Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Most of my software has disappeared!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Most of my software has disappeared!

Unread postby bill1977 » October 23rd, 2008, 2:58 am

Hello, I'm new to this forum and need your help.

My computer restarted on its own while I was on the net, last thursday. When it came back up, an icon named delself appeared on the desktop. Norton, Spybot, Adaware CCleaner now refused to work. A red circle with a white cross on it appeared in the tray, telling me I had been infected. I deleted delself, but could not get the software to work. So I downloaded what the red circle proposed, a program called XP Antispyware 2009, thinking it was from my windows firewall or something... (sigh)

I quickly understood my mistake as things started to work less and less. I searched the web for advice. I deleted 2 fils called brastk.exe from my regedit. I also used Malwarebytes, that deleted about 20 objects, then I had to reinstall Spybot, which deleted about 10 more objects. The red circle disapeared and things seemed to work better. But all my software has disapeared from my Program files folder and the start menu. Nothing works, except Internet Explorer. Even notepad is gone and the system refuses to be restored to an earlier date.

Did a virus do this or did my rescue/clean up operation cause the trouble?
According to friends and info I found on the forum, I downloaded some spyware, antivirus, etc. Some find trojans and such, some say the problem is solved.
Now I just ran SDFix, which seem to say it cleaned up the mess and confirmed everything was fine. Same with a program called XP_Antispyware_fix. However, Spyhunter 3 still finds bad stuff.
I just ran hijackthis and I'm now posting the report, as well as the reports of Malwarebytes and Combofix.

Would I be better off formating my whole hard drive and starting from scratch? Would that definitely get me rid of the bug? And are all my emails in Outlook lost?
I appreciate any help. tks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:43:29, on 2008-10-23
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Trend Micro\HijackThis\pascal.exe.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = google.net-studio.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://*.xperttesting.com
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7978019703
O20 - AppInit_DLLs: karna.dat
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: AdobeVersionCue - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: Service Messenger Sharing Folders USN Journal Reader (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)

--
End of file - 7985 bytes

***********

I also ran a complet scan with MalwareBytes. So here is the report as well:

Malwarebytes' Anti-Malware 1.30
Database version: 1320
Windows 5.1.2600 Service Pack 3

2008-10-25 18:43:19
mbam-log-2008-10-25 (18-43-19).txt

Scan type: Full Scan (C:\|)
Objects scanned: 106028
Time elapsed: 5 hour(s), 9 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


*************

ComboFix 08-10-25.01 - DEFAULT 2008-10-26 14:23:01.1 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.289 [GMT -4:00]
Lancé depuis: C:\Documents and Settings\DEFAULT\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-26 au 2008-10-26 ))))))))))))))))))))))))))))))))))))
.

2008-10-26 03:07 . 2008-10-26 03:07 249,592 --a------ C:\WINDOWS\system32\cssdll32.dll
2008-10-26 03:06 . 2008-10-26 03:06 <REP> d-------- C:\Program Files\COMODO
2008-10-26 03:06 . 2008-10-26 03:06 <REP> d-------- C:\Program Files\AskBarDis
2008-10-26 02:09 . 2008-10-26 02:09 <REP> d-------- C:\Program Files\Eraser
2008-10-26 02:09 . 2008-10-26 02:09 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\{74D61F17-FFC2-41AF-96E5-1DCB0631B6D1}
2008-10-25 00:53 . 2008-10-15 12:35 337,408 --------- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-25 00:35 . 2008-10-25 00:35 <REP> d-------- C:\Program Files\Enigma Software Group
2008-10-23 04:00 . 2008-10-23 04:00 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-10-23 02:26 . 2008-10-23 02:26 579,584 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2008-10-23 02:23 . 2008-10-22 02:19 <REP> d-------- C:\SDFix
2008-10-23 02:04 . 2008-10-23 02:04 <REP> d-------- C:\WINDOWS\ERUNT
2008-10-23 01:59 . 2008-10-23 02:00 <REP> d-------- C:\Program Files\Trend Micro
2008-10-23 01:37 . 2008-10-23 01:37 <REP> d-------- C:\Program Files\Fichiers communs\Kodak
2008-10-22 02:54 . 2008-10-22 02:54 <REP> d-------- C:\Documents and Settings\DEFAULT\Application Data\Malwarebytes
2008-10-22 02:54 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-22 02:54 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-22 02:53 . 2008-10-22 02:53 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-22 02:53 . 2008-10-22 02:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-22 02:09 . 2008-10-22 02:09 19,426 --a------ C:\WINDOWS\tywonyza.bin
2008-10-22 02:09 . 2008-10-22 02:09 19,255 --a------ C:\Documents and Settings\All Users\Application Data\motet.bin
2008-10-22 02:09 . 2008-10-22 02:09 18,900 --a------ C:\WINDOWS\cofysupa._sy
2008-10-22 02:09 . 2008-10-22 02:09 18,149 --a------ C:\WINDOWS\system32\bicyd._sy
2008-10-22 02:09 . 2008-10-22 02:09 17,550 --a------ C:\WINDOWS\qovixytyry.ban
2008-10-22 02:09 . 2008-10-22 02:09 17,345 --a------ C:\WINDOWS\system32\lopone.exe
2008-10-22 02:09 . 2008-10-22 02:09 16,743 --a------ C:\WINDOWS\lekabycewe.bat
2008-10-22 02:09 . 2008-10-22 02:09 16,506 --a------ C:\Documents and Settings\DEFAULT\Application Data\puhujagu.com
2008-10-22 02:09 . 2008-10-22 02:09 15,757 --a------ C:\WINDOWS\pawotelil.lib
2008-10-22 02:09 . 2008-10-22 02:09 14,580 --a------ C:\Documents and Settings\DEFAULT\Application Data\lenysukik.bin
2008-10-22 02:09 . 2008-10-22 02:09 14,010 --a------ C:\WINDOWS\system32\mywydunu._sy
2008-10-22 02:09 . 2008-10-22 02:09 12,224 --a------ C:\Documents and Settings\DEFAULT\Application Data\yloliqyxaq.bat
2008-10-22 02:09 . 2008-10-22 02:09 12,097 --a------ C:\WINDOWS\system32\urorolypob.pif
2008-10-22 02:09 . 2008-10-22 02:09 10,778 --a------ C:\WINDOWS\ceziwiqe.sys
2008-10-22 01:14 . 2008-10-22 01:36 10,240 --a------ C:\WINDOWS\system32\brastk.ex_
2008-10-20 21:08 . 2008-10-20 21:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-20 21:08 . 2008-10-20 21:08 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-16 12:26 . 2008-10-16 12:26 <REP> d--hs---- C:\FOUND.005
2008-10-14 13:49 . 2008-09-08 06:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-14 13:48 . 2008-08-14 09:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-14 13:48 . 2008-08-14 09:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-14 13:48 . 2008-08-14 09:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-14 13:48 . 2008-08-14 09:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-14 13:48 . 2008-09-15 11:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-04 16:13 . 2008-10-04 16:13 <REP> d--hs---- C:\FOUND.004

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 17:12 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-27 09:11 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 08:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-23 05:56 635,848 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 13:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 10:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2003-10-29 23:33 55,816 ----a-w C:\Documents and Settings\DEFAULT\Application Data\GDIPFONTCACHEV1.DAT
2008-07-17 19:00 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008071720080718\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 15:20 279944 --a------ C:\Program Files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-03-11 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 114688]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-06-29 707376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-23 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\System32\\LEXPPS.EXE"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\si3112r.sys [2002-10-10 84529]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-23 152984]
R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamSvc.exe [2006-06-29 187184]
.
Contenu du dossier 'Tâches planifiées'

2008-10-26 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-WMPNSCFG - C:\Program Files\Windows Media Player\WMPNSCFG.exe
HKLM-Run-Symantec NetDriver Monitor - C:\PROGRA~1\SYMNET~1\SNDMon.exe
HKLM-Run-TkBellExe - C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
HKLM-Run-SSA.exe - C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
HKLM-Run-ccApp - C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
HKLM-Run-POINTER - point32.exe


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\DEFAULT\Application Data\Mozilla\Firefox\Profiles\l3gh9i0g.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://login.live.com/login.srf?id=2&sv ... 4&_lang=FR
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll
FF -: plugin - C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll
FF -: plugin - C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 14:28:17
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\COMMAND SOFTWARE\DVPAPI.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM32\MSIEXEC.EXE
C:\WINDOWS\SYSTEM32\SCSIACCESS.EXE
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE
C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE
C:\WINDOWS\SYSTEM32\WSCNTFY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
.
**************************************************************************
.
Heure de fin: 2008-10-26 14:30:44 - La machine a redémarré [DEFAULT]
ComboFix-quarantined-files.txt 2008-10-26 18:30:38

Avant-CF: 17,990,516,736 octets libres
Après-CF: 17,950,965,760 octets libres

157 --- E O F --- 2008-10-25 16:59:32
bill1977
Active Member
 
Posts: 2
Joined: October 23rd, 2008, 2:44 am
Advertisement
Register to Remove

Re: Most of my software has disappeared!

Unread postby peku006 » October 29th, 2008, 6:13 am

Hi bill1977

It has come to my attention that you have posted for help with your computer at other forums.

forum.telecharger.01net.com

May I draw your attention to the Forum Guidelines on Multi-Posting
  • If you wish to continue here, please notify the other forums so they can close your threads.
  • If you wish to be helped elsewhere let me know so I can close your thread here.
If I do not hear back from you on this matter within 24 hours, this thread will be closed.
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Most of my software has disappeared!

Unread postby Gary R » October 30th, 2008, 12:01 pm

Due to lack of response this topic is now closed.

If you still need help open a new thread in the Malware Removal forum and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Gary R
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 494 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware