Christfire
2008-04-15, 08:05
I thought there was a simple way to remove it but as I read threads I see that this is a little bit more complicate and it seems to be different for everybody(CFScript file..). So, I hope somebody will help me, here is my ComboFix log.
Thank you
David
ComboFix 08-04-14.2 - David 2008-04-15 0:40:58.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.462 [GMT -4:00]
Endroit: C:\Documents and Settings\David\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
The following files were disabled during the run:
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\David\Application Data\macromedia\Flash Player\#SharedObjects\N6T3QEZS\www.broadcaster.com
C:\Documents and Settings\David\Application Data\macromedia\Flash Player\#SharedObjects\N6T3QEZS\www.broadcaster.com\BCLUserPrefs.sol
C:\Documents and Settings\David\Application Data\macromedia\Flash Player\#SharedObjects\N6T3QEZS\www.broadcaster.com\played_list.sol
C:\Documents and Settings\David\Application Data\macromedia\Flash Player\#SharedObjects\N6T3QEZS\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\David\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\David\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\OUvwyccf.ini
C:\WINDOWS\system32\OUvwyccf.ini2
C:\WINDOWS\system32\QAKmmUvw.ini
C:\WINDOWS\system32\QAKmmUvw.ini2
C:\WINDOWS\system32\vttjswkf.ini
C:\WINDOWS\system32\yavbvhvr.ini
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-15 to 2008-04-15 ))))))))))))))))))))))))))))))))))))
.
2008-04-14 11:19 . 2008-04-14 11:19 <REP> d-------- C:\Program Files\Enigma Software Group
2008-04-13 22:51 . 2008-04-13 22:51 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-13 22:51 . 2008-04-13 23:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-13 22:41 . 2008-04-13 22:43 <REP> d-------- C:\Program Files\SpywareBlaster
2008-04-13 22:41 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-04-13 15:15 . 2008-04-13 15:15 <REP> d-------- C:\WINDOWS\McAfee.com
2008-04-13 14:05 . 2008-04-13 14:05 129,536 --a----t- C:\WINDOWS\system32\DarkSpyKernel.sys
2008-04-13 13:04 . 2008-04-13 13:04 <REP> d-------- C:\kav
2008-04-12 10:13 . 2008-04-13 13:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-12 03:07 . 2008-04-14 11:46 101,119 --a------ C:\WINDOWS\BM5f8d95fe.xml
2008-04-11 18:04 . 2008-04-11 18:04 <REP> d-------- C:\Program Files\GameSpy Arcade
2008-04-11 17:58 . 2008-04-11 17:58 <REP> d-------- C:\Program Files\Eidos
2008-04-11 17:49 . 2008-04-11 17:49 <REP> d-------- C:\Program Files\Smart Projects
2008-04-11 15:08 . 2008-03-29 14:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-04-11 15:08 . 2008-03-29 14:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-04-11 15:08 . 2008-01-17 11:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-04-11 15:08 . 2008-03-29 14:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-11 15:08 . 2008-03-29 14:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-04-11 15:08 . 2008-03-29 14:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-04-11 15:08 . 2008-03-29 14:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-04-11 15:08 . 2008-03-29 14:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-11 15:07 . 2008-04-11 15:07 <REP> d-------- C:\Program Files\Alwil Software
2008-04-11 15:07 . 2008-03-29 14:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-04-11 15:07 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-04-11 14:59 . 2008-04-11 14:59 38,400 --a------ C:\WINDOWS\system32\opnopOHB.dll.bak
2008-03-28 23:08 . 2008-03-28 23:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-03-20 12:46 . 2008-03-20 12:46 <REP> d-------- C:\Documents and Settings\NetworkService\Mes documents
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 04:44 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-04-14 03:59 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-13 17:17 --------- d-----w C:\Program Files\Lavasoft
2008-04-13 16:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-13 16:16 --------- d-----w C:\Program Files\LimeWire
2008-04-13 16:15 --------- d-----w C:\Program Files\America's Army Server Manager
2008-04-13 16:15 --------- d-----w C:\Program Files\America's Army
2008-04-11 19:23 --------- d-----w C:\Documents and Settings\David\Application Data\Azureus
2008-04-09 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-07 04:37 --------- d-----w C:\Program Files\mIRC
2008-03-30 22:38 --------- d-----w C:\Program Files\MSN Messenger
2008-03-30 22:38 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-12 05:41 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-08 06:04 --------- d-----w C:\Program Files\Azureus
2008-03-01 05:01 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-01 04:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-25 03:51 --------- d-----w C:\Documents and Settings\David\Application Data\Canon
2008-02-23 03:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\PassMark
2008-02-01 16:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-05-19 06:20 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-08-21 01:58 0 ----a-w C:\Documents and Settings\David\Application Data\wklnhst.dat
2005-09-12 16:57 56 --sh--r C:\WINDOWS\system32\3154A52CE7.sys
2005-09-12 19:51 56 --sh--r C:\WINDOWS\system32\7CE60FCB2F.sys
2005-09-12 19:51 5,018 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C4058CF-D464-4506-8E5A-E1CEF6B8DDFD}]
C:\WINDOWS\system32\wvUmmKAQ.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66C9237B-3B0D-41F7-98FD-DADCC3F31C8F}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D7BF7385-3A28-46F9-99D8-353AD5DF6481}]
C:\WINDOWS\system32\fccywvUO.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F997E142-F579-4F8E-B1D3-35D4B6472444}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"V0220Mon.exe"="C:\WINDOWS\V0220Mon.exe" [2006-06-29 01:01 32768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-16 18:54 155648]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 10:00 49152]
"nwiz"="nwiz.exe" [2005-10-10 22:49 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 22:49 7286784]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2006-04-11 22:57 1042000]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 13:50 155648]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 14:12 53248]
"ledpointer"="CNYHKey.exe" [2004-02-03 11:15 5794816 C:\WINDOWS\CNYHKey.exe]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 15:34 64512]
"Dit"="Dit.exe" [2004-07-20 12:18 90112 C:\WINDOWS\Dit.exe]
"Cmaudio"="cmicnfg.cpl" []
"CHotkey"="mHotkey.exe" [2004-02-24 08:05 508416 C:\WINDOWS\mHotkey.exe]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 19:44 20480]
"AOLDialer"="C:\Program Files\Fichiers communs\AOLSHARE\AOLDialReg.exe" [ ]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 17:49 77824]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"5cbea662"="C:\WINDOWS\system32\rvhvbvay.dll" [ ]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 15:47 847872]
"BM5f8d95fe"="C:\WINDOWS\system32\oosbdcty.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 08:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnopOHB]
opnopOHB.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Messenger\\Msmsgs.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Sierra\\Empire Earth II\\EE2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\THQ\\Company of Heroes\\Archive.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\EA Games\\Command and Conquer Generals\\game.dat"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Eidos\\Pyro Studios\\Commandos 3 - Destination Berlin\\commandos3.exe"=
"C:\\kav\\kav7\\setup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
R3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 16:13]
S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-04-15 00:44]
S3 DarkSpy;DarkSpy;C:\WINDOWS\system32\DarkSpyKernel.sys [2008-04-13 14:05]
S3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\system32\DRIVERS\V0220Dev.sys [2006-06-29 13:58]
S3 V0220Vfx;V0220VFX;C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys [2006-06-08 16:00]
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 00:46:23
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 3
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-15 0:51:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-15 04:51:14
Pre-Run: 299,416,805,376 octets libres
Post-Run: 302,796,677,120 octets libres
.
2008-04-13 20:39:42 --- E O F ---
Thank you
David
ComboFix 08-04-14.2 - David 2008-04-15 0:40:58.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.462 [GMT -4:00]
Endroit: C:\Documents and Settings\David\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
The following files were disabled during the run:
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\David\Application Data\macromedia\Flash Player\#SharedObjects\N6T3QEZS\www.broadcaster.com
C:\Documents and Settings\David\Application Data\macromedia\Flash Player\#SharedObjects\N6T3QEZS\www.broadcaster.com\BCLUserPrefs.sol
C:\Documents and Settings\David\Application Data\macromedia\Flash Player\#SharedObjects\N6T3QEZS\www.broadcaster.com\played_list.sol
C:\Documents and Settings\David\Application Data\macromedia\Flash Player\#SharedObjects\N6T3QEZS\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\David\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\David\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\OUvwyccf.ini
C:\WINDOWS\system32\OUvwyccf.ini2
C:\WINDOWS\system32\QAKmmUvw.ini
C:\WINDOWS\system32\QAKmmUvw.ini2
C:\WINDOWS\system32\vttjswkf.ini
C:\WINDOWS\system32\yavbvhvr.ini
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-15 to 2008-04-15 ))))))))))))))))))))))))))))))))))))
.
2008-04-14 11:19 . 2008-04-14 11:19 <REP> d-------- C:\Program Files\Enigma Software Group
2008-04-13 22:51 . 2008-04-13 22:51 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-13 22:51 . 2008-04-13 23:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-13 22:41 . 2008-04-13 22:43 <REP> d-------- C:\Program Files\SpywareBlaster
2008-04-13 22:41 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-04-13 15:15 . 2008-04-13 15:15 <REP> d-------- C:\WINDOWS\McAfee.com
2008-04-13 14:05 . 2008-04-13 14:05 129,536 --a----t- C:\WINDOWS\system32\DarkSpyKernel.sys
2008-04-13 13:04 . 2008-04-13 13:04 <REP> d-------- C:\kav
2008-04-12 10:13 . 2008-04-13 13:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-12 03:07 . 2008-04-14 11:46 101,119 --a------ C:\WINDOWS\BM5f8d95fe.xml
2008-04-11 18:04 . 2008-04-11 18:04 <REP> d-------- C:\Program Files\GameSpy Arcade
2008-04-11 17:58 . 2008-04-11 17:58 <REP> d-------- C:\Program Files\Eidos
2008-04-11 17:49 . 2008-04-11 17:49 <REP> d-------- C:\Program Files\Smart Projects
2008-04-11 15:08 . 2008-03-29 14:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-04-11 15:08 . 2008-03-29 14:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-04-11 15:08 . 2008-01-17 11:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-04-11 15:08 . 2008-03-29 14:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-11 15:08 . 2008-03-29 14:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-04-11 15:08 . 2008-03-29 14:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-04-11 15:08 . 2008-03-29 14:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-04-11 15:08 . 2008-03-29 14:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-11 15:07 . 2008-04-11 15:07 <REP> d-------- C:\Program Files\Alwil Software
2008-04-11 15:07 . 2008-03-29 14:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-04-11 15:07 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-04-11 14:59 . 2008-04-11 14:59 38,400 --a------ C:\WINDOWS\system32\opnopOHB.dll.bak
2008-03-28 23:08 . 2008-03-28 23:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-03-20 12:46 . 2008-03-20 12:46 <REP> d-------- C:\Documents and Settings\NetworkService\Mes documents
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 04:44 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-04-14 03:59 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-13 17:17 --------- d-----w C:\Program Files\Lavasoft
2008-04-13 16:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-13 16:16 --------- d-----w C:\Program Files\LimeWire
2008-04-13 16:15 --------- d-----w C:\Program Files\America's Army Server Manager
2008-04-13 16:15 --------- d-----w C:\Program Files\America's Army
2008-04-11 19:23 --------- d-----w C:\Documents and Settings\David\Application Data\Azureus
2008-04-09 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-07 04:37 --------- d-----w C:\Program Files\mIRC
2008-03-30 22:38 --------- d-----w C:\Program Files\MSN Messenger
2008-03-30 22:38 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-12 05:41 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-08 06:04 --------- d-----w C:\Program Files\Azureus
2008-03-01 05:01 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-01 04:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-25 03:51 --------- d-----w C:\Documents and Settings\David\Application Data\Canon
2008-02-23 03:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\PassMark
2008-02-01 16:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-05-19 06:20 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-08-21 01:58 0 ----a-w C:\Documents and Settings\David\Application Data\wklnhst.dat
2005-09-12 16:57 56 --sh--r C:\WINDOWS\system32\3154A52CE7.sys
2005-09-12 19:51 56 --sh--r C:\WINDOWS\system32\7CE60FCB2F.sys
2005-09-12 19:51 5,018 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C4058CF-D464-4506-8E5A-E1CEF6B8DDFD}]
C:\WINDOWS\system32\wvUmmKAQ.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66C9237B-3B0D-41F7-98FD-DADCC3F31C8F}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D7BF7385-3A28-46F9-99D8-353AD5DF6481}]
C:\WINDOWS\system32\fccywvUO.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F997E142-F579-4F8E-B1D3-35D4B6472444}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"V0220Mon.exe"="C:\WINDOWS\V0220Mon.exe" [2006-06-29 01:01 32768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-16 18:54 155648]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 10:00 49152]
"nwiz"="nwiz.exe" [2005-10-10 22:49 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 22:49 7286784]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2006-04-11 22:57 1042000]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 13:50 155648]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 14:12 53248]
"ledpointer"="CNYHKey.exe" [2004-02-03 11:15 5794816 C:\WINDOWS\CNYHKey.exe]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 15:34 64512]
"Dit"="Dit.exe" [2004-07-20 12:18 90112 C:\WINDOWS\Dit.exe]
"Cmaudio"="cmicnfg.cpl" []
"CHotkey"="mHotkey.exe" [2004-02-24 08:05 508416 C:\WINDOWS\mHotkey.exe]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 19:44 20480]
"AOLDialer"="C:\Program Files\Fichiers communs\AOLSHARE\AOLDialReg.exe" [ ]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 17:49 77824]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"5cbea662"="C:\WINDOWS\system32\rvhvbvay.dll" [ ]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 15:47 847872]
"BM5f8d95fe"="C:\WINDOWS\system32\oosbdcty.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 08:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnopOHB]
opnopOHB.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Messenger\\Msmsgs.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Sierra\\Empire Earth II\\EE2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\THQ\\Company of Heroes\\Archive.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\EA Games\\Command and Conquer Generals\\game.dat"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Eidos\\Pyro Studios\\Commandos 3 - Destination Berlin\\commandos3.exe"=
"C:\\kav\\kav7\\setup.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
R3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 16:13]
S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-04-15 00:44]
S3 DarkSpy;DarkSpy;C:\WINDOWS\system32\DarkSpyKernel.sys [2008-04-13 14:05]
S3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\system32\DRIVERS\V0220Dev.sys [2006-06-29 13:58]
S3 V0220Vfx;V0220VFX;C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys [2006-06-08 16:00]
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 00:46:23
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 3
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-15 0:51:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-15 04:51:14
Pre-Run: 299,416,805,376 octets libres
Post-Run: 302,796,677,120 octets libres
.
2008-04-13 20:39:42 --- E O F ---