0.4 2008.04.05 - Prevx1 V2 2008.04.05 - Rising 20.38.60.00 2008.04.03 - Sophos 4.28.0 2008.04.05 - Sunbelt 3.14.0.0 2008.04.05 - Sunbelt 3.0.1032.0 2008.04.05 - Symantec 10 2008.04.05 - TheHacker 6.2.92.265 2008.04.04 - VBA32 3.12.6.3 2008.03.25 - VirusBuster 4.3.26:9 2008.04.04 - Webwasher-Gateway 6.6.2 2008.04.04 - Information additionnelle File size: 25763 bytes MD5...: c4b016557945b9d1ae09849236de5613 SHA1..: a83ae044ded3166e0d8a9fc71f22aad1d198d7d3 SHA256: 18b4003ba0222cc16c5182917762181ca27487f45929863559b331350d079aa7 SHA512: 4149986bb28bc74729ae40c34c415cb6f297633d5b3872f8c2bf4889efad76ff bf9ffcdcc42679c08ccfa5ec2ab32da5eb69abf85908d1b796779f3b5980ee4f PEiD..: - PEInfo: - |
|
|
|
|
04-05-2008, 01:00 PM
|
#10 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,948
OS: Windows 7 Ultimate
|
Re: Spyware, Adware, Trojan, Malware and internet explorer crash
Hi franc11,
Please download Malwarebytes' Anti-Malware to your desktop.
__________________
Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
|
|
|
|
04-07-2008, 03:03 PM
|
#11 (permalink) |
|
Registered User
Join Date: Mar 2008
Posts: 7
OS: Win XP
|
Re: Spyware, Adware, Trojan, Malware and internet explorer crash
Malwarebytes' Anti-Malware 1.10
Version de la base de données: 598 Type de recherche: Examen complet (C:\|F:\|G:\|H:\|I:\|) Eléments examinés: 131576 Temps écoulé: 39 minute(s), 6 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 3 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 7 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\asearchassist.adefaultsearch.1 (Adware.Accoona) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\abar.abarband.1 (Adware.Accoona) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\QooBox\Quarantine\C\WINDOWS\uninstall_nmon.vbs.vir (Malware.Trace) -> Quarantined and deleted successfully. C:\QooBox\Quarantine\C\WINDOWS\system32\wem4\begmgr11.exe.vir (Adware.ZenoSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{FD800764-76F2-4733-8454-F2186A20644F}\RP1118\A0093336.dll (Adware.TargetSaver) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{FD800764-76F2-4733-8454-F2186A20644F}\RP1119\A0093348.exe (Adware.ZenoSearch) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{FD800764-76F2-4733-8454-F2186A20644F}\RP1143\A0095215.vbs (Malware.Trace) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{FD800764-76F2-4733-8454-F2186A20644F}\RP1144\A0096373.exe (Adware.ZenoSearch) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jkhhh.exe (Trojan.Vundo) -> Quarantined and deleted successfully. |
|
|
|
|
04-07-2008, 04:49 PM
|
#12 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,948
OS: Windows 7 Ultimate
|
Re: Spyware, Adware, Trojan, Malware and internet explorer crash
Hi franc11,
Well done, your logs are clean! There are just a few more things I would like you to do. The following procedure will clear out ComboFix.exe, as well as the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point. Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK: ComboFix /u ---------------------------------------------------------------- Microsoft Updates It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection. Malware Prevention Tools These programs configure your computer to prevent known malware-related changes. You can have more than one of these at a time and they take up minimal resources.
Alternative Web Browsers Using an alternative browser can help prevent malware from being installed without your knowledge, but may not work on all websites. Firewalls If you do not have a firewall, here are a few free ones available for personal use: Understanding and Using Firewalls Informational Reading In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:
Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
|
|
|
|
04-08-2008, 05:47 PM
|
#14 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,948
OS: Windows 7 Ultimate
|
Re: Spyware, Adware, Trojan, Malware and internet explorer crash
Was a pleasure. Safe surfing!
__________________
Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
|
|
|
| Thread Tools | |
|
|
