WINDOWS\system32\winjpg.jpg

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > General Topics > Introductions

Note:

Please do not post problems that you may be having in this forum. This forum is to be used solely for introducing yourself to our community. If you have a problem and would like help with that, please post it in the appropriate category.

WINDOWS\system32\winjpg.jpg

Options

casanova0677 View Member Profile	Oct 28 2009, 09:42 PM Post #1
New Member Group: Members Posts: 1 Joined: 28-October 09 Member No.: 395,907	ComboFix 09-10-27.08 - sacilyes 29/10/2009 2:18.1.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2550.1904 [GMT 1:00] Lancé depuis: c:\documents and settings\sacilyes\Bureau\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\documents and settings\sacilyes\Application Data\Desktopicon c:\documents and settings\sacilyes\Application Data\Desktopicon\eBay.ico c:\documents and settings\sacilyes\Application Data\Desktopicon\uninst.exe c:\program files\FunWebProducts c:\program files\MyWebSearch c:\program files\MyWebSearch\bar\History\search3 c:\program files\MyWebSearch\bar\Settings\s_pid.dat c:\program files\QUAD Utilities c:\program files\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll c:\recycler\S-1-5-21-2802988887-3147844999-1626102716-500 c:\windows\a3kebook.ini c:\windows\akebook.ini c:\windows\ANS2000.INI D:\autorun.inf . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NWCWORKSTATION -------\Service_NWCWorkstation ((((((((((((((((((((((((((((( Fichiers créés du 2009-09-28 au 2009-10-29 )))))))))))))))))))))))))))))))))))) . 2009-10-29 00:11 . 2009-10-29 00:11 -------- d-----w- c:\windows\LastGood.Tmp 2009-10-29 00:11 . 2009-10-29 00:12 -------- d-----w- C:\801144522c88fab4be 2009-10-28 23:21 . 2009-10-28 23:22 -------- d-----w- c:\program files\Eufloria 2009-10-28 23:20 . 2009-10-28 23:20 60168 ---ha-w- c:\windows\system32\mlfcache.dat 2009-10-28 21:40 . 2005-05-03 17:43 69632 ----a-w- c:\windows\Alcmtr.exe 2009-10-28 21:38 . 2009-10-28 21:38 315392 ----a-w- c:\windows\HideWin.exe 2009-10-28 21:37 . 2009-10-28 21:37 -------- d-----w- C:\hp 2009-10-28 21:31 . 2009-10-28 21:31 -------- d-----w- c:\program files\GameTop.com 2009-10-28 20:44 . 2009-10-28 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\ijjigame 2009-10-28 20:23 . 2009-10-28 20:23 604416 ----a-w- c:\windows\system32\TUProgSt.exe 2009-10-28 20:23 . 2009-04-27 12:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll 2009-10-28 20:23 . 2009-10-28 20:23 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-10-28 20:07 . 2009-10-28 20:07 -------- d-----w- c:\documents and settings\sacilyes\Application Data\TuneUp Software 2009-10-28 20:07 . 2009-10-28 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software 2009-10-28 20:07 . 2009-10-28 20:24 -------- d-----w- c:\program files\TuneUp Utilities 2009 2009-10-28 20:06 . 2009-10-28 20:06 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2009-10-28 19:56 . 2009-10-28 19:56 -------- d-----w- c:\program files\ijji 2009-10-28 19:56 . 2009-07-02 23:34 710064 ----a-w- c:\windows\system32\ijjiSetup.exe 2009-10-28 19:56 . 2009-07-02 23:34 58800 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe 2009-10-28 19:56 . 2009-07-02 23:34 58800 ----a-w- c:\windows\system32\ijjiPlugin2.dll 2009-10-28 19:56 . 2009-07-01 09:25 61440 ----a-w- c:\windows\system32\uc_atlantica_launching.dll 2009-10-28 19:56 . 2009-06-23 12:21 64000 ----a-w- c:\windows\system32\uc_sfighters_launching.dll 2009-10-28 19:56 . 2009-03-31 16:43 53248 ----a-w- c:\windows\system32\uc_luminary_launching.dll 2009-10-28 19:56 . 2009-01-29 10:53 87472 ----a-w- c:\windows\system32\ijjiChannelingPlugin.dll 2009-10-28 19:36 . 2009-10-28 22:39 -------- d-----w- c:\documents and settings\sacilyes\Application Data\Apple Computer 2009-10-28 19:36 . 2009-05-18 13:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-10-28 19:36 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2009-10-28 19:35 . 2009-10-28 19:35 -------- d-----w- c:\program files\iPod 2009-10-28 19:35 . 2009-10-28 19:36 -------- d-----w- c:\program files\iTunes 2009-10-28 19:35 . 2009-10-28 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-10-28 19:35 . 2009-10-28 19:35 -------- d-----w- c:\program files\Bonjour 2009-10-28 19:34 . 2009-10-28 19:35 -------- d-----w- c:\program files\QuickTime 2009-10-28 19:34 . 2009-10-28 19:34 -------- d-----w- c:\documents and settings\sacilyes\Local Settings\Application Data\Apple 2009-10-28 19:33 . 2009-10-28 19:33 -------- d-----w- c:\program files\Apple Software Update 2009-10-28 19:33 . 2009-10-28 19:35 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-10-28 19:33 . 2009-10-28 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-10-28 19:32 . 2009-10-28 23:27 -------- d-----w- c:\documents and settings\sacilyes\Local Settings\Application Data\Apple Computer 2009-10-28 18:37 . 2009-10-28 18:37 -------- d-----w- C:\Poker 2009-10-28 05:21 . 2009-10-28 05:46 -------- d-----w- c:\program files\TopDesk 2009-10-28 05:18 . 2009-10-28 05:21 -------- d-----w- c:\documents and settings\sacilyes\Application Data\OtakuSoftware 2009-10-28 04:59 . 2009-10-28 05:00 -------- d-----w- c:\documents and settings\sacilyes\Application Data\Real Desktop 2009-10-28 04:01 . 2009-10-28 04:01 -------- d-----w- c:\documents and settings\sacilyes\Local Settings\Application Data\Yahoo 2009-10-28 03:44 . 2009-10-28 20:50 -------- d-----w- c:\documents and settings\sacilyes\Application Data\vlc 2009-10-28 03:44 . 2009-10-28 03:44 -------- d-----w- c:\program files\Fichiers communs\Nosibay 2009-10-28 01:23 . 2009-10-28 01:23 -------- d-----w- c:\windows\system32\drivers\NIS 2009-10-28 01:23 . 2009-10-28 01:23 -------- d-----w- c:\program files\Norton Internet Security 2009-10-28 01:22 . 2009-10-28 01:22 -------- d-----w- c:\program files\NortonInstaller 2009-10-28 00:55 . 2009-10-28 00:55 -------- d-----w- c:\windows\Sun 2009-10-27 23:18 . 2009-10-28 18:24 -------- d-----w- c:\program files\Everest Poker 2009-10-27 22:03 . 2009-10-27 22:03 -------- d-----w- c:\program files\uTorrent 2009-10-27 21:52 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-10-27 20:43 . 2009-10-27 20:43 -------- d-----w- c:\documents and settings\sacilyes\Local Settings\Application Data\Symantec 2009-10-27 17:27 . 2009-10-27 17:27 -------- d-----w- c:\documents and settings\sacilyes\Local Settings\Application Data\Tific 2009-10-27 17:22 . 2009-10-27 17:22 -------- d-----w- c:\documents and settings\sacilyes\Application Data\Tific 2009-10-27 14:57 . 2009-10-27 14:57 -------- d-----w- c:\program files\Windows Sidebar 2009-10-27 14:57 . 2009-10-27 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2009-10-27 14:52 . 2009-10-27 14:52 -------- d-----w- C:\found.000 2009-10-27 14:43 . 2009-10-27 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-10-27 14:06 . 2009-10-27 15:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-10-26 21:10 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-10-26 19:56 . 2009-10-27 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-10-26 19:19 . 2009-10-26 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan 2009-10-24 19:17 . 2009-10-24 19:17 -------- d-----w- c:\program files\directx 2009-10-19 14:27 . 2009-10-19 14:27 -------- d-----w- c:\windows\USB Vibration 2009-10-19 14:26 . 2009-10-19 14:26 -------- d-----w- c:\program files\USB Vibration 2009-10-07 16:55 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll 2009-10-07 16:55 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll 2009-10-07 16:55 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe 2009-10-07 16:55 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll 2009-10-07 16:55 . 1998-08-17 09:21 10240 ----a-w- c:\windows\system32\vidx16.dll 2009-10-07 16:55 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv 2009-10-07 16:55 . 2009-10-07 16:55 4608 ----a-w- c:\windows\system32\w95inf32.dll 2009-10-07 16:55 . 2009-10-07 16:55 2272 ----a-w- c:\windows\system32\w95inf16.dll 2009-10-07 16:54 . 2009-10-07 17:05 -------- d-----w- C:\TELL ME MORE NV . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-29 01:30 . 2008-11-15 02:09 -------- d-----w- c:\documents and settings\sacilyes\Application Data\uTorrent 2009-10-29 00:13 . 2008-11-14 18:26 -------- d-----w- c:\program files\Windows Media Connect 2 2009-10-28 21:40 . 2006-08-21 09:58 -------- d-----w- c:\program files\Realtek 2009-10-28 19:56 . 2006-08-21 09:58 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-28 19:41 . 2009-04-20 12:14 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner 2009-10-28 19:39 . 2009-04-20 00:29 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E} 2009-10-28 19:39 . 2009-04-19 23:58 -------- d-----w- c:\program files\Uniblue 2009-10-28 19:35 . 2008-11-09 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-10-28 01:43 . 2006-08-21 11:58 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared 2009-10-28 01:24 . 2009-10-27 14:58 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2009-10-28 01:24 . 2009-10-27 14:58 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2009-10-28 01:24 . 2006-08-21 11:58 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-10-28 01:24 . 2006-08-21 11:58 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-10-28 01:24 . 2006-08-21 11:58 -------- d-----w- c:\program files\Symantec 2009-10-28 01:01 . 2006-08-21 11:51 -------- d-----w- c:\program files\Java 2009-10-28 00:41 . 2008-11-14 19:37 -------- d-----w- c:\program files\Microsoft Silverlight 2009-10-28 00:35 . 2006-08-21 01:40 556886 ----a-w- c:\windows\system32\perfh00C.dat 2009-10-28 00:35 . 2006-08-21 01:40 104864 ----a-w- c:\windows\system32\perfc00C.dat 2009-10-28 00:27 . 2008-11-08 00:53 -------- d-----w- c:\program files\Microsoft Works 2009-10-28 00:25 . 2009-04-22 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-10-27 21:07 . 2009-06-17 22:36 -------- d-----w- c:\program files\KONAMI 2009-10-27 15:35 . 2006-08-21 11:56 -------- d-----w- c:\program files\Google BAE 2009-10-27 14:45 . 2008-11-15 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-10-27 13:14 . 2008-12-24 00:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\Sony Corporation 2009-10-27 11:55 . 2008-12-11 23:00 -------- d-----w- c:\documents and settings\sacilyes\Application Data\dvdcss 2009-10-27 00:16 . 2009-04-20 11:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-26 22:48 . 2006-08-21 11:54 -------- d-----w- c:\program files\Fichiers communs\Adobe 2009-09-11 14:18 . 2006-08-21 01:40 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:04 . 2006-08-21 01:40 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:56 . 2006-08-21 01:40 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-26 08:01 . 2006-08-21 01:41 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-25 16:04 . 2009-08-25 16:04 75264 ----a-w- c:\windows\system32\uc_holybeast_launching.dll 2009-08-22 18:37 . 2009-08-22 18:37 101376 ----a-w- c:\windows\system32\drivers\ACEDRV07.sys 2009-08-17 22:33 . 2009-08-17 22:33 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-08 00:40 . 2009-03-24 17:01 26 ----a-w- c:\windows\fiupd.bat 2009-08-05 09:00 . 2006-08-21 01:40 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 17:27 . 2006-08-21 01:40 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-08-04 17:27 . 2004-08-04 00:48 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-07-31 21:50 . 2008-11-08 03:13 78192 ----a-w- c:\documents and settings\sacilyes\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-31 14:23 . 2009-04-01 20:06 411368 ----a-w- c:\windows\system32\deploytk.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . Note les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-17 39408] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-10-27 289072] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248] "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-08-10 217088] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768] "Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128] "VAIO Update 4"="c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe" [2008-08-24 870240] "AOLDialer"="c:\program files\Fichiers communs\AOL\ACS\AOLDial.exe" [2004-04-08 496752] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440] "Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\sacilyes\Menu D‚marrer\Programmes\D‚marrage\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2006-06-20 14:11 73728 ----a-w- c:\windows\system32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1100000.088\SymDS.sys [28/10/2009 02:23 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1100000.088\SymEFA.sys [28/10/2009 02:23 169008] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091013.001\BHDrvx86.sys [09/10/2009 22:38 508976] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1100000.088\ccHPx86.sys [28/10/2009 02:23 501888] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1100000.088\Ironx86.sys [28/10/2009 02:23 114736] R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?] R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [28/10/2009 02:23 126392] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [28/10/2009 21:23 604416] R2 Uniblue DiskRescue;Uniblue DiskRescue;c:\program files\Uniblue\DiskRescue\UBDiskRescueSrv.exe [10/09/2008 16:22 229648] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [28/10/2009 02:48 102448] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091021.001\IDSXpx86.sys [28/10/2009 02:49 329080] R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [21/08/2006 02:41 226304] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [22/08/2009 19:33 1527900] S3 getPlusHelper;getPlus® Helper;c:\windows\System32\svchost.exe -k getPlusHelper [21/08/2006 02:40 14336] S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?] --- Autres Services/Pilotes en mémoire --- Deregistered - mbr [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Tâches planifiées' 2009-10-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-10-29 c:\windows\Tasks\Maintenance en 1 clic.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:42] 2009-08-20 c:\windows\Tasks\Uniblue DiskRescue 2009.job - c:\program files\Uniblue\DiskRescue\UBDiskRescue.exe [2008-09-10 15:22] 2009-10-28 c:\windows\Tasks\User_Feed_Synchronization-{746E0404-117C-4B9D-94CF-C49374EF59DB}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . . ------- Examen supplémentaire ------- . uStart Page = www.ijji.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = about:blank uInternet Settings,ProxyOverride = .local IE: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000 IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Ajouter un site de support RSS à VAIO Information FLOW - c:\program files\Sony\VAIO Information FLOW\aiesc.html IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Transfert par Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm FF - ProfilePath - c:\documents and settings\sacilyes\Application Data\Mozilla\Firefox\Profiles\fjerp0ag.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - hxxp://www.msn.fr/ FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA1&q= FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHELINS SUPPRIMES - - - - URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file) HKCU-Run-Real Desktop - c:\program files\Real Desktop\Real Desktop.exe Notify-iifcAQKe - iifcAQKe.dll Notify-wvUoMfee - wvUoMfee.dll AddRemove-eBay Icon - c:\documents and settings\sacilyes\Application Data\Desktopicon\uninst.exe *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-29 02:29 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.0.0.136\diMaster.dll\" /prefetch:1" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-4057881633-1726885230-2263611219-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0E69F3F2-06FA-B159-FEBB-694902235E95}] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "palkhfjodgokbfalmfaohdgcfknkombf"=hex:6b,61,70,66,64,68,6f,68,6d,68,6e,6a,62, 6a,64,6d,68,65,70,64,61,62,00,00 "oabmbhabempfhoeobobjjhhnpcfjmo"=hex:6b,61,70,66,64,68,6f,68,6d,68,6e,6a,62,6a, 64,6d,68,65,70,64,61,62,00,00 [HKEY_USERS\S-1-5-21-4057881633-1726885230-2263611219-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8F239940-9976-87DC-8B16-7F6E78EF3009}] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "abhkijlenfgkkmmickpnpcgjabfijmdcla"=hex:6b,61,64,66,6d,63,62,68,6c,6f,6b,65, 6a,67,6e,6e,6a,68,63,6b,6f,6b,00,00 "pabkchmjcmimpldoijgjfggpakpolhnb"=hex:6b,61,64,66,6d,63,62,68,6c,6f,6b,65,6a, 67,6e,6e,6a,68,63,6b,6f,6b,00,7e [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€\|ÿÿÿÿ"•€\|ù•Ñw] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" "C040AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(716) c:\windows\system32\VESWinlogon.dll - - - - - - - > 'explorer.exe'(3100) c:\program files\Windows Media Player\wmpband.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\fr-fr\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\fr-fr\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Sony\VAIO Event Service\VESMgr.exe c:\windows\system32\igfxext.exe c:\windows\system32\igfxsrvc.exe c:\program files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe c:\windows\system32\SearchIndexer.exe c:\program files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe c:\program files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe c:\combofix\CF6530.exe c:\windows\system32\igfxsrvc.exe c:\program files\Apoint\Apntex.exe c:\program files\Apoint\Apvfb.exe c:\windows\system32\SearchProtocolHost.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\SearchFilterHost.exe c:\combofix\PEV.cfxxe . ************************************************************************* . Heure de fin: 2009-10-29 2:36 - La machine a redémarré ComboFix-quarantined-files.txt 2009-10-29 01:35 Avant-CF: 11 586 658 304 octets libres Après-CF: 11 674 632 192 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect - - End Of File - - 3198F714EAC46D2D69ABCF09E5D83DB2

Animal View Member Profile	Oct 28 2009, 09:46 PM Post #2
Bleepin' Animinion Group: Site Admin Posts: 9,795 Joined: 18-August 05 From: Now On... Member No.: 31,547	Please note the message text in blue at the top of the Am I infected? What do I do? forum. ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "*used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.* Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results. If needed, we will direct you to our HJT Preparation Guide. Thank you for using BleepingComputer as your malware removal source. This topic is now closed. If you have any questions, please PM a Moderator. The BC Staff/Animal -------------------- The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life. Andrew Brown "On the keyboard of life, always keep one finger on the escape key." — Scott Adams. Become a BleepingComputer fan: Facebook Follow us on Twitter!

« Next Oldest · Introductions · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 8th December 2009 - 11:01 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides