PDA

View Full Version : Help Virtumonde !


aIRONE
2008-09-07, 19:10
Please Help me. I've got a the virtumonde trojan for the second time.

I've run ComboFix and hijackthis. Here are the logs.

ComboFix:

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\Erwan\LOCALS~1\Temp\E_4
C:\DOCUME~1\Erwan\LOCALS~1\Temp\E_4\com.run
C:\DOCUME~1\Erwan\LOCALS~1\Temp\E_4\dp1.fne
C:\DOCUME~1\Erwan\LOCALS~1\Temp\E_4\eAPI.fne
C:\DOCUME~1\Erwan\LOCALS~1\Temp\E_4\internet.fne
C:\DOCUME~1\Erwan\LOCALS~1\Temp\E_4\krnln.fnr
C:\DOCUME~1\Erwan\LOCALS~1\Temp\E_4\RegEx.fnr
C:\DOCUME~1\Erwan\LOCALS~1\Temp\E_4\shell.fne
C:\DOCUME~1\Erwan\LOCALS~1\Temp\E_4\spec.fne
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\autorun.exe
C:\Documents and Settings\Erwan\Application Data\pcpriv.exe
C:\Documents and Settings\Erwan\Application Data\printer.exe
C:\Documents and Settings\Erwan\Application Data\temp.dll
C:\Documents and Settings\Erwan\Menu Démarrer\Programmes\Démarrage\findfast.exe
C:\WINDOWS\BM0f3a7b47.txt
C:\WINDOWS\BM0f3a7b47.xml
C:\WINDOWS\shell.exe
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\spoolvs.exe
C:\WINDOWS\system32\Update.exe
C:\WINDOWS\system32\wowfx.dll

----- BITS: Possible sites infect‚s -----

http://hqsextube08.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))))))))
.

2008-09-07 11:44 . 2008-09-07 11:44 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ATI
2008-09-07 10:12 . 2008-09-07 10:12 <REP> d-------- C:\Program Files\Lavasoft
2008-09-07 10:12 . 2008-09-07 10:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-07 10:11 . 2008-09-07 10:11 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-06 23:55 . 2008-09-06 23:55 3,692 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-06 23:54 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-06 23:54 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-06 23:54 . 2008-09-02 23:58 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-06 23:54 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-09-06 23:54 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-09-06 23:54 . 2008-08-28 22:36 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-06 23:54 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-06 23:54 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-09-06 23:54 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-06 23:54 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-09-06 15:59 . 2008-09-06 15:59 <REP> d-------- C:\WINDOWS\system32\xlib254.dll
2008-09-06 15:59 . 2008-09-06 15:59 <REP> d-------- C:\WINDOWS\system32\append.dll
2008-09-05 10:52 . 2008-09-05 10:52 13,312 ---hs---- C:\WINDOWS\system32\winhcreg.exe
2008-09-05 10:51 . 2008-09-05 10:50 1,097,728 ---h----- C:\WINDOWS\system32\krnln.fnr
2008-09-05 10:51 . 2008-09-05 10:50 323,584 ---h----- C:\WINDOWS\system32\eAPI.fne
2008-09-05 10:51 . 2008-09-05 10:50 270,336 ---h----- C:\WINDOWS\system32\com.run
2008-09-05 10:51 . 2008-09-05 10:50 217,088 ---h----- C:\WINDOWS\system32\RegEx.fnr
2008-09-05 10:51 . 2008-09-05 10:50 184,320 ---h----- C:\WINDOWS\system32\internet.fne
2008-09-05 10:51 . 2008-09-05 10:50 114,688 ---h----- C:\WINDOWS\system32\dp1.fne
2008-09-05 10:51 . 2008-09-05 10:50 73,728 ---h----- C:\WINDOWS\system32\spec.fne
2008-09-05 10:51 . 2008-09-05 10:50 40,960 ---h----- C:\WINDOWS\system32\shell.fne
2008-09-05 10:50 . 2008-09-05 10:50 1,515,591 ---h----- C:\WINDOWS\system32\XP-0DCCA70A.EXE
2008-09-05 10:50 . 2008-09-07 14:37 3,584 --ahs---- C:\WINDOWS\system32\og.EDT
2008-09-05 10:50 . 2008-09-07 17:41 2,404 --ahs---- C:\WINDOWS\system32\ul.dll
2008-09-05 10:50 . 2008-09-07 17:42 827 --ahs---- C:\WINDOWS\system32\og.dll
2008-09-05 09:30 . 2008-09-06 15:58 <REP> d-------- C:\Lyrics
2008-09-05 09:29 . 2008-09-06 15:59 <REP> d-------- C:\Documents and Settings\Erwan\Application Data\MiniLyrics
2008-09-05 09:28 . 2008-09-06 15:49 <REP> d-------- C:\Program Files\Minilyrics
2008-09-05 09:11 . 2008-09-05 09:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-05 09:11 . 2008-09-05 09:11 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-18 13:27 . 2008-08-18 13:27 34,312 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-08-18 13:19 . 2008-08-18 13:19 53,256 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2008-08-18 13:18 . 2008-08-18 13:18 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 15:42 --------- d-----w C:\Documents and Settings\Erwan\Application Data\skypePM
2008-09-07 15:42 --------- d-----w C:\Documents and Settings\Erwan\Application Data\Skype
2008-09-07 15:37 --------- d-----w C:\Documents and Settings\Erwan\Application Data\Azureus
2008-09-07 15:26 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-09-07 10:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-07 09:27 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-05 09:43 --------- d-----w C:\Program Files\The KMPlayer
2008-07-13 07:23 --------- d-----w C:\Program Files\Lecteur CANALPLAY
2008-07-13 07:23 --------- d-----w C:\Program Files\dBpoweramp
2008-07-12 20:07 232 ----a-w C:\ffmpeg_debug.bat
2008-07-12 20:07 225 ----a-w C:\ffmpeg.bat
2008-07-12 08:04 --------- d-----w C:\Program Files\Maple 11
2008-07-08 11:18 --------- d-----w C:\Program Files\Skype
2008-07-08 11:18 --------- d-----w C:\Program Files\Fichiers communs\Skype
2008-07-07 19:24 --------- d-----w C:\Program Files\Picasa2
2008-07-07 19:15 --------- d-----w C:\Program Files\Google
2008-03-04 07:55 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-21 23:05 22,328 ----a-w C:\Documents and Settings\Erwan\Application Data\PnkBstrK.sys
2007-08-30 10:09 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2007-08-30 10:33 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
2007-08-30 10:33 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007083020070831\index.dat
2007-08-30 10:09 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-08-21 495616]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"Google Update"="C:\Documents and Settings\Erwan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe" [2007-11-11 6731312]
"Look 'n' Stop"="C:\Program Files\Soft4Ever\looknstop\looknstop.exe" [2007-09-30 376900]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-05 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"LifeChat"="C:\Program Files\Microsoft LifeChat\LifeChat.exe" [2007-01-26 259440]
"XP-0DCCA70A"="C:\WINDOWS\system32\XP-0DCCA70A.EXE" [2008-09-05 1515591]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 C:\WINDOWS\RTHDCPL.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)
"LockTaskbar"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"MaxRecentDocs"= 15 (0xf)
"NoInstrumentation"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"DisallowCpl"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"vidc.yv12"= yv12vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= DivXa32.acm
"msacm.imc"= imc32.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.fvfw"= ffvfw.dll
"msacm.avis"= ffvfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Erwan^Menu Démarrer^Programmes^Démarrage^IcoSauve.lnk]
path=C:\Documents and Settings\Erwan\Menu Démarrer\Programmes\Démarrage\IcoSauve.lnk
backup=C:\WINDOWS\pss\IcoSauve.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Erwan^Menu Démarrer^Programmes^Démarrage^Tencent QQ.lnk]
path=C:\Documents and Settings\Erwan\Menu Démarrer\Programmes\Démarrage\Tencent QQ.lnk
backup=C:\WINDOWS\pss\Tencent QQ.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\[u]0/uc0948db

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2008-04-23 02:08 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 19:04 139264 C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BT Softphone 2]
--a------ 2008-01-29 07:43 13791232 C:\Program Files\BT Softphone 2\BTSoftphone2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
--a------ 2008-06-05 17:50 231424 C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-19 18:09 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]
--a------ 2006-07-28 22:04 110592 C:\WINDOWS\ATK0100\HControl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-12-10 21:52 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 13:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NodLogin]
--a------ 2008-02-09 12:16 299260 C:\Program Files\Eset\ESET NOD32 Antivirus\nodlogin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--------- 2003-11-10 16:06 406016 C:\WINDOWS\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
--------- 2006-01-04 16:18 81920 C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime Alternative\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-08-18 18:41 1832272 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-12-28 15:30 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipDiscount]
--a------ 2007-05-31 16:22 7419456 C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 20:49 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 19:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HCWemmon]
--a------ 2007-03-29 22:22 61440 C:\WINDOWS\HCWemmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--a------ 2005-05-27 07:12 544768 C:\WINDOWS\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 BtHidBus;Bluetooth HID Bus Service;C:\WINDOWS\system32\Drivers\BtHidBus.sys [2008-01-21 21512]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-08-18 34312]
R1 lnsfw1;lnsfw1;C:\WINDOWS\system32\drivers\lnsfw1.sys [2007-09-30 76160]
R2 BlueSoleilCS;BlueSoleilCS;C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2008-06-05 778240]
R2 BsMobileCS;BsMobileCS;C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2008-06-04 143467]
R3 BsHelpCS;BsHelpCS;C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2008-06-04 69735]
R3 IvtBtBUs;IVT Bluetooth Bus Service;C:\WINDOWS\system32\Drivers\IvtBtBus.sys [2008-01-21 26248]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;C:\WINDOWS\system32\Drivers\BUSB2902.sys [2006-07-03 110272]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
S3 USB28xxBGA;WinTV HVR-900;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-01-30 361728]
S3 USB28xxOEM;WinTV OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-01-30 39680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23ec3946-ae57-11dc-9f04-0017313caf79}]
\Shell\Auto\command - F:\setup.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d418ec2-56ed-11dc-9ebc-ab2e4231b308}]
\Shell\1\Command - H:\Recycled.exe
\Shell\2\Command - H:\Recycled.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{133C767F-6EBA-484D-0405-010506060608}]
C:\WINDOWS\system32\Winddl.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -

BHO-{03BF372A-F579-4AD0-B0BC-4FF62788072C} - (no file)
BHO-{0BC85CDA-7D1E-4215-BCF4-0FD9B605F1E5} - (no file)
BHO-{2A8D06B4-1B40-009F-E531-629A59080F43} - C:\Program Files\altcmd\altcmd32.dll
BHO-{530adb3e-8430-47fc-ad5f-29effee4e871} - (no file)
BHO-{5461682f-fb91-4156-b4e8-f0a4f7924452} - (no file)
BHO-{f2d06cc3-5487-4dbe-966a-0ffed225aa7c} - (no file)
HKCU-Run-Spoolsv - C:\WINDOWS\system32\spoolvs.exe
HKCU-Run-Microsoft Windows Update - Update.exe
Notify-ddcCUmLb - (no file)
Notify-WgaLogon - (no file)
MSConfigStartUp-0c0948db - C:\WINDOWS\system32\qekjqcdp.dll
MSConfigStartUp-ASUS Live Update - C:\Program Files\ASUS\ASUS Live Update\ALU.exe
MSConfigStartUp-BM0f3a7b47 - C:\WINDOWS\system32\ctqtjfnm.dll
MSConfigStartUp-CanalPlayer - C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe
MSConfigStartUp-CTCheck - C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
MSConfigStartUp-CTSyncU - C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
MSConfigStartUp-QQDownload - C:\Program Files\Tencent\QQDownload\QQDownload.exe
MSConfigStartUp-SoftickPPP - C:\Program Files\Softick\PPP\Bin\PPPGate.exe
MSConfigStartUp-Veoh - C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
MSConfigStartUp-VoipBuster - C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Erwan\Application Data\Mozilla\Firefox\Profiles\66n9fluz.default\
FF -: plugin - C:\Documents and Settings\Erwan\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 17:51:00
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\Erwan\LOCALS~1\Temp\mc22.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-07 17:58:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-07 15:58:33
ComboFix2.txt 2008-05-20 10:41:57

Pre-Run: 9,911,074,816 octets libres
Post-Run: 9,883,799,552 octets libres

339 --- E O F --- 2008-03-24 10:00:25













HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:02:22, on 07/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\WINDOWS\system32\XP-0DCCA70A.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Documents and Settings\Erwan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Soft4Ever\looknstop\looknstop.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wcache1.insa-rennes.fr:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe" /minimized
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [XP-0DCCA70A] C:\WINDOWS\system32\XP-0DCCA70A.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Erwan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: ¡¡¡¡¡¡.lnk = C:\WINDOWS\system32\XP-0DCCA70A.EXE
O8 - Extra context menu item: Add to QQ Customized Emoticons - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: Add to QQ Emotions - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send picture by MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Send Picture with QQ MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O8 - Extra context menu item: Upload to QQ Network Hard Disk - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: Ìí¼Óµ½QQ±íÇé - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0CBDA9D-7870-4161-A402-D8D5A8C50E71}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\system32\drivers\svchost.exe (file missing)

--
End of file - 12829 bytes




Thank You for Helping me.
pskelley
2008-09-14, 01:46
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Make sure you read and follow the directions, anything else will slow the process and waste both of our time. I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.
The junk can be tough to remove, so do not expect fast or easy.

Do NOT run 'FIXES' before helpers have analyzed the HJT log
http://forums.spybot.info/showthread.php?t=16806

The Waiting Room
http://forums.spybot.info/forumdisplay.php?f=37

If you still have malware issues, read the directions and post a new HJT log. Take the time to describe the issues and post any error messages you receive "word for word"

Thanks
pskelley
2008-09-20, 15:40
Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.