Myrmex
2008-09-16, 04:31
HI !
I'm having the same problem as tkajdi and in his last post he's having the same viruses that I have. I read the whole post and found it very useful. I downladed the program you suggest and I did every step. I also read all the other helpful informations, also Combo tutorials. I have the 2 report of HijackThis and ComboFix. I Know the step is almost the same but the information is different.
I'm in need of a little help over here 'cause i'm not an expert to this !!!
Thanks in advance !!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:23:08, on 2008-09-15
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "D:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKLM\..\Policies\Explorer\Run: [bA6S6Qcviw] C:\Documents and Settings\All Users\Application Data\clchifqf\orqtofal.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1219443526781
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219292211296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219292498218
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1219875709270&h=937cb15a789d1e1d17e858375279d852/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe
--
End of file - 8097 bytes
------------------------------------------------------
COMBOFIX LOG
------------------------------------------------------
ComboFix 08-09-15.02 - Pierre Luc 2008-09-15 21:27:50.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2506 [GMT -4:00]
Lancé depuis: C:\Documents and Settings\Pierre Luc\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\PCHealthCenter\0.gif
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\1.ico
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\2.ico
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\sc.html
C:\Program Files\PCHealthCenter\Thumbs.db
C:\WINDOWS\system32\lphctkuj0e7cv.exe
C:\WINDOWS\system32\phctkuj0e7cv.bmp
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-16 au 2008-09-16 ))))))))))))))))))))))))))))))))))))
.
2008-09-15 21:01 . 2008-09-15 21:01 <REP> d-------- C:\Program Files\Trend Micro
2008-09-15 18:40 . 2008-08-20 19:08 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-09-15 18:40 . 2008-08-20 19:08 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-15 18:40 . 2008-08-20 22:21 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-09-15 18:40 . 2008-08-20 19:08 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-15 18:40 . 2008-08-20 19:08 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-09-15 18:40 . 2008-08-20 19:08 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-09-15 18:40 . 2008-08-20 19:08 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-15 18:40 . 2008-09-15 18:40 <REP> d-------- C:\Documents and Settings\Administrateur
2008-09-15 18:04 . 2008-09-15 20:21 <REP> d-------- C:\Program Files\wfcogof
2008-09-14 13:56 . 2008-09-14 13:56 <REP> d-------- C:\Program Files\lmukwub
2008-09-13 21:58 . 2008-09-13 21:58 <REP> d-------- C:\Program Files\ofuojv
2008-09-13 21:23 . 2008-09-13 21:23 95 --a------ C:\WINDOWS\wininit.ini
2008-09-13 19:18 . 2008-09-13 19:18 <REP> d-------- C:\Program Files\Panda Security
2008-09-13 19:18 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-09-13 19:11 . 2008-09-13 19:11 <REP> d-------- C:\Program Files\sjeldfg
2008-09-13 16:32 . 2008-09-13 16:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Fighters
2008-09-13 12:45 . 2008-09-13 12:45 <REP> d-------- C:\Program Files\vmqbpcd
2008-09-12 16:55 . 2008-09-12 16:55 <REP> d-------- C:\Program Files\iPod
2008-09-12 16:55 . 2008-09-12 16:55 <REP> d-------- C:\Program Files\Bonjour
2008-09-12 16:55 . 2008-09-12 16:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-12 16:54 . 2008-09-12 16:55 <REP> d-------- C:\Program Files\QuickTime
2008-09-11 19:02 . 2008-09-11 19:02 268 --ah----- C:\sqmdata07.sqm
2008-09-11 19:02 . 2008-09-11 19:02 244 --ah----- C:\sqmnoopt07.sqm
2008-09-11 06:03 . 2008-09-11 06:03 268 --ah----- C:\sqmdata06.sqm
2008-09-11 06:03 . 2008-09-11 06:03 244 --ah----- C:\sqmnoopt06.sqm
2008-09-11 00:18 . 2008-09-11 00:18 268 --ah----- C:\sqmdata05.sqm
2008-09-11 00:18 . 2008-09-11 00:18 244 --ah----- C:\sqmnoopt05.sqm
2008-09-06 15:42 . 2008-09-06 16:21 <REP> d-------- C:\Program Files\ebtpojb
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-09-04 15:53 . 2008-09-15 22:04 <REP> d-------- C:\Program Files\PCHealthCenter
2008-09-04 15:53 . 2008-09-04 15:53 <REP> d-------- C:\Program Files\nuhkcnc
2008-09-04 15:53 . 2008-09-04 15:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\clchifqf
2008-09-02 22:16 . 2008-09-02 22:16 <REP> dr-h----- C:\Documents and Settings\Pierre Luc\Application Data\SecuROM
2008-09-02 22:16 . 2008-09-02 22:16 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-08-31 23:26 . 2008-09-15 21:02 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-08-31 23:22 . 2008-09-03 19:32 <REP> d-------- C:\Documents and Settings\Pierre Luc\Application Data\Ahead
2008-08-31 23:22 . 2008-08-31 23:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-08-31 23:20 . 2008-08-31 23:21 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-08-31 23:20 . 2008-08-31 23:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-08-31 23:13 . 2008-08-31 23:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-08-29 17:47 . 2008-08-29 17:47 <REP> d-------- C:\Program Files\OpenAL
2008-08-29 17:46 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-08-29 17:46 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-08-29 17:46 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-08-29 17:46 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-08-29 17:45 . 2008-08-29 17:45 <REP> d-------- C:\WINDOWS\system32\xlive
2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll
2008-08-27 19:06 . 2008-07-18 22:09 29,896 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-08-27 18:23 . 2008-09-05 19:57 <REP> d-------- C:\Documents and Settings\Pierre Luc\Application Data\LimeWire
2008-08-27 18:21 . 2008-08-27 18:21 <REP> d-------- C:\WINDOWS\Sun
2008-08-27 18:21 . 2008-08-27 18:21 <REP> d-------- C:\Program Files\Java
2008-08-27 18:21 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-27 18:20 . 2008-08-27 18:20 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-08-26 22:16 . 2008-08-26 22:16 268 --ah----- C:\sqmdata04.sqm
2008-08-26 22:16 . 2008-08-26 22:16 244 --ah----- C:\sqmnoopt04.sqm
2008-08-26 21:15 . 2008-09-14 21:57 <REP> d-------- C:\Documents and Settings\Pierre Luc\Application Data\uTorrent
2008-08-26 20:43 . 2008-08-26 20:43 268 --ah----- C:\sqmdata03.sqm
2008-08-26 20:43 . 2008-08-26 20:43 244 --ah----- C:\sqmnoopt03.sqm
2008-08-25 20:05 . 2008-08-25 20:05 268 --ah----- C:\sqmdata02.sqm
2008-08-25 20:05 . 2008-08-25 20:05 244 --ah----- C:\sqmnoopt02.sqm
2008-08-24 19:41 . 2008-08-24 19:41 268 --ah----- C:\sqmdata01.sqm
2008-08-24 19:41 . 2008-08-24 19:41 244 --ah----- C:\sqmnoopt01.sqm
2008-08-24 17:17 . 2008-04-13 15:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-24 00:52 . 2008-08-24 00:52 268 --ah----- C:\sqmdata00.sqm
2008-08-24 00:52 . 2008-08-24 00:52 244 --ah----- C:\sqmnoopt00.sqm
2008-08-23 17:56 . 2008-08-24 00:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-23 17:54 . 2008-09-15 21:01 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-08-23 16:42 . 2008-09-12 17:00 <REP> d-------- C:\Program Files\Apple Software Update
2008-08-23 16:42 . 2008-08-29 18:02 <REP> d-------- C:\Documents and Settings\Pierre Luc\Application Data\Apple Computer
2008-08-23 16:42 . 2008-08-23 16:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-23 16:41 . 2008-09-12 16:54 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-08-23 16:41 . 2008-08-23 16:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-23 16:35 . 2008-09-13 12:54 <REP> d-------- C:\Documents and Settings\Pierre Luc\Contacts
2008-08-23 16:32 . 2008-08-23 16:32 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-23 15:57 . 2007-07-18 20:39 1,278,104 -ra------ C:\WINDOWS\system32\drivers\LV302V32.SYS
2008-08-23 15:50 . 2008-08-23 15:57 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2008-08-23 15:50 . 2008-08-23 15:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-08-23 13:06 . 2008-08-23 13:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-08-23 13:00 . 2008-08-23 16:34 <REP> d-------- C:\Program Files\Windows Live
2008-08-23 13:00 . 2008-08-23 16:33 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-08-23 13:00 . 2008-08-23 16:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-23 12:58 . 2008-08-23 12:58 <REP> d-------- C:\Documents and Settings\Pierre Luc\Application Data\MSNInstaller
2008-08-21 17:51 . 2008-08-21 17:51 0 --a------ C:\WINDOWS\msicpl.ini
2008-08-21 17:50 . 2008-09-15 22:05 53 --a------ C:\biosinfo
2008-08-21 17:41 . 2007-04-12 11:44 115,830 --a------ C:\WINDOWS\system32\nvapps.xml
2008-08-21 17:39 . 2007-04-12 23:51 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-08-21 17:29 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-21 17:29 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-21 00:36 . 2008-08-21 00:36 <REP> d-------- C:\WINDOWS\system32\fr
2008-08-21 00:36 . 2008-08-21 00:36 <REP> d-------- C:\WINDOWS\l2schemas
2008-08-21 00:35 . 2008-08-21 00:35 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-08-21 00:31 . 2008-08-21 00:31 <REP> d-------- C:\WINDOWS\EHome
2008-08-21 00:27 . 2004-08-19 14:53 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-21 00:21 . 2008-08-21 00:21 13,742 --a------ C:\WINDOWS\system32\wpa.bak
2008-08-21 00:17 . 2008-07-18 22:10 45,768 --a------ C:\WINDOWS\system32\wups2.dll
2008-08-21 00:17 . 2008-07-18 22:10 38,088 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-08-21 00:17 . 2008-07-18 22:09 29,896 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-08-21 00:17 . 2008-07-18 22:09 22,216 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-08-21 00:13 . 2008-08-23 02:03 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-08-21 00:04 . 2007-11-27 21:56 116,416 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
2008-08-21 00:04 . 2007-11-27 21:56 91,328 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
2008-08-21 00:03 . 2008-08-21 00:36 <REP> d-------- C:\WINDOWS\system32\bits
2008-08-21 00:03 . 2008-05-15 16:15 53,168 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2008-08-21 00:03 . 2008-04-13 22:33 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-08-20 19:10 . 2008-04-13 21:57 58,752 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-08-20 19:10 . 2008-04-13 22:33 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-08-20 19:10 . 2001-08-17 17:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-08-20 19:09 . 2008-04-13 22:33 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2008-08-20 19:08 . 2008-08-20 19:08 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage r‚seau
2008-08-20 19:08 . 2008-08-20 19:08 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage d'impression
2008-08-20 19:08 . 2008-08-20 22:21 <REP> d--h----- C:\Documents and Settings\Default User\ModŠles
2008-08-20 19:08 . 2008-08-20 19:08 <REP> d-------- C:\Documents and Settings\Default User\Mes documents
2008-08-20 19:08 . 2008-08-20 19:08 <REP> dr------- C:\Documents and Settings\Default User\Menu D‚marrer
2008-08-20 19:08 . 2008-08-20 19:08 <REP> d-------- C:\Documents and Settings\Default User\Favoris
2008-08-20 19:08 . 2008-08-20 19:08 <REP> d-------- C:\Documents and Settings\Default User\Bureau
2008-08-20 19:08 . 2008-08-20 19:08 <REP> d--h----- C:\Documents and Settings\All Users\ModŠles
2008-08-20 19:08 . 2008-08-31 23:14 <REP> dr------- C:\Documents and Settings\All Users\Menu D‚marrer
2008-08-20 19:08 . 2008-08-20 19:08 <REP> d-------- C:\Documents and Settings\All Users\Favoris
2008-08-20 19:08 . 2008-08-22 18:31 <REP> dr------- C:\Documents and Settings\All Users\Documents
2008-08-20 19:08 . 2008-09-13 20:18 <REP> d-------- C:\Documents and Settings\All Users\Bureau
2008-08-20 19:07 . 2008-08-21 00:42 <REP> d--h----- C:\Documents and Settings\Default User
2008-08-20 19:07 . 2008-08-20 22:24 <REP> d-------- C:\Documents and Settings\All Users
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 02:06 --------- d-----w C:\Program Files\bxdddc
2008-09-16 02:05 98,304 ----a-w C:\WINDOWS\system32\kzsjgxqj.exe
2008-09-16 02:05 199,168 ----a-w C:\WINDOWS\system32\lphctkuj0e7cv.exe
2008-09-16 02:05 118,784 ----a-w C:\WINDOWS\system32\blphctkuj0e7cv.scr
2008-09-14 19:16 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2008-08-29 22:28 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-08-29 22:28 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-08-21 21:52 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-08-21 02:56 --------- d-----w C:\Documents and Settings\Pierre Luc\Application Data\InterTrust
2008-08-21 02:53 --------- d-----w C:\Program Files\Intel
2008-08-21 02:53 --------- d-----w C:\Program Files\Common Files
2008-08-21 02:51 --------- d-----w C:\Program Files\Intel Desktop Board
2008-08-21 02:47 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-08-21 02:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-21 02:47 --------- d-----w C:\Program Files\Realtek
2008-08-21 02:47 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-08-21 02:40 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-21 02:24 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-21 02:23 --------- d-----w C:\Program Files\Services en ligne
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"atchk"="C:\Program Files\Intel\AMT\atchk.exe" [2007-06-28 404248]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-08-08 67112]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-12 8429568]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-12-14 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-12-14 69632]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2006-12-14 217088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-12 81920]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="D:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"lphctkuj0e7cv"="C:\WINDOWS\system32\lphctkuj0e7cv.exe" [2008-09-15 199168]
"inrhcpkuj0e7cv"="C:\Documents and Settings\Pierre Luc\Local Settings\temp\.tt9.tmp.exe" [2008-09-15 1616607]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-28 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-04-12 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"bA6S6Qcviw"="C:\Documents and Settings\All Users\Application Data\clchifqf\orqtofal.exe" [2008-09-04 65536]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"strinfo"= {459D204A-9E2A-9643-BAA2-046A72BF866D} - C:\Program Files\bxdddc\strinfo.dll [2008-09-15 122880]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Program Files\\LimeWire\\LimeWire.exe"=
"D:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Program Files\\Eidos\\Kane and Lynch Dead Men\\kaneandlynch.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R2 atchksrv;Intel(R) Active Management Technology System Status Service;C:\Program Files\Intel\AMT\atchksrv.exe [2007-06-28 183064]
R2 LMS;Intel(R) Active Management Technology Local Management Service;C:\Program Files\Intel\AMT\LMS.exe [2007-06-28 109336]
R2 OcHealthMon;Windows Live OneCare Health Monitor;C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe [2008-08-08 28200]
R2 UNS;Intel(R) Active Management Technology User Notification Service;C:\Program Files\Intel\AMT\UNS.exe [2007-06-28 2554648]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [ ]
.
Contenu du dossier 'Tƒches planifi‚es'
.
.
------- Examen suppl‚mentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.msn.com
R0 -: HKLM-Main,Start Page = hxxp://www.msn.com
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-15 22:05:39
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cach‚s ...
C:\WINDOWS\explorer.exe [1936] 0x89AE6DA0
Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...
Recherche de fichiers cach‚s ...
C:\Documents and Settings\Pierre Luc\Application Data\Microsoft\SystemCertificates\My\Certificates\6CA4ECD9D9907442B4014FEE4590ACD0FE343C16 1702 bytes
C:\WINDOWS\system32\phctkuj0e7cv.bmp 625208 bytes
C:\WINDOWS\system32\blphctkuj0e7cv.scr 118784 bytes executable
C:\WINDOWS\system32\lphctkuj0e7cv.exe 199168 bytes executable
C:\WINDOWS\system32\kzsjgxqj.exe 98304 bytes executable
Scan termin‚ avec succŠs
Fichiers cach‚s: 5
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\lphctkuj0e7cv.exeerezwd.exe
C:\Documents and Settings\Pierre Luc\Local Settings\temp\.tt9.tmp
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Heure de fin: 2008-09-15 22:07:06 - La machine a red‚marr‚
ComboFix-quarantined-files.txt 2008-09-16 02:07:03
Avant-CF: 134,110,101,504 octets libres
AprŠs-CF: 134,031,699,968 octets libres
295 --- E O F --- 2008-09-10 23:25:07
I'm having the same problem as tkajdi and in his last post he's having the same viruses that I have. I read the whole post and found it very useful. I downladed the program you suggest and I did every step. I also read all the other helpful informations, also Combo tutorials. I have the 2 report of HijackThis and ComboFix. I Know the step is almost the same but the information is different.
I'm in need of a little help over here 'cause i'm not an expert to this !!!
Thanks in advance !!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:23:08, on 2008-09-15
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "D:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKLM\..\Policies\Explorer\Run: [bA6S6Qcviw] C:\Documents and Settings\All Users\Application Data\clchifqf\orqtofal.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1219443526781
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219292211296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219292498218
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1219875709270&h=937cb15a789d1e1d17e858375279d852/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe
--
End of file - 8097 bytes
------------------------------------------------------
COMBOFIX LOG
------------------------------------------------------
ComboFix 08-09-15.02 - Pierre Luc 2008-09-15 21:27:50.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2506 [GMT -4:00]
Lancé depuis: C:\Documents and Settings\Pierre Luc\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\PCHealthCenter\0.gif
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\1.ico
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\2.ico
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\sc.html
C:\Program Files\PCHealthCenter\Thumbs.db
C:\WINDOWS\system32\lphctkuj0e7cv.exe
C:\WINDOWS\system32\phctkuj0e7cv.bmp
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-16 au 2008-09-16 ))))))))))))))))))))))))))))))))))))
.
2008-09-15 21:01 . 2008-09-15 21:01 <REP> d-------- C:\Program Files\Trend Micro
2008-09-15 18:40 . 2008-08-20 19:08 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-09-15 18:40 . 2008-08-20 19:08 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-15 18:40 . 2008-08-20 22:21 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-09-15 18:40 . 2008-08-20 19:08 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-15 18:40 . 2008-08-20 19:08 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-09-15 18:40 . 2008-08-20 19:08 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-09-15 18:40 . 2008-08-20 19:08 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-15 18:40 . 2008-09-15 18:40 <REP> d-------- C:\Documents and Settings\Administrateur
2008-09-15 18:04 . 2008-09-15 20:21 <REP> d-------- C:\Program Files\wfcogof
2008-09-14 13:56 . 2008-09-14 13:56 <REP> d-------- C:\Program Files\lmukwub
2008-09-13 21:58 . 2008-09-13 21:58 <REP> d-------- C:\Program Files\ofuojv
2008-09-13 21:23 . 2008-09-13 21:23 95 --a------ C:\WINDOWS\wininit.ini
2008-09-13 19:18 . 2008-09-13 19:18 <REP> d-------- C:\Program Files\Panda Security
2008-09-13 19:18 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-09-13 19:11 . 2008-09-13 19:11 <REP> d-------- C:\Program Files\sjeldfg
2008-09-13 16:32 . 2008-09-13 16:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Fighters
2008-09-13 12:45 . 2008-09-13 12:45 <REP> d-------- C:\Program Files\vmqbpcd
2008-09-12 16:55 . 2008-09-12 16:55 <REP> d-------- C:\Program Files\iPod
2008-09-12 16:55 . 2008-09-12 16:55 <REP> d-------- C:\Program Files\Bonjour
2008-09-12 16:55 . 2008-09-12 16:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-12 16:54 . 2008-09-12 16:55 <REP> d-------- C:\Program Files\QuickTime
2008-09-11 19:02 . 2008-09-11 19:02 268 --ah----- C:\sqmdata07.sqm
2008-09-11 19:02 . 2008-09-11 19:02 244 --ah----- C:\sqmnoopt07.sqm
2008-09-11 06:03 . 2008-09-11 06:03 268 --ah----- C:\sqmdata06.sqm
2008-09-11 06:03 . 2008-09-11 06:03 244 --ah----- C:\sqmnoopt06.sqm
2008-09-11 00:18 . 2008-09-11 00:18 268 --ah----- C:\sqmdata05.sqm
2008-09-11 00:18 . 2008-09-11 00:18 244 --ah----- C:\sqmnoopt05.sqm
2008-09-06 15:42 . 2008-09-06 16:21 <REP> d-------- C:\Program Files\ebtpojb
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-09-04 15:53 . 2008-09-15 22:04 <REP> d-------- C:\Program Files\PCHealthCenter
2008-09-04 15:53 . 2008-09-04 15:53 <REP> d-------- C:\Program Files\nuhkcnc
2008-09-04 15:53 . 2008-09-04 15:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\clchifqf
2008-09-02 22:16 . 2008-09-02 22:16 <REP> dr-h----- C:\Documents and Settings\Pierre Luc\Application Data\SecuROM
2008-09-02 22:16 . 2008-09-02 22:16 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-08-31 23:26 . 2008-09-15 21:02 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-08-31 23:22 . 2008-09-03 19:32 <REP> d-------- C:\Documents and Settings\Pierre Luc\Application Data\Ahead
2008-08-31 23:22 . 2008-08-31 23:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-08-31 23:20 . 2008-08-31 23:21 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-08-31 23:20 . 2008-08-31 23:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-08-31 23:13 . 2008-08-31 23:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-08-29 17:47 . 2008-08-29 17:47 <REP> d-------- C:\Program Files\OpenAL
2008-08-29 17:46 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-08-29 17:46 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-08-29 17:46 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-08-29 17:46 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-08-29 17:45 . 2008-08-29 17:45 <REP> d-------- C:\WINDOWS\system32\xlive
2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll
2008-08-27 19:06 . 2008-07-18 22:09 29,896 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-08-27 18:23 . 2008-09-05 19:57 <REP> d-------- C:\Documents and Settings\Pierre Luc\Application Data\LimeWire
2008-08-27 18:21 . 2008-08-27 18:21 <REP> d-------- C:\WINDOWS\Sun
2008-08-27 18:21 . 2008-08-27 18:21 <REP> d-------- C:\Program Files\Java
2008-08-27 18:21 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-27 18:20 . 2008-08-27 18:20 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-08-26 22:16 . 2008-08-26 22:16 268 --ah----- C:\sqmdata04.sqm
2008-08-26 22:16 . 2008-08-26 22:16 244 --ah----- C:\sqmnoopt04.sqm
2008-08-26 21:15 . 2008-09-14 21:57 <REP> d-------- C:\Documents and Settings\Pierre Luc\Application Data\uTorrent
2008-08-26 20:43 . 2008-08-26 20:43 268 --ah----- C:\sqmdata03.sqm
2008-08-26 20:43 . 2008-08-26 20:43 244 --ah----- C:\sqmnoopt03.sqm
2008-08-25 20:05 . 2008-08-25 20:05 268 --ah----- C:\sqmdata02.sqm
2008-08-25 20:05 . 2008-08-25 20:05 244 --ah----- C:\sqmnoopt02.sqm
2008-08-24 19:41 . 2008-08-24 19:41 268 --ah----- C:\sqmdata01.sqm
2008-08-24 19:41 . 2008-08-24 19:41 244 --ah----- C:\sqmnoopt01.sqm
2008-08-24 17:17 . 2008-04-13 15:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-24 00:52 . 2008-08-24 00:52 268 --ah----- C:\sqmdata00.sqm
2008-08-24 00:52 . 2008-08-24 00:52 244 --ah----- C:\sqmnoopt00.sqm
2008-08-23 17:56 . 2008-08-24 00:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-23 17:54 . 2008-09-15 21:01 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-08-23 16:42 . 2008-09-12 17:00 <REP> d-------- C:\Program Files\Apple Software Update
2008-08-23 16:42 . 2008-08-29 18:02 <REP> d-------- C:\Documents and Settings\Pierre Luc\Application Data\Apple Computer
2008-08-23 16:42 . 2008-08-23 16:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-23 16:41 . 2008-09-12 16:54 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-08-23 16:41 . 2008-08-23 16:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-23 16:35 . 2008-09-13 12:54 <REP> d-------- C:\Documents and Settings\Pierre Luc\Contacts
2008-08-23 16:32 . 2008-08-23 16:32 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-23 15:57 . 2007-07-18 20:39 1,278,104 -ra------ C:\WINDOWS\system32\drivers\LV302V32.SYS
2008-08-23 15:50 . 2008-08-23 15:57 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2008-08-23 15:50 . 2008-08-23 15:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-08-23 13:06 . 2008-08-23 13:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-08-23 13:00 . 2008-08-23 16:34 <REP> d-------- C:\Program Files\Windows Live
2008-08-23 13:00 . 2008-08-23 16:33 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-08-23 13:00 . 2008-08-23 16:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-23 12:58 . 2008-08-23 12:58 <REP> d-------- C:\Documents and Settings\Pierre Luc\Application Data\MSNInstaller
2008-08-21 17:51 . 2008-08-21 17:51 0 --a------ C:\WINDOWS\msicpl.ini
2008-08-21 17:50 . 2008-09-15 22:05 53 --a------ C:\biosinfo
2008-08-21 17:41 . 2007-04-12 11:44 115,830 --a------ C:\WINDOWS\system32\nvapps.xml
2008-08-21 17:39 . 2007-04-12 23:51 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-08-21 17:29 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-21 17:29 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-21 00:36 . 2008-08-21 00:36 <REP> d-------- C:\WINDOWS\system32\fr
2008-08-21 00:36 . 2008-08-21 00:36 <REP> d-------- C:\WINDOWS\l2schemas
2008-08-21 00:35 . 2008-08-21 00:35 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-08-21 00:31 . 2008-08-21 00:31 <REP> d-------- C:\WINDOWS\EHome
2008-08-21 00:27 . 2004-08-19 14:53 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-21 00:21 . 2008-08-21 00:21 13,742 --a------ C:\WINDOWS\system32\wpa.bak
2008-08-21 00:17 . 2008-07-18 22:10 45,768 --a------ C:\WINDOWS\system32\wups2.dll
2008-08-21 00:17 . 2008-07-18 22:10 38,088 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-08-21 00:17 . 2008-07-18 22:09 29,896 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-08-21 00:17 . 2008-07-18 22:09 22,216 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-08-21 00:13 . 2008-08-23 02:03 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-08-21 00:04 . 2007-11-27 21:56 116,416 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
2008-08-21 00:04 . 2007-11-27 21:56 91,328 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
2008-08-21 00:03 . 2008-08-21 00:36 <REP> d-------- C:\WINDOWS\system32\bits
2008-08-21 00:03 . 2008-05-15 16:15 53,168 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2008-08-21 00:03 . 2008-04-13 22:33 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-08-20 19:10 . 2008-04-13 21:57 58,752 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-08-20 19:10 . 2008-04-13 22:33 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-08-20 19:10 . 2001-08-17 17:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-08-20 19:09 . 2008-04-13 22:33 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2008-08-20 19:08 . 2008-08-20 19:08 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage r‚seau
2008-08-20 19:08 . 2008-08-20 19:08 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage d'impression
2008-08-20 19:08 . 2008-08-20 22:21 <REP> d--h----- C:\Documents and Settings\Default User\ModŠles
2008-08-20 19:08 . 2008-08-20 19:08 <REP> d-------- C:\Documents and Settings\Default User\Mes documents
2008-08-20 19:08 . 2008-08-20 19:08 <REP> dr------- C:\Documents and Settings\Default User\Menu D‚marrer
2008-08-20 19:08 . 2008-08-20 19:08 <REP> d-------- C:\Documents and Settings\Default User\Favoris
2008-08-20 19:08 . 2008-08-20 19:08 <REP> d-------- C:\Documents and Settings\Default User\Bureau
2008-08-20 19:08 . 2008-08-20 19:08 <REP> d--h----- C:\Documents and Settings\All Users\ModŠles
2008-08-20 19:08 . 2008-08-31 23:14 <REP> dr------- C:\Documents and Settings\All Users\Menu D‚marrer
2008-08-20 19:08 . 2008-08-20 19:08 <REP> d-------- C:\Documents and Settings\All Users\Favoris
2008-08-20 19:08 . 2008-08-22 18:31 <REP> dr------- C:\Documents and Settings\All Users\Documents
2008-08-20 19:08 . 2008-09-13 20:18 <REP> d-------- C:\Documents and Settings\All Users\Bureau
2008-08-20 19:07 . 2008-08-21 00:42 <REP> d--h----- C:\Documents and Settings\Default User
2008-08-20 19:07 . 2008-08-20 22:24 <REP> d-------- C:\Documents and Settings\All Users
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 02:06 --------- d-----w C:\Program Files\bxdddc
2008-09-16 02:05 98,304 ----a-w C:\WINDOWS\system32\kzsjgxqj.exe
2008-09-16 02:05 199,168 ----a-w C:\WINDOWS\system32\lphctkuj0e7cv.exe
2008-09-16 02:05 118,784 ----a-w C:\WINDOWS\system32\blphctkuj0e7cv.scr
2008-09-14 19:16 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2008-08-29 22:28 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-08-29 22:28 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-08-21 21:52 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-08-21 02:56 --------- d-----w C:\Documents and Settings\Pierre Luc\Application Data\InterTrust
2008-08-21 02:53 --------- d-----w C:\Program Files\Intel
2008-08-21 02:53 --------- d-----w C:\Program Files\Common Files
2008-08-21 02:51 --------- d-----w C:\Program Files\Intel Desktop Board
2008-08-21 02:47 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-08-21 02:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-21 02:47 --------- d-----w C:\Program Files\Realtek
2008-08-21 02:47 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-08-21 02:40 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-21 02:24 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-21 02:23 --------- d-----w C:\Program Files\Services en ligne
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"atchk"="C:\Program Files\Intel\AMT\atchk.exe" [2007-06-28 404248]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-08-08 67112]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-12 8429568]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-12-14 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-12-14 69632]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2006-12-14 217088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-12 81920]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="D:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"lphctkuj0e7cv"="C:\WINDOWS\system32\lphctkuj0e7cv.exe" [2008-09-15 199168]
"inrhcpkuj0e7cv"="C:\Documents and Settings\Pierre Luc\Local Settings\temp\.tt9.tmp.exe" [2008-09-15 1616607]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-28 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-04-12 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"bA6S6Qcviw"="C:\Documents and Settings\All Users\Application Data\clchifqf\orqtofal.exe" [2008-09-04 65536]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"strinfo"= {459D204A-9E2A-9643-BAA2-046A72BF866D} - C:\Program Files\bxdddc\strinfo.dll [2008-09-15 122880]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Program Files\\LimeWire\\LimeWire.exe"=
"D:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Program Files\\Eidos\\Kane and Lynch Dead Men\\kaneandlynch.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R2 atchksrv;Intel(R) Active Management Technology System Status Service;C:\Program Files\Intel\AMT\atchksrv.exe [2007-06-28 183064]
R2 LMS;Intel(R) Active Management Technology Local Management Service;C:\Program Files\Intel\AMT\LMS.exe [2007-06-28 109336]
R2 OcHealthMon;Windows Live OneCare Health Monitor;C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe [2008-08-08 28200]
R2 UNS;Intel(R) Active Management Technology User Notification Service;C:\Program Files\Intel\AMT\UNS.exe [2007-06-28 2554648]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [ ]
.
Contenu du dossier 'Tƒches planifi‚es'
.
.
------- Examen suppl‚mentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.msn.com
R0 -: HKLM-Main,Start Page = hxxp://www.msn.com
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-15 22:05:39
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cach‚s ...
C:\WINDOWS\explorer.exe [1936] 0x89AE6DA0
Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...
Recherche de fichiers cach‚s ...
C:\Documents and Settings\Pierre Luc\Application Data\Microsoft\SystemCertificates\My\Certificates\6CA4ECD9D9907442B4014FEE4590ACD0FE343C16 1702 bytes
C:\WINDOWS\system32\phctkuj0e7cv.bmp 625208 bytes
C:\WINDOWS\system32\blphctkuj0e7cv.scr 118784 bytes executable
C:\WINDOWS\system32\lphctkuj0e7cv.exe 199168 bytes executable
C:\WINDOWS\system32\kzsjgxqj.exe 98304 bytes executable
Scan termin‚ avec succŠs
Fichiers cach‚s: 5
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\lphctkuj0e7cv.exeerezwd.exe
C:\Documents and Settings\Pierre Luc\Local Settings\temp\.tt9.tmp
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Heure de fin: 2008-09-15 22:07:06 - La machine a red‚marr‚
ComboFix-quarantined-files.txt 2008-09-16 02:07:03
Avant-CF: 134,110,101,504 octets libres
AprŠs-CF: 134,031,699,968 octets libres
295 --- E O F --- 2008-09-10 23:25:07