ComboFix 07-10-04.6 - LiberT 2007-10-04 14:09:43.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.450 [GMT -4:00]
Running from: C:\Documents and Settings\LiberT\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\LiberT\Bureau\CFScript.txt
* Created a new restore point
FILE::
C:\WINDOWS\system32\dqjxbtkl.dll
C:\WINDOWS\system32\khfecab.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\LiberT\Application Data\Ebates__MoeMoney__Maker
C:\Documents and Settings\LiberT\Application Data\Ebates__MoeMoney__Maker\ebmmd\f46848244423e.dat
C:\Documents and Settings\LiberT\Application Data\Ebates__MoeMoney__Maker\ebmmd\s47051f2d5c5b.dat
C:\Documents and Settings\LiberT\Application Data\Ebates__MoeMoney__Maker\ebmmt\ebmmC5.htm
C:\Documents and Settings\LiberT\Application Data\Ebates__MoeMoney__Maker\ebmmt\ebmmH5.htm
C:\Documents and Settings\LiberT\Application Data\Ebates__MoeMoney__Maker\log.txt
C:\Program Files\Ebates__MoeMoney__Maker
C:\Program Files\Ebates__MoeMoney__Maker\eb.exe
C:\Program Files\Ebates__MoeMoney__Maker\ebatesmmmv.exe
C:\Program Files\Ebates__MoeMoney__Maker\ebmma\eb350.dat
C:\Program Files\Ebates__MoeMoney__Maker\ebmma\ebmm5.dat
C:\Program Files\Ebates__MoeMoney__Maker\ebmmh\ebmmC5.htm
C:\Program Files\Ebates__MoeMoney__Maker\ebmmh\ebmmH5.htm
C:\Program Files\Ebates__MoeMoney__Maker\ebmmh\ebmmP5.htm
C:\Program Files\Ebates__MoeMoney__Maker\ebmmh\ebmmP5_dis.htm
C:\Program Files\Ebates__MoeMoney__Maker\ebmmh\ebmmR5.htm
C:\Program Files\Ebates__MoeMoney__Maker\ebmmh\ebmmRNICP5.htm
C:\Program Files\Ebates__MoeMoney__Maker\ebmmh\ebmmRPMP5.htm
C:\Program Files\Ebates__MoeMoney__Maker\ebmmh\ebmmRPMS5.htm
C:\Program Files\Ebates__MoeMoney__Maker\ebmmm.dll
C:\Program Files\Ebates__MoeMoney__Maker\ebmms\ebmml.dat
C:\Program Files\Ebates__MoeMoney__Maker\ebmms\ebmmp.dat
C:\Program Files\Ebates__MoeMoney__Maker\ebmms\ebmms.dat
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm.gif
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm.ico
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm_button_clickhere.gif
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm_button_getcashbck.gif
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm_button_no.gif
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm_button_submit.gif
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm_button_yes.gif
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm_clear.gif
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm_clrpxl.gif
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm_cou_button_savenow.gif
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm_cou_logo_greenbground.gif
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm_cou_moe.gif
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm_cou_moe_logo.gif
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm_dotted_divider.gif
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm_doublelines_bot.gif
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm_doublelines_bot_grn.gif
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm_grayblock.gif
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm_green_bg.gif
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm_hot.ico
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm_instructions_header.gif
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm_logo_lrg.gif
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm_logo1.gif
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm_moe_question.gif
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm_moe_reminder.gif
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm_moe_top.gif
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm_moe_with_cash.gif
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm_preferences.gif
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm_prefs_browser.gif
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm_spacer.gif
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm_step1.gif
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm_step2.gif
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm_step3.gif
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm_step4.gif
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm_step5_tear.gif
C:\Program Files\Ebates__MoeMoney__Maker\images\ebmm_step6_tear.gif
C:\Program Files\Ebates__MoeMoney__Maker\images\Thumbs.db
C:\Program Files\Ebates__MoeMoney__Maker\README.txt
C:\WINDOWS\system32\awvvs.dll
C:\WINDOWS\system32\dqjxbtkl.dll
C:\WINDOWS\system32\khfecab.dll
C:\WINDOWS\system32\svvwa.bak1
C:\WINDOWS\system32\svvwa.ini
.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-04 to 2007-10-04 ))))))))))))))))))))))))))))))))))))
.
2007-10-04 13:01 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-04 12:20 <REP> d-------- C:\VundoFix Backups
2007-10-02 22:25 <REP> d-------- C:\Downloads
2007-10-02 22:25 <REP> d-------- C:\Bases
2007-10-02 22:23 <REP> d-------- C:\Kaspersky
2007-10-01 22:22 <REP> d-------- C:\{000040AC-0000-0000-97FF-9CC882BBDAF9}
2007-10-01 19:53 <REP> d-------- C:\Program Files\Windows Live Safety Center
2007-09-29 13:15 <REP> d-------- C:\Program Files\iPod
2007-09-17 14:23 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 14:23 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 14:22 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 14:22 739,840 --a------ C:\WINDOWS\system32\DivX.dll
2007-09-11 19:14 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-07 15:06 <REP> d-------- C:\WINDOWS\SxsCaPendDel
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-04 13:11 --------- d-------- C:\Program Files\lg_fwupdate
2007-10-04 13:07 --------- d-------- C:\Program Files\MSN Messenger
2007-10-03 15:17 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-10-01 11:16 --------- d-------- C:\Documents and Settings\LiberT\Application Data\Azureus
2007-10-01 09:51 --------- d-------- C:\Program Files\UnivLaval
2007-10-01 09:51 --------- d-------- C:\Program Files\Lexmark X1100 Series
2007-10-01 09:51 --------- d-------- C:\Program Files\iTunes
2007-10-01 09:51 --------- d-------- C:\Program Files\Fichiers communs\LightScribe
2007-10-01 09:50 --------- d-------- C:\Program Files\Picasa2
2007-10-01 09:50 --------- d-------- C:\Program Files\Messenger Plus! Live
2007-10-01 09:50 --------- d-------- C:\Program Files\Apoint2K
2007-10-01 09:49 --------- d-------- C:\Program Files\Mozilla Thunderbird
2007-09-29 17:01 --------- d-------- C:\Documents and Settings\LiberT\Application Data\LimeWire
2007-09-27 16:23 --------- d-------- C:\Program Files\Ad-Aware SE Professional
2007-09-21 20:52 --------- d-------- C:\Program Files\Call of Duty
2007-09-21 20:13 --------- d-------- C:\Program Files\DivX
2007-09-17 22:49 --------- d-------- C:\Program Files\Apple Software Update
2007-09-07 16:13 --------- d-------- C:\Program Files\Azureus
2007-08-05 18:39 --------- d-------- C:\Program Files\Tap'Touche 5
2004-10-01 15:00 40960 --a------ C:\Program Files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((( snapshot@2007-10-04_13.13.00.59 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 69,772 2007-10-04 17:14:44 C:\WINDOWS\system32\perfc009.dat
----a-w 82,818 2007-10-04 17:14:44 C:\WINDOWS\system32\perfc00C.dat
----a-w 435,140 2007-10-04 17:14:44 C:\WINDOWS\system32\perfh009.dat
----a-w 503,556 2007-10-04 17:14:44 C:\WINDOWS\system32\perfh00C.dat
.
----a-w 69,772 2007-10-04 16:47:08 C:\WINDOWS\system32\perfc009.dat
----a-w 82,818 2007-10-04 16:47:08 C:\WINDOWS\system32\perfc00C.dat
----a-w 435,140 2007-10-04 16:47:08 C:\WINDOWS\system32\perfh009.dat
----a-w 503,556 2007-10-04 16:47:08 C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 22:40]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 14:37 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2004-12-17 14:23 C:\WINDOWS\system32\TPSMain.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-01-24 13:51 C:\WINDOWS\system32\TCtrlIOHook.exe]
"DPED"="TDuPHook.exe" [2005-01-10 20:34 C:\WINDOWS\system32\TDuPHook.exe]
"DpUtil"="C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe" [2003-12-22 13:38]
"TMESRV.EXE"="C:\Program Files\TOSHIBA\TME3\TMESRV31.exe" [2004-11-22 15:02]
"TMERzCtl.EXE"="C:\Program Files\TOSHIBA\TME3\TMERzCtl.exe" [2004-12-17 11:48]
"Zooming"="ZoomingHook.exe" [2004-07-14 16:07 C:\WINDOWS\system32\ZoomingHook.exe]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2004-12-21 09:48]
"Bay Service"="C:\Program Files\TOSHIBA\Bay Service\BaySrvis.exe" [2004-12-15 17:07]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-23 18:07]
"TOSHIBA Accessibility"="C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe" [2005-01-14 13:40]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-12-27 10:26]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-30 01:05]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-01-21 21:48]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 21:10]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50]
"Network Associates Error Reporting Service"="C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-03-28 10:21]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 12:03]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 12:03 C:\WINDOWS\KHALMNPR.Exe]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-09-23 13:26]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 12:27]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 12:31]
"ebmmm"="C:\Program Files\Ebates__MoeMoney__Maker\ebatesmmmv.exe" []
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-01-31 22:52]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2007-05-26 12:22]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 17:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 18:25]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 12:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
R0 TCtrlIO;TOSHIBA Controls Driver;C:\WINDOWS\system32\drivers\TCtrlIO.sys
R0 TPwSav;Toshiba Power Saver Driver;C:\WINDOWS\system32\DRIVERS\TPwSav.sys
R0 TVALG;Toshiba Value Added Logical and General Purpose Device Driver;C:\WINDOWS\system32\DRIVERS\TVALG.SYS
R1 DualPointDev;DualPointDev;C:\WINDOWS\system32\Drivers\DualPointDev.sys
R1 EKECioCtl;ECioCtl;\??\C:\Program Files\TOSHIBA\E-KEY\EKECioCtl.sys
R1 HWSCtrl;TOSHIBA Hardware Setup;\??\C:\Program Files\TOSHIBA\TOSHIBA Applet\HWS_IoDispatch.sys
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
R1 SerTVOutCtlr;TOSHIBA Controls Driver -EPIOMngr;C:\WINDOWS\system32\drivers\EPIOMngr.sys
R1 SPCtl;TOSHIBA Supervisor Password;\??\C:\Program Files\Toshiba\Windows Utilities\spDispatch.sys
R1 SrvcEKIOMngr;SrvcEKIOMngr;\??\C:\Program Files\TOSHIBA\E-KEY\EKIOMngr.sys
R1 SrvcSSIOMngr;SrvcSSIOMngr;\??\C:\Program Files\TOSHIBA\E-KEY\SSIoMngr.sys
R1 StickyMesger;StickyMesger;\??\C:\Program Files\TOSHIBA\Accessibility\StickyMesger.sys
R1 TMEI3E;TMEI3E;C:\WINDOWS\system32\Drivers\TMEI3E.SYS
R2 artstartsvc;Mobility Client Start Utility;C:\Program Files\IBM\Mobility Client\artstartsvc.exe
R2 CVPND;Cisco Systems, Inc. VPN Service;"C:\Program Files\UnivLaval\cvpnd.exe"
R2 CVPNDRVA;Universite Laval IPsec Driver;\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys
R3 DNE;Deterministic Network Enhancer Miniport;C:\WINDOWS\system32\DRIVERS\dne2000.sys
R3 EntDrv51;EntDrv51;\??\C:\WINDOWS\system32\drivers\EntDrv51.sys
S3 CVirtA;Cisco Systems VPN Adapter;C:\WINDOWS\system32\DRIVERS\CVirtA.sys
S3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
S3 wcndis;IBM Mobility Client Virtual Miniport;C:\WINDOWS\system32\DRIVERS\wcndis.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6514c943-480f-11d8-9118-806d6172696f}]
AutoRun\command- D:\PreSetup.exe
odbcdrv\command- odbcdrv\setup.exe
sas\command- D:\sas\setup.exe
sasview\command- sasview\setup.exe
*Newly Created Service* - ENTDRV51
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-02 19:55:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-09-10 13:47:44 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1180705557.job"
"2006-09-21 20:35:00 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2006-09-20 16:43:16 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2006-09-23 17:50:00 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-10-04 14:20:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-04 14:22:33 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-04 14:22
C:\ComboFix2.txt ... 2007-10-04 13:13
.
--- E O F ---
