My computer restarted on its own while I was on the net, last thursday. When it came back up, an icon named delself appeared on the desktop. Norton, Spybot, Adaware CCleaner now refused to work. A red circle with a white cross on it appeared in the tray, telling me I had been infected. I deleted delself, but could not get the software to work. So I downloaded what the red circle proposed, a program called XP Antispyware 2009, thinking it was from my windows firewall or something... (sigh)
I quickly understood my mistake as things started to work less and less. I searched the web for advice. I deleted 2 fils called brastk.exe from my regedit. I also used Malwarebytes, that deleted about 20 objects, then I had to reinstall Spybot, which deleted about 10 more objects. The red circle disapeared and things seemed to work better. But all my software has disapeared from my Program files folder and the start menu. Nothing works, except Internet Explorer. Even notepad is gone and the system refuses to be restored to an earlier date.
Did a virus do this or did my rescue/clean up operation cause the trouble?
According to friends and info I found on the forum, I downloaded some spyware, antivirus, etc. Some find trojans and such, some say the problem is solved.
Now I just ran SDFix, which seem to say it cleaned up the mess and confirmed everything was fine. Same with a program called XP_Antispyware_fix. However, Spyhunter 3 still finds bad stuff.
I just ran hijackthis and I'm now posting the report, as well as the reports of Malwarebytes and Combofix.
Would I be better off formating my whole hard drive and starting from scratch? Would that definitely get me rid of the bug? And are all my emails in Outlook lost?
I appreciate any help. tks.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:43:29, on 2008-10-23
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Trend Micro\HijackThis\pascal.exe.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = google.net-studio.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://*.xperttesting.com
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7978019703
O20 - AppInit_DLLs: karna.dat
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: AdobeVersionCue - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: Service Messenger Sharing Folders USN Journal Reader (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
--
End of file - 7985 bytes
***********
I also ran a complet scan with MalwareBytes. So here is the report as well:
Malwarebytes' Anti-Malware 1.30
Database version: 1320
Windows 5.1.2600 Service Pack 3
2008-10-25 18:43:19
mbam-log-2008-10-25 (18-43-19).txt
Scan type: Full Scan (C:\|)
Objects scanned: 106028
Time elapsed: 5 hour(s), 9 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
*************
ComboFix 08-10-25.01 - DEFAULT 2008-10-26 14:23:01.1 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.289 [GMT -4:00]
Lancé depuis: C:\Documents and Settings\DEFAULT\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-26 au 2008-10-26 ))))))))))))))))))))))))))))))))))))
.
2008-10-26 03:07 . 2008-10-26 03:07 249,592 --a------ C:\WINDOWS\system32\cssdll32.dll
2008-10-26 03:06 . 2008-10-26 03:06 <REP> d-------- C:\Program Files\COMODO
2008-10-26 03:06 . 2008-10-26 03:06 <REP> d-------- C:\Program Files\AskBarDis
2008-10-26 02:09 . 2008-10-26 02:09 <REP> d-------- C:\Program Files\Eraser
2008-10-26 02:09 . 2008-10-26 02:09 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\{74D61F17-FFC2-41AF-96E5-1DCB0631B6D1}
2008-10-25 00:53 . 2008-10-15 12:35 337,408 --------- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-25 00:35 . 2008-10-25 00:35 <REP> d-------- C:\Program Files\Enigma Software Group
2008-10-23 04:00 . 2008-10-23 04:00 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-10-23 02:26 . 2008-10-23 02:26 579,584 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2008-10-23 02:23 . 2008-10-22 02:19 <REP> d-------- C:\SDFix
2008-10-23 02:04 . 2008-10-23 02:04 <REP> d-------- C:\WINDOWS\ERUNT
2008-10-23 01:59 . 2008-10-23 02:00 <REP> d-------- C:\Program Files\Trend Micro
2008-10-23 01:37 . 2008-10-23 01:37 <REP> d-------- C:\Program Files\Fichiers communs\Kodak
2008-10-22 02:54 . 2008-10-22 02:54 <REP> d-------- C:\Documents and Settings\DEFAULT\Application Data\Malwarebytes
2008-10-22 02:54 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-22 02:54 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-22 02:53 . 2008-10-22 02:53 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-22 02:53 . 2008-10-22 02:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-22 02:09 . 2008-10-22 02:09 19,426 --a------ C:\WINDOWS\tywonyza.bin
2008-10-22 02:09 . 2008-10-22 02:09 19,255 --a------ C:\Documents and Settings\All Users\Application Data\motet.bin
2008-10-22 02:09 . 2008-10-22 02:09 18,900 --a------ C:\WINDOWS\cofysupa._sy
2008-10-22 02:09 . 2008-10-22 02:09 18,149 --a------ C:\WINDOWS\system32\bicyd._sy
2008-10-22 02:09 . 2008-10-22 02:09 17,550 --a------ C:\WINDOWS\qovixytyry.ban
2008-10-22 02:09 . 2008-10-22 02:09 17,345 --a------ C:\WINDOWS\system32\lopone.exe
2008-10-22 02:09 . 2008-10-22 02:09 16,743 --a------ C:\WINDOWS\lekabycewe.bat
2008-10-22 02:09 . 2008-10-22 02:09 16,506 --a------ C:\Documents and Settings\DEFAULT\Application Data\puhujagu.com
2008-10-22 02:09 . 2008-10-22 02:09 15,757 --a------ C:\WINDOWS\pawotelil.lib
2008-10-22 02:09 . 2008-10-22 02:09 14,580 --a------ C:\Documents and Settings\DEFAULT\Application Data\lenysukik.bin
2008-10-22 02:09 . 2008-10-22 02:09 14,010 --a------ C:\WINDOWS\system32\mywydunu._sy
2008-10-22 02:09 . 2008-10-22 02:09 12,224 --a------ C:\Documents and Settings\DEFAULT\Application Data\yloliqyxaq.bat
2008-10-22 02:09 . 2008-10-22 02:09 12,097 --a------ C:\WINDOWS\system32\urorolypob.pif
2008-10-22 02:09 . 2008-10-22 02:09 10,778 --a------ C:\WINDOWS\ceziwiqe.sys
2008-10-22 01:14 . 2008-10-22 01:36 10,240 --a------ C:\WINDOWS\system32\brastk.ex_
2008-10-20 21:08 . 2008-10-20 21:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-20 21:08 . 2008-10-20 21:08 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-16 12:26 . 2008-10-16 12:26 <REP> d--hs---- C:\FOUND.005
2008-10-14 13:49 . 2008-09-08 06:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-14 13:48 . 2008-08-14 09:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-14 13:48 . 2008-08-14 09:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-14 13:48 . 2008-08-14 09:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-14 13:48 . 2008-08-14 09:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-14 13:48 . 2008-09-15 11:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-04 16:13 . 2008-10-04 16:13 <REP> d--hs---- C:\FOUND.004
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 17:12 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-27 09:11 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 08:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-23 05:56 635,848 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 13:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 10:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2003-10-29 23:33 55,816 ----a-w C:\Documents and Settings\DEFAULT\Application Data\GDIPFONTCACHEV1.DAT
2008-07-17 19:00 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008071720080718\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 15:20 279944 --a------ C:\Program Files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-03-11 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 114688]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-06-29 707376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-23 136600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-13 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\System32\\LEXPPS.EXE"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\si3112r.sys [2002-10-10 84529]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-23 152984]
R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamSvc.exe [2006-06-29 187184]
.
Contenu du dossier 'Tâches planifiées'
2008-10-26 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-WMPNSCFG - C:\Program Files\Windows Media Player\WMPNSCFG.exe
HKLM-Run-Symantec NetDriver Monitor - C:\PROGRA~1\SYMNET~1\SNDMon.exe
HKLM-Run-TkBellExe - C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
HKLM-Run-SSA.exe - C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
HKLM-Run-ccApp - C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
HKLM-Run-POINTER - point32.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\DEFAULT\Application Data\Mozilla\Firefox\Profiles\l3gh9i0g.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://login.live.com/login.srf?id=2&sv ... 4&_lang=FR
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll
FF -: plugin - C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll
FF -: plugin - C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 14:28:17
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\COMMAND SOFTWARE\DVPAPI.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM32\MSIEXEC.EXE
C:\WINDOWS\SYSTEM32\SCSIACCESS.EXE
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE
C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE
C:\WINDOWS\SYSTEM32\WSCNTFY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
.
**************************************************************************
.
Heure de fin: 2008-10-26 14:30:44 - La machine a redémarré [DEFAULT]
ComboFix-quarantined-files.txt 2008-10-26 18:30:38
Avant-CF: 17,990,516,736 octets libres
Après-CF: 17,950,965,760 octets libres
157 --- E O F --- 2008-10-25 16:59:32