Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WINDOWS\system32\winjpg.jpg


  • This topic is locked This topic is locked
1 reply to this topic

#1 casanova0677

casanova0677

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:09 AM

Posted 28 October 2009 - 09:42 PM

ComboFix 09-10-27.08 - sacilyes 29/10/2009 2:18.1.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2550.1904 [GMT 1:00]
Lancé depuis: c:\documents and settings\sacilyes\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\sacilyes\Application Data\Desktopicon
c:\documents and settings\sacilyes\Application Data\Desktopicon\eBay.ico
c:\documents and settings\sacilyes\Application Data\Desktopicon\uninst.exe
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\QUAD Utilities
c:\program files\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll
c:\recycler\S-1-5-21-2802988887-3147844999-1626102716-500
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
D:\autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NWCWORKSTATION
-------\Service_NWCWorkstation


((((((((((((((((((((((((((((( Fichiers créés du 2009-09-28 au 2009-10-29 ))))))))))))))))))))))))))))))))))))
.

2009-10-29 00:11 . 2009-10-29 00:11 -------- d-----w- c:\windows\LastGood.Tmp
2009-10-29 00:11 . 2009-10-29 00:12 -------- d-----w- C:\801144522c88fab4be
2009-10-28 23:21 . 2009-10-28 23:22 -------- d-----w- c:\program files\Eufloria
2009-10-28 23:20 . 2009-10-28 23:20 60168 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-28 21:40 . 2005-05-03 17:43 69632 ----a-w- c:\windows\Alcmtr.exe
2009-10-28 21:38 . 2009-10-28 21:38 315392 ----a-w- c:\windows\HideWin.exe
2009-10-28 21:37 . 2009-10-28 21:37 -------- d-----w- C:\hp
2009-10-28 21:31 . 2009-10-28 21:31 -------- d-----w- c:\program files\GameTop.com
2009-10-28 20:44 . 2009-10-28 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\ijjigame
2009-10-28 20:23 . 2009-10-28 20:23 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-10-28 20:23 . 2009-04-27 12:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-10-28 20:23 . 2009-10-28 20:23 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-10-28 20:07 . 2009-10-28 20:07 -------- d-----w- c:\documents and settings\sacilyes\Application Data\TuneUp Software
2009-10-28 20:07 . 2009-10-28 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-10-28 20:07 . 2009-10-28 20:24 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-10-28 20:06 . 2009-10-28 20:06 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-10-28 19:56 . 2009-10-28 19:56 -------- d-----w- c:\program files\ijji
2009-10-28 19:56 . 2009-07-02 23:34 710064 ----a-w- c:\windows\system32\ijjiSetup.exe
2009-10-28 19:56 . 2009-07-02 23:34 58800 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
2009-10-28 19:56 . 2009-07-02 23:34 58800 ----a-w- c:\windows\system32\ijjiPlugin2.dll
2009-10-28 19:56 . 2009-07-01 09:25 61440 ----a-w- c:\windows\system32\uc_atlantica_launching.dll
2009-10-28 19:56 . 2009-06-23 12:21 64000 ----a-w- c:\windows\system32\uc_sfighters_launching.dll
2009-10-28 19:56 . 2009-03-31 16:43 53248 ----a-w- c:\windows\system32\uc_luminary_launching.dll
2009-10-28 19:56 . 2009-01-29 10:53 87472 ----a-w- c:\windows\system32\ijjiChannelingPlugin.dll
2009-10-28 19:36 . 2009-10-28 22:39 -------- d-----w- c:\documents and settings\sacilyes\Application Data\Apple Computer
2009-10-28 19:36 . 2009-05-18 13:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-28 19:36 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-28 19:35 . 2009-10-28 19:35 -------- d-----w- c:\program files\iPod
2009-10-28 19:35 . 2009-10-28 19:36 -------- d-----w- c:\program files\iTunes
2009-10-28 19:35 . 2009-10-28 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-28 19:35 . 2009-10-28 19:35 -------- d-----w- c:\program files\Bonjour
2009-10-28 19:34 . 2009-10-28 19:35 -------- d-----w- c:\program files\QuickTime
2009-10-28 19:34 . 2009-10-28 19:34 -------- d-----w- c:\documents and settings\sacilyes\Local Settings\Application Data\Apple
2009-10-28 19:33 . 2009-10-28 19:33 -------- d-----w- c:\program files\Apple Software Update
2009-10-28 19:33 . 2009-10-28 19:35 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-10-28 19:33 . 2009-10-28 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-28 19:32 . 2009-10-28 23:27 -------- d-----w- c:\documents and settings\sacilyes\Local Settings\Application Data\Apple Computer
2009-10-28 18:37 . 2009-10-28 18:37 -------- d-----w- C:\Poker
2009-10-28 05:21 . 2009-10-28 05:46 -------- d-----w- c:\program files\TopDesk
2009-10-28 05:18 . 2009-10-28 05:21 -------- d-----w- c:\documents and settings\sacilyes\Application Data\OtakuSoftware
2009-10-28 04:59 . 2009-10-28 05:00 -------- d-----w- c:\documents and settings\sacilyes\Application Data\Real Desktop
2009-10-28 04:01 . 2009-10-28 04:01 -------- d-----w- c:\documents and settings\sacilyes\Local Settings\Application Data\Yahoo
2009-10-28 03:44 . 2009-10-28 20:50 -------- d-----w- c:\documents and settings\sacilyes\Application Data\vlc
2009-10-28 03:44 . 2009-10-28 03:44 -------- d-----w- c:\program files\Fichiers communs\Nosibay
2009-10-28 01:23 . 2009-10-28 01:23 -------- d-----w- c:\windows\system32\drivers\NIS
2009-10-28 01:23 . 2009-10-28 01:23 -------- d-----w- c:\program files\Norton Internet Security
2009-10-28 01:22 . 2009-10-28 01:22 -------- d-----w- c:\program files\NortonInstaller
2009-10-28 00:55 . 2009-10-28 00:55 -------- d-----w- c:\windows\Sun
2009-10-27 23:18 . 2009-10-28 18:24 -------- d-----w- c:\program files\Everest Poker
2009-10-27 22:03 . 2009-10-27 22:03 -------- d-----w- c:\program files\uTorrent
2009-10-27 21:52 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-27 20:43 . 2009-10-27 20:43 -------- d-----w- c:\documents and settings\sacilyes\Local Settings\Application Data\Symantec
2009-10-27 17:27 . 2009-10-27 17:27 -------- d-----w- c:\documents and settings\sacilyes\Local Settings\Application Data\Tific
2009-10-27 17:22 . 2009-10-27 17:22 -------- d-----w- c:\documents and settings\sacilyes\Application Data\Tific
2009-10-27 14:57 . 2009-10-27 14:57 -------- d-----w- c:\program files\Windows Sidebar
2009-10-27 14:57 . 2009-10-27 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-10-27 14:52 . 2009-10-27 14:52 -------- d-----w- C:\found.000
2009-10-27 14:43 . 2009-10-27 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-10-27 14:06 . 2009-10-27 15:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-10-26 21:10 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-26 19:56 . 2009-10-27 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-26 19:19 . 2009-10-26 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-10-24 19:17 . 2009-10-24 19:17 -------- d-----w- c:\program files\directx
2009-10-19 14:27 . 2009-10-19 14:27 -------- d-----w- c:\windows\USB Vibration
2009-10-19 14:26 . 2009-10-19 14:26 -------- d-----w- c:\program files\USB Vibration
2009-10-07 16:55 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2009-10-07 16:55 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2009-10-07 16:55 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe
2009-10-07 16:55 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll
2009-10-07 16:55 . 1998-08-17 09:21 10240 ----a-w- c:\windows\system32\vidx16.dll
2009-10-07 16:55 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv
2009-10-07 16:55 . 2009-10-07 16:55 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-10-07 16:55 . 2009-10-07 16:55 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-10-07 16:54 . 2009-10-07 17:05 -------- d-----w- C:\TELL ME MORE NV

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-29 01:30 . 2008-11-15 02:09 -------- d-----w- c:\documents and settings\sacilyes\Application Data\uTorrent
2009-10-29 00:13 . 2008-11-14 18:26 -------- d-----w- c:\program files\Windows Media Connect 2
2009-10-28 21:40 . 2006-08-21 09:58 -------- d-----w- c:\program files\Realtek
2009-10-28 19:56 . 2006-08-21 09:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-28 19:41 . 2009-04-20 12:14 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-10-28 19:39 . 2009-04-20 00:29 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-10-28 19:39 . 2009-04-19 23:58 -------- d-----w- c:\program files\Uniblue
2009-10-28 19:35 . 2008-11-09 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-28 01:43 . 2006-08-21 11:58 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2009-10-28 01:24 . 2009-10-27 14:58 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-10-28 01:24 . 2009-10-27 14:58 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-10-28 01:24 . 2006-08-21 11:58 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-28 01:24 . 2006-08-21 11:58 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-28 01:24 . 2006-08-21 11:58 -------- d-----w- c:\program files\Symantec
2009-10-28 01:01 . 2006-08-21 11:51 -------- d-----w- c:\program files\Java
2009-10-28 00:41 . 2008-11-14 19:37 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-28 00:35 . 2006-08-21 01:40 556886 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-28 00:35 . 2006-08-21 01:40 104864 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-28 00:27 . 2008-11-08 00:53 -------- d-----w- c:\program files\Microsoft Works
2009-10-28 00:25 . 2009-04-22 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-27 21:07 . 2009-06-17 22:36 -------- d-----w- c:\program files\KONAMI
2009-10-27 15:35 . 2006-08-21 11:56 -------- d-----w- c:\program files\Google BAE
2009-10-27 14:45 . 2008-11-15 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-27 13:14 . 2008-12-24 00:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\Sony Corporation
2009-10-27 11:55 . 2008-12-11 23:00 -------- d-----w- c:\documents and settings\sacilyes\Application Data\dvdcss
2009-10-27 00:16 . 2009-04-20 11:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-26 22:48 . 2006-08-21 11:54 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-09-11 14:18 . 2006-08-21 01:40 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:04 . 2006-08-21 01:40 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:56 . 2006-08-21 01:40 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:01 . 2006-08-21 01:41 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 16:04 . 2009-08-25 16:04 75264 ----a-w- c:\windows\system32\uc_holybeast_launching.dll
2009-08-22 18:37 . 2009-08-22 18:37 101376 ----a-w- c:\windows\system32\drivers\ACEDRV07.sys
2009-08-17 22:33 . 2009-08-17 22:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-08 00:40 . 2009-03-24 17:01 26 ----a-w- c:\windows\fiupd.bat
2009-08-05 09:00 . 2006-08-21 01:40 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:27 . 2006-08-21 01:40 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:27 . 2004-08-04 00:48 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-31 21:50 . 2008-11-08 03:13 78192 ----a-w- c:\documents and settings\sacilyes\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-31 14:23 . 2009-04-01 20:06 411368 ----a-w- c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-17 39408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-10-27 289072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-08-10 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"VAIO Update 4"="c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe" [2008-08-24 870240]
"AOLDialer"="c:\program files\Fichiers communs\AOL\ACS\AOLDial.exe" [2004-04-08 496752]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2002-03-14 45056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\sacilyes\Menu D‚marrer\Programmes\D‚marrage\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-20 14:11 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1100000.088\SymDS.sys [28/10/2009 02:23 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1100000.088\SymEFA.sys [28/10/2009 02:23 169008]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091013.001\BHDrvx86.sys [09/10/2009 22:38 508976]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1100000.088\ccHPx86.sys [28/10/2009 02:23 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1100000.088\Ironx86.sys [28/10/2009 02:23 114736]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [28/10/2009 02:23 126392]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [28/10/2009 21:23 604416]
R2 Uniblue DiskRescue;Uniblue DiskRescue;c:\program files\Uniblue\DiskRescue\UBDiskRescueSrv.exe [10/09/2008 16:22 229648]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [28/10/2009 02:48 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091021.001\IDSXpx86.sys [28/10/2009 02:49 329080]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [21/08/2006 02:41 226304]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [22/08/2009 19:33 1527900]
S3 getPlusHelper;getPlus® Helper;c:\windows\System32\svchost.exe -k getPlusHelper [21/08/2006 02:40 14336]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'

2009-10-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-10-29 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:42]

2009-08-20 c:\windows\Tasks\Uniblue DiskRescue 2009.job
- c:\program files\Uniblue\DiskRescue\UBDiskRescue.exe [2008-09-10 15:22]

2009-10-28 c:\windows\Tasks\User_Feed_Synchronization-{746E0404-117C-4B9D-94CF-C49374EF59DB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = www.ijji.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter un site de support RSS à VAIO Information FLOW - c:\program files\Sony\VAIO Information FLOW\aiesc.html
IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Transfert par Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm
FF - ProfilePath - c:\documents and settings\sacilyes\Application Data\Mozilla\Firefox\Profiles\fjerp0ag.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA1&q=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
HKCU-Run-Real Desktop - c:\program files\Real Desktop\Real Desktop.exe
Notify-iifcAQKe - iifcAQKe.dll
Notify-wvUoMfee - wvUoMfee.dll
AddRemove-eBay Icon - c:\documents and settings\sacilyes\Application Data\Desktopicon\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-29 02:29
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-4057881633-1726885230-2263611219-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0E69F3F2-06FA-B159-FEBB-694902235E95}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"palkhfjodgokbfalmfaohdgcfknkombf"=hex:6b,61,70,66,64,68,6f,68,6d,68,6e,6a,62,
6a,64,6d,68,65,70,64,61,62,00,00
"oabmbhabempfhoeobobjjhhnpcfjmo"=hex:6b,61,70,66,64,68,6f,68,6d,68,6e,6a,62,6a,
64,6d,68,65,70,64,61,62,00,00

[HKEY_USERS\S-1-5-21-4057881633-1726885230-2263611219-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8F239940-9976-87DC-8B16-7F6E78EF3009}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abhkijlenfgkkmmickpnpcgjabfijmdcla"=hex:6b,61,64,66,6d,63,62,68,6c,6f,6b,65,
6a,67,6e,6e,6a,68,63,6b,6f,6b,00,00
"pabkchmjcmimpldoijgjfggpakpolhnb"=hex:6b,61,64,66,6d,63,62,68,6c,6f,6b,65,6a,
67,6e,6e,6a,68,63,6b,6f,6b,00,7e

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|ù•Ñw*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"C040AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(3100)
c:\program files\Windows Media Player\wmpband.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\fr-fr\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\fr-fr\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\combofix\CF6530.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Apoint\Apvfb.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\SearchFilterHost.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Heure de fin: 2009-10-29 2:36 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-10-29 01:35

Avant-CF: 11 586 658 304 octets libres
Après-CF: 11 674 632 192 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

- - End Of File - - 3198F714EAC46D2D69ABCF09E5D83DB2

BC AdBot (Login to Remove)

 


#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:06:09 PM

Posted 28 October 2009 - 09:46 PM

Please note the message text in blue at the top of the Am I infected? What do I do? forum.

ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed. If you have any questions, please PM a Moderator.
The BC Staff/Animal

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users