Bienvenido: ( Identificarse | Registrarse )      
Foros de Trucos Windows
 
 Closed TopicStart new topicStart Poll

Outline · [ Estándar ] · Lineal+

> Cuando hago click en un link, abre otra pagina, Master Anti Spyware se instalo solito

planeta24_03
post Jul 9 2008, 09:22 AM
Publicado: #1


Newbie
*

Grupo: Members
Mensajes: 20
Registrado: 10-March 08
Miembro nº: 226.290
Hola,
desde ayer tengo problemas con este pc.
Entré a varias paginas buscando subtitulos para una pelicula, y en alguna de esas atrapé algo feo: desactivó el task manager, se puso hiper lento, etc. Le pasé el Super Anti Spyware que detectó muchas cosas y las 'limpió' (dizque). Le pasé el CCleaner y el ATF Cleaner. Limpié los archivos de la consola Java. Le pasé el Hi-Jack y le marqué los dlls con nombre aleatorio que aparecian. Le reactivé el task manager via el regedit.
La acabo de reiniciar, pero cuando hago click en un link en una pagina, me abre cualquier otra, con un nombrealeatorio.com (pero si copio el link en la barra de direcciones del IE creo que si funciona).
Por favor ayudenme!
Gracias por estar ahi siempre victory.gif

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:22:52, on 09/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\HP_Propriétaire\Bureau\hithis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe (file missing)
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 6524 bytes

Encontré estos files dentro de la carpeta windows\system32, que corresponden a la hora en que empezaron mis problemas:
JQtAayay.ini
JQtAayay.ini2
riqanggu.ini
kjphwr.dll
eggxxurx.dll
uggnaqir.dll
jvqtvsed.dll
a387680c-.txt
jjmtrdahczntrthh.exe
g59.exe
hljwugsf.bin

Desactivé el resataurador del sistema.
Cuando trato de abrir los links de los antivirus (ex: http://www.bitdefender.es/scan8/ie.html), busca el 127.0.0.1 y obviamente no pasa nada.

Gracias por la ayuda!


User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Caito
post Jul 9 2008, 02:51 PM
Publicado: #2


No Spiware
Group Icon

Grupo: Supervisor Global
Mensajes: 16.776
Registrado: 15-August 04
Desde: Argentina
Miembro nº: 13.043
Descarga la utilidad ComboFix.exe (Windows 98/ME/2000/XP)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/Beta/ComboFix.exe

Desactiva temporalmente el Antivirus y/o Antispyware.
Cierra todas las ventanas abiertas.

*Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
*Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

-Ejecuta ComboFix.exe para iniciar el programa.

-Se abrirá la ventana del programa en modo MS-DOS. Pulsa inmediatamente la tecla "Y" (Yes) y después sobre ENTER para iniciar el proceso de detección y limpieza.

-Los iconos del Escritorio desaparecerán (esto es normal) y aparecerá el mensaje "Performing a scan of your machine".

- A continuación, aparecerá el mensaje "Preparing a log report" "This takes a while. So, please be patient".

-Seguidamente, aparecerán los mensajes "Almost done..." "A report of Combofix's actions would be produced at C:\Combofix.txt".

-Se paciente y espera a que la ventana del programa se cierre sola y se muestre el archivo C:\Combofix.txt. Los iconos del Escritorio volverán a su sitio sin necesidad de tener que reiniciar el PC.

-Por último, el informe combofix.txt mostrará los archivos detectados y eliminados, ese tal reporte lo pegas acá

- Además pon un nuevo log del hijack
Saludos
Caito
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
planeta24_03
post Jul 9 2008, 07:09 PM
Publicado: #3


Newbie
*

Grupo: Members
Mensajes: 20
Registrado: 10-March 08
Miembro nº: 226.290
Hola,
No quiere abrir los enlaces que me pusiste para bajar el combofix. Los bajé en otro PC y los puse en un usb drive y los copié en el PC infectado, y no quiere ejecutarlo. Al hacer doble click, el PC aparentemente no hace nada.
Gracias por ayudarme.


User is offlineProfile CardPM
Go to the top of the page
+Quote Post
planeta24_03
post Jul 9 2008, 08:12 PM
Publicado: #4


Newbie
*

Grupo: Members
Mensajes: 20
Registrado: 10-March 08
Miembro nº: 226.290
Hola,

Logré ejecutar el COMBOFIX cambiandole de nombre al .exe.
Aqui les pego el nuevo log hijackthis. No encuentro el log del combofix... ni en el directorio del combo ni en la raiz.
Gracias de nuevo!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:08, on 2008-07-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\hithis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe (file missing)
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 6618 bytes
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
yosoydoug
post Jul 9 2008, 09:48 PM
Publicado: #5


AnTi_MaLwArE
Group Icon

Grupo: Moderadores
Mensajes: 4.280
Registrado: 11-January 07
Desde: Paraguay
Miembro nº: 190.609
falta el log del combo fix

slds
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
planeta24_03
post Jul 9 2008, 10:15 PM
Publicado: #6


Newbie
*

Grupo: Members
Mensajes: 20
Registrado: 10-March 08
Miembro nº: 226.290
Como expliqué antes, no encuentro el log del combofix.
Ni en la raiz ni en el folder del combofix.

Gracias por su ayuda.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
yosoydoug
post Jul 9 2008, 10:22 PM
Publicado: #7


AnTi_MaLwArE
Group Icon

Grupo: Moderadores
Mensajes: 4.280
Registrado: 11-January 07
Desde: Paraguay
Miembro nº: 190.609
Prueba con el buscador de windows con esta palabra combofix.txt

slds
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
planeta24_03
post Jul 9 2008, 10:43 PM
Publicado: #8


Newbie
*

Grupo: Members
Mensajes: 20
Registrado: 10-March 08
Miembro nº: 226.290
Qué tonta soy! gracias
aqui les va el log del combofix:

ComboFix 08-07-08.9 - HP_Propriétaire 2008-07-09 20:46:41.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.243 [GMT 2:00]
Endroit: C:\ComboFix\Cbofix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Propriétaire\Application Data\ICROSO~1
C:\Documents and Settings\HP_Propriétaire\Application Data\ICROSO~1\?icrosoft\
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
C:\Program Files\fnts~1
C:\Program Files\winupdates
C:\Program Files\winupdates\a.zip
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\444.470
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\g32.txt
C:\WINDOWS\IA
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\clbdll.dll
C:\WINDOWS\system32\clbdll.old
C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\cookie.dat
C:\WINDOWS\system32\drivers\clbdriver.sys
C:\WINDOWS\system32\help.txt
C:\WINDOWS\system32\kctkvlko.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\oeminfo.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\ps.dat
C:\WINDOWS\system32\sCfOnnmp.ini
C:\WINDOWS\system32\sCfOnnmp.ini2
C:\WINDOWS\system32\ssutBcfe.ini
C:\WINDOWS\system32\ssutBcfe.ini2
C:\WINDOWS\update.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER
-------\Legacy_DRIVER
-------\Legacy_K53LOCK
-------\Legacy_MSSECURITY1.209.4
-------\Service_Driver
-------\Service_k53lock


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-09 to 2008-07-09 ))))))))))))))))))))))))))))))))))))
.

2008-07-09 12:23 . 2008-07-09 12:45 <REP> d-------- C:\fixwareout
2008-07-09 11:50 . 2008-07-09 12:16 49,074,432 --a------ C:\avg_free_stf_en_8_101a1327.exe
2008-07-08 22:18 . 2008-07-08 22:21 110,443 --a------ C:\WINDOWS\BMab979fee.xml
2008-07-08 22:08 . 2004-08-05 05:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-08 22:07 . 2008-07-09 09:24 <REP> d-------- C:\WINDOWS\system32\ver
2008-07-08 22:07 . 2008-07-08 22:07 <REP> d-------- C:\WINDOWS\system32\olixds01
2008-07-08 22:07 . 2008-07-08 22:07 <REP> d-------- C:\WINDOWS\system32\ole
2008-07-08 22:07 . 2008-07-09 09:24 <REP> d-------- C:\WINDOWS\system32\IP3
2008-07-08 22:07 . 2008-07-09 09:24 <REP> d-------- C:\WINDOWS\system32\dapi
2008-07-08 22:07 . 2008-07-08 22:07 <REP> d-------- C:\TEMP\stmpv4
2008-07-06 12:25 . 2008-07-06 12:24 29,760 --a------ C:\WINDOWS\system32\oi3X8efj.exe
2008-07-06 12:25 . 2008-07-06 12:25 0 --a------ C:\WINDOWS\system32\oi3X8efj.exe.a_a
2008-07-05 07:05 . 2008-07-05 07:05 32,768 --a------ C:\WINDOWS\system32\olixds01\olixds011065.exe
2008-07-03 08:09 . 2008-07-03 08:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-03 08:09 . 2008-07-03 08:09 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-25 11:05 . 2008-06-25 11:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\QubeSoft
2008-06-25 11:02 . 2008-06-25 11:02 <REP> d-------- C:\Program Files\LEGO Software
2008-06-14 18:46 . 2008-06-14 18:46 <REP> d-------- C:\Program Files\BayGenie
2008-06-09 12:51 . 2008-06-09 12:54 <REP> d-------- C:\Program Files\Picasa2
2008-06-09 07:46 . 2008-06-09 07:46 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
2008-06-09 07:16 . 2008-06-09 07:16 29,760 --a------ C:\WINDOWS\system32\5PteOI43.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 08:32 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2008-06-25 09:05 --------- d-----w C:\Program Files\LEGO Company
2008-06-24 06:16 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-11 00:35 --------- d-----w C:\Program Files\eMule
2008-06-09 10:51 --------- d-----w C:\Program Files\Google
2008-05-31 14:29 --------- d-----w C:\Program Files\Oxin's Style!
2008-05-10 19:51 --------- d-----w C:\Program Files\Spyware Terminator
2008-05-10 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-10 19:16 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-05-10 19:16 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-10 19:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2005-08-31 08:09 24 ----a-w C:\Program Files\lista.txt
2007-06-21 17:38 30,280 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
2007-06-21 17:38 79,432 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
2007-06-21 17:38 71,240 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
2007-06-21 17:38 140,872 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
2007-06-21 17:39 38,472 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
2007-06-21 17:39 46,664 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
2007-06-21 17:39 34,376 ----a-w C:\Program Files\mozilla firefox\plugins\logging.dll
2007-06-21 17:39 685,640 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-21 17:40 30,280 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-11 14:47 7311360]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-06-10 12:54 286720]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.3ivx"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv0"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv1"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv2"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3ivd"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
"vidc.mjpg"= C:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\m3jpeg32.dll
"vidc.dmb1"= C:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\m3jpeg32.dll
"vidc.mj2c"= C:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\M3JP2K32.dll
"vidc.tvmj"= C:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\MMTVMJ.dll
"vidc.fljp"= C:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\MMTVMJ.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EPSON Background Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\EPSON Background Monitor.lnk
backup=C:\WINDOWS\pss\EPSON Background Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ralink Wireless Utility.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Ralink Wireless Utility.lnk
backup=C:\WINDOWS\pss\Ralink Wireless Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Propriétaire^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Propriétaire^Menu Démarrer^Programmes^Démarrage^DW_Start.lnk]
path=C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
backup=C:\WINDOWS\pss\DW_Start.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Propriétaire^Menu Démarrer^Programmes^Démarrage^PowerReg Scheduler V3.exe]
path=C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler V3.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Propriétaire^Menu Démarrer^Programmes^Démarrage^[AIO] TEXAS HOLDEM POKER PACK (FULL).lnk]
path=C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage\[AIO] TEXAS HOLDEM POKER PACK (FULL).lnk
backup=C:\WINDOWS\pss\[AIO] TEXAS HOLDEM POKER PACK (FULL).lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zxqnt]
C:\Program Files\F?nts\m?hta.exe [?]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-07-25 00:00 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-22 23:24 620152 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
--a------ 2004-12-16 17:49 49152 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-05 12:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 14:11 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-08-04 09:07 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-11-11 14:47 7311360 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-15 00:43 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2004-04-14 21:43 233472 C:\WINDOWS\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIS2PostReboot]
--a------ 2001-04-27 15:19 212992 C:\Program Files\LEGO MINDSTORMS\RIS 2.0\LaunchRis2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]
--a------ 2004-05-20 10:47 249856 C:\WINDOWS\system32\Keyhook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]
--a------ 2004-08-04 09:07 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINREMOTE]
--a------ 2004-06-25 12:47 192512 C:\Program Files\InterVideo\Common\Bin\WinRemote.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-06-29 18:06 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-11-11 14:47 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\backburner\\server.exe"=
"C:\\MBS\\gwrd.exe"=
"C:\\MBS\\disp+work.exe"=
"C:\\MBS\\msg_server.exe"=
"C:\\Program Files\\SAPpc\\sapgui\\sapgui.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Roxio\\Creator Classic 9\\Creator9.exe"=
"C:\\Program Files\\freeBrowser\\freeBrowser\\freeBrowser.exe"=
"C:\\Program Files\\freeBrowser\\vlc\\vlc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Valve\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 c2scsi;c2scsi;C:\WINDOWS\system32\drivers\c2scsi.sys [2006-03-04 14:00]
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-01 21:06]
R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-06-23 21:34]
R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-05-27 19:49]
R3 snpstd2;VideoCAM Look;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-07-28 12:49]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S2 WebDriveFSD;WebDrive File System Driver;C:\Program Files\NetDrive\rffsd.sys []
S3 LTower;LEGO USB Tower Driver;C:\WINDOWS\system32\Drivers\LTower.sys [2001-04-25 17:44]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db73e190-e76b-11dc-90f6-00112f941e50}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-07-07 07:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-06-15 08:00:01 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-06-15 09:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-06-15 10:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-06 11:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-06 22:21:02 C:\WINDOWS\Tasks\At145.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-06 23:00:01 C:\WINDOWS\Tasks\At146.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-07 00:00:01 C:\WINDOWS\Tasks\At147.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-07 01:00:01 C:\WINDOWS\Tasks\At148.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-07 02:00:03 C:\WINDOWS\Tasks\At149.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-06 12:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-07 03:00:01 C:\WINDOWS\Tasks\At150.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-07 04:00:01 C:\WINDOWS\Tasks\At151.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-07 05:00:01 C:\WINDOWS\Tasks\At152.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-07 06:00:01 C:\WINDOWS\Tasks\At153.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-07 07:00:01 C:\WINDOWS\Tasks\At154.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-06-15 08:00:06 C:\WINDOWS\Tasks\At155.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-06-15 09:00:01 C:\WINDOWS\Tasks\At156.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-06-15 10:00:02 C:\WINDOWS\Tasks\At157.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-06 11:00:01 C:\WINDOWS\Tasks\At158.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-06 12:00:02 C:\WINDOWS\Tasks\At159.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-06 13:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-06 13:00:03 C:\WINDOWS\Tasks\At160.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-06 14:00:01 C:\WINDOWS\Tasks\At161.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-06 15:00:01 C:\WINDOWS\Tasks\At162.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-06 16:00:06 C:\WINDOWS\Tasks\At163.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-06 17:00:01 C:\WINDOWS\Tasks\At164.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-06 18:00:01 C:\WINDOWS\Tasks\At165.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-06 19:00:01 C:\WINDOWS\Tasks\At166.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-06 20:00:03 C:\WINDOWS\Tasks\At167.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-06 21:00:04 C:\WINDOWS\Tasks\At168.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-06 22:32:01 C:\WINDOWS\Tasks\At169.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-06 14:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-06 23:00:01 C:\WINDOWS\Tasks\At170.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-07 00:00:01 C:\WINDOWS\Tasks\At171.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-07 01:00:01 C:\WINDOWS\Tasks\At172.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-07 02:00:03 C:\WINDOWS\Tasks\At173.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-07 03:00:01 C:\WINDOWS\Tasks\At174.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-07 04:00:01 C:\WINDOWS\Tasks\At175.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-07 05:00:01 C:\WINDOWS\Tasks\At176.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-07 06:00:01 C:\WINDOWS\Tasks\At177.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-07 07:00:01 C:\WINDOWS\Tasks\At178.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-06 10:25:11 C:\WINDOWS\Tasks\At179.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-06 15:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-06 10:25:11 C:\WINDOWS\Tasks\At180.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-06 10:25:11 C:\WINDOWS\Tasks\At181.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-06 11:00:01 C:\WINDOWS\Tasks\At182.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-06 12:00:02 C:\WINDOWS\Tasks\At183.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-06 13:00:03 C:\WINDOWS\Tasks\At184.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-06 14:00:02 C:\WINDOWS\Tasks\At185.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-06 15:00:01 C:\WINDOWS\Tasks\At186.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-06 16:00:06 C:\WINDOWS\Tasks\At187.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-06 17:00:01 C:\WINDOWS\Tasks\At188.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-06 18:00:01 C:\WINDOWS\Tasks\At189.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-06 16:00:02 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-06 19:00:01 C:\WINDOWS\Tasks\At190.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-06 20:00:03 C:\WINDOWS\Tasks\At191.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-06 21:00:02 C:\WINDOWS\Tasks\At192.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-06 23:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-06 17:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-06 18:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-06 19:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-06 20:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-06 21:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-07 00:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-07 01:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-07 02:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-07 03:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-07 04:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-07 05:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-07 06:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2007-05-15 09:59:58 C:\WINDOWS\Tasks\bghyrd.job"

Gracias!!
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Lestat
post Jul 10 2008, 01:50 AM
Publicado: #9


Experto Logs HijackThis
Group Icon

Grupo: Global
Mensajes: 9.989
Registrado: 15-April 06
Desde: Vigo-Galicia
Miembro nº: 165.999
1.-Abre el Notepad (Bloc de Notas)

* Ir a INICIO > EJECUTAR >
* Y ahí pones notepad.exe y ACEPTAR

2.-Ahora copia y pega estos archivos dentro del Notepad
CODE

KillAll::

File::
C:\WINDOWS\BMab979fee.xml
C:\WINDOWS\system32\beep.sys
C:\WINDOWS\system32\ver
C:\WINDOWS\system32\olixds01
C:\WINDOWS\system32\ole
C:\WINDOWS\system32\dapi
C:\TEMP\stmpv4
C:\WINDOWS\system32\oi3X8efj.exe
C:\WINDOWS\system32\oi3X8efj.exe.a_a
C:\WINDOWS\system32\olixds01\olixds011065.exe
C:\WINDOWS\system32\5PteOI43.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db73e190-e76b-11dc-90f6-00112f941e50}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe


3.- Graba este archivo con el nombre CFScript.txt ,déjalo en tu escritorio y reinicia en Modo Seguro.


4.-A continuación arrastrar y soltar el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra la animación de abajo. Esto activara ComboFix nuevamente.

imagen externa



Pegas el report y un nuevo log de Hijackthis

Un Saludo
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
planeta24_03
post Jul 10 2008, 02:03 PM
Publicado: #10


Newbie
*

Grupo: Members
Mensajes: 20
Registrado: 10-March 08
Miembro nº: 226.290
Aqui les van los nuevos reports y logs:

ComboFix 08-07-08.9 - HP_Propriétaire 2008-07-10 14:35:55.2 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.338 [GMT 2:00]
Endroit: C:\ComboFix\Cbofix.exe
Command switches used :: C:\ComboFix\CFScript.txt

FILE ::
C:\TEMP\stmpv4
C:\WINDOWS\BMab979fee.xml
C:\WINDOWS\system32\5PteOI43.exe
C:\WINDOWS\system32\beep.sys
C:\WINDOWS\system32\dapi
C:\WINDOWS\system32\oi3X8efj.exe
C:\WINDOWS\system32\oi3X8efj.exe.a_a
C:\WINDOWS\system32\ole
C:\WINDOWS\system32\olixds01
C:\WINDOWS\system32\olixds01\olixds011065.exe
C:\WINDOWS\system32\ver
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMab979fee.xml
C:\WINDOWS\system32\5PteOI43.exe
C:\WINDOWS\system32\beep.sys
C:\WINDOWS\system32\oi3X8efj.exe
C:\WINDOWS\system32\oi3X8efj.exe.a_a
C:\WINDOWS\system32\olixds01\olixds011065.exe
.
---- Previous Run -------
.
C:\Documents and Settings\HP_Propriétaire\Application Data\ICROSO~1
C:\Documents and Settings\HP_Propriétaire\Application Data\ICROSO~1\?icrosoft\
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
C:\Program Files\fnts~1
C:\Program Files\winupdates
C:\Program Files\winupdates\a.zip
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\444.470
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\g32.txt
C:\WINDOWS\IA
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\clbdll.dll
C:\WINDOWS\system32\clbdll.old
C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\cookie.dat
C:\WINDOWS\system32\drivers\clbdriver.sys
C:\WINDOWS\system32\help.txt
C:\WINDOWS\system32\kctkvlko.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\oeminfo.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\ps.dat
C:\WINDOWS\system32\sCfOnnmp.ini
C:\WINDOWS\system32\sCfOnnmp.ini2
C:\WINDOWS\system32\ssutBcfe.ini
C:\WINDOWS\system32\ssutBcfe.ini2
C:\WINDOWS\update.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER
-------\Legacy_DRIVER
-------\Legacy_K53LOCK
-------\Legacy_MSSECURITY1.209.4
-------\Service_Driver
-------\Service_k53lock


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-10 to 2008-07-10 ))))))))))))))))))))))))))))))))))))
.

2008-07-09 12:23 . 2008-07-09 12:45 <REP> d-------- C:\fixwareout
2008-07-09 11:50 . 2008-07-09 12:16 49,074,432 --a------ C:\avg_free_stf_en_8_101a1327.exe
2008-07-08 22:07 . 2008-07-09 09:24 <REP> d-------- C:\WINDOWS\system32\ver
2008-07-08 22:07 . 2008-07-10 14:36 <REP> d-------- C:\WINDOWS\system32\olixds01
2008-07-08 22:07 . 2008-07-08 22:07 <REP> d-------- C:\WINDOWS\system32\ole
2008-07-08 22:07 . 2008-07-09 09:24 <REP> d-------- C:\WINDOWS\system32\IP3
2008-07-08 22:07 . 2008-07-09 09:24 <REP> d-------- C:\WINDOWS\system32\dapi
2008-07-08 22:07 . 2008-07-08 22:07 <REP> d-------- C:\TEMP\stmpv4
2008-07-03 08:09 . 2008-07-03 08:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-03 08:09 . 2008-07-03 08:09 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-25 11:05 . 2008-06-25 11:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\QubeSoft
2008-06-25 11:02 . 2008-06-25 11:02 <REP> d-------- C:\Program Files\LEGO Software
2008-06-14 18:46 . 2008-06-14 18:46 <REP> d-------- C:\Program Files\BayGenie

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 08:32 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2008-06-25 09:05 --------- d-----w C:\Program Files\LEGO Company
2008-06-24 06:16 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-11 00:35 --------- d-----w C:\Program Files\eMule
2008-06-09 10:54 --------- d-----w C:\Program Files\Picasa2
2008-06-09 10:51 --------- d-----w C:\Program Files\Google
2008-05-31 14:29 --------- d-----w C:\Program Files\Oxin's Style!
2008-05-10 19:51 --------- d-----w C:\Program Files\Spyware Terminator
2008-05-10 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-10 19:16 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-05-10 19:16 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-10 19:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2005-08-31 08:09 24 ----a-w C:\Program Files\lista.txt
2007-06-21 17:38 30,280 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
2007-06-21 17:38 79,432 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
2007-06-21 17:38 71,240 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
2007-06-21 17:38 140,872 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
2007-06-21 17:39 38,472 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
2007-06-21 17:39 46,664 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
2007-06-21 17:39 34,376 ----a-w C:\Program Files\mozilla firefox\plugins\logging.dll
2007-06-21 17:39 685,640 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-21 17:40 30,280 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((( snapshot[arroba]2008-07-09_21.04.33.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-09 18:52:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-10 12:42:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-11 14:47 7311360]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-06-10 12:54 286720]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824]
"{C738F3D2-1891-449D-AE67-D1969094F1DF}"= "C:\WINDOWS\system32\yayyVonK.dll" [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.3ivx"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv0"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv1"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3iv2"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"vidc.3ivd"= C:\PROGRA~1\ACEMEG~1\SystemS\3ivx\3IVXVF~1.DLL
"msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
"vidc.mjpg"= C:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\m3jpeg32.dll
"vidc.dmb1"= C:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\m3jpeg32.dll
"vidc.mj2c"= C:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\M3JP2K32.dll
"vidc.tvmj"= C:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\MMTVMJ.dll
"vidc.fljp"= C:\PROGRA~1\ACEMEG~1\SystemS\MORGAN~1\MMTVMJ.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EPSON Background Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\EPSON Background Monitor.lnk
backup=C:\WINDOWS\pss\EPSON Background Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ralink Wireless Utility.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Ralink Wireless Utility.lnk
backup=C:\WINDOWS\pss\Ralink Wireless Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Propriétaire^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Propriétaire^Menu Démarrer^Programmes^Démarrage^DW_Start.lnk]
path=C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
backup=C:\WINDOWS\pss\DW_Start.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Propriétaire^Menu Démarrer^Programmes^Démarrage^PowerReg Scheduler V3.exe]
path=C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler V3.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Propriétaire^Menu Démarrer^Programmes^Démarrage^[AIO] TEXAS HOLDEM POKER PACK (FULL).lnk]
path=C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage\[AIO] TEXAS HOLDEM POKER PACK (FULL).lnk
backup=C:\WINDOWS\pss\[AIO] TEXAS HOLDEM POKER PACK (FULL).lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zxqnt]
C:\Program Files\F?nts\m?hta.exe [?]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-07-25 00:00 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a8a4ac72]
C:\WINDOWS\system32\uggnaqir.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-22 23:24 620152 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
--a------ 2004-12-16 17:49 49152 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTBar]
c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMab979fee]
C:\WINDOWS\system32\jvqtvsed.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-05 12:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G]
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firewall auto setup]
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\winlogon.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intel system tool]
C:\WINDOWS\system32\svehost.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 14:11 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-08-04 09:07 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-11-11 14:47 7311360 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-15 00:43 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
C:\Program Files\Real\RealOne Player\realplay.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2004-04-14 21:43 233472 C:\WINDOWS\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIS2PostReboot]
--a------ 2001-04-27 15:19 212992 C:\Program Files\LEGO MINDSTORMS\RIS 2.0\LaunchRis2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu572.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]
--a------ 2004-05-20 10:47 249856 C:\WINDOWS\system32\Keyhook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]
--a------ 2004-08-04 09:07 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebDriveTray]
C:\Program Files\NetDrive\netdrive.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINREMOTE]
--a------ 2004-06-25 12:47 192512 C:\Program Files\InterVideo\Common\Bin\WinRemote.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winupdates]
C:\Program Files\winupdates\winupdates.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{4A-AC-CD-DD-DW}]
c:\windows\system32\rwwnw64d.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{992496cc-5e32-cd16-0fc5-303c8776d4f7}]
C:\WINDOWS\system32\{914725cf-dca6-3d59-946e-8e3ab8769099}.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{dab77a30-a996-a04d-0fb6-74ba798da9cb}]
C:\WINDOWS\system32\snupiclehwqdfbnz.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-06-29 18:06 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
dxdllreg.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-11-11 14:47 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\backburner\\server.exe"=
"C:\\MBS\\gwrd.exe"=
"C:\\MBS\\disp+work.exe"=
"C:\\MBS\\msg_server.exe"=
"C:\\Program Files\\SAPpc\\sapgui\\sapgui.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Roxio\\Creator Classic 9\\Creator9.exe"=
"C:\\Program Files\\freeBrowser\\freeBrowser\\freeBrowser.exe"=
"C:\\Program Files\\freeBrowser\\vlc\\vlc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Valve\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 c2scsi;c2scsi;C:\WINDOWS\system32\drivers\c2scsi.sys [2006-03-04 14:00]
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-01 21:06]
R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-06-23 21:34]
R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-05-27 19:49]
R3 snpstd2;VideoCAM Look;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-07-28 12:49]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S2 WebDriveFSD;WebDrive File System Driver;C:\Program Files\NetDrive\rffsd.sys []
S3 LTower;LEGO USB Tower Driver;C:\WINDOWS\system32\Drivers\LTower.sys [2001-04-25 17:44]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-07-07 07:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-06-15 08:00:01 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-06-15 09:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-06-15 10:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-06 11:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-06 22:21:02 C:\WINDOWS\Tasks\At145.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-06 23:00:01 C:\WINDOWS\Tasks\At146.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-07 00:00:01 C:\WINDOWS\Tasks\At147.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-07 01:00:01 C:\WINDOWS\Tasks\At148.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-07 02:00:03 C:\WINDOWS\Tasks\At149.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-06 12:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-07 03:00:01 C:\WINDOWS\Tasks\At150.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-07 04:00:01 C:\WINDOWS\Tasks\At151.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-07 05:00:01 C:\WINDOWS\Tasks\At152.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-07 06:00:01 C:\WINDOWS\Tasks\At153.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-07 07:00:01 C:\WINDOWS\Tasks\At154.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-06-15 08:00:06 C:\WINDOWS\Tasks\At155.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-06-15 09:00:01 C:\WINDOWS\Tasks\At156.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-06-15 10:00:02 C:\WINDOWS\Tasks\At157.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-06 11:00:01 C:\WINDOWS\Tasks\At158.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-06 12:00:02 C:\WINDOWS\Tasks\At159.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-06 13:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-06 13:00:03 C:\WINDOWS\Tasks\At160.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-06 14:00:01 C:\WINDOWS\Tasks\At161.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-06 15:00:01 C:\WINDOWS\Tasks\At162.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-06 16:00:06 C:\WINDOWS\Tasks\At163.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-06 17:00:01 C:\WINDOWS\Tasks\At164.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-06 18:00:01 C:\WINDOWS\Tasks\At165.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-06 19:00:01 C:\WINDOWS\Tasks\At166.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-06 20:00:03 C:\WINDOWS\Tasks\At167.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-06 21:00:04 C:\WINDOWS\Tasks\At168.job"
- C:\WINDOWS\system32\5PteOI43.exe
"2008-07-06 22:32:01 C:\WINDOWS\Tasks\At169.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-06 14:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-06 23:00:01 C:\WINDOWS\Tasks\At170.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-07 00:00:01 C:\WINDOWS\Tasks\At171.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-07 01:00:01 C:\WINDOWS\Tasks\At172.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-07 02:00:03 C:\WINDOWS\Tasks\At173.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-07 03:00:01 C:\WINDOWS\Tasks\At174.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-07 04:00:01 C:\WINDOWS\Tasks\At175.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-07 05:00:01 C:\WINDOWS\Tasks\At176.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-07 06:00:01 C:\WINDOWS\Tasks\At177.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-07 07:00:01 C:\WINDOWS\Tasks\At178.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-06 10:25:11 C:\WINDOWS\Tasks\At179.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-06 15:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-06 10:25:11 C:\WINDOWS\Tasks\At180.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-06 10:25:11 C:\WINDOWS\Tasks\At181.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-06 11:00:01 C:\WINDOWS\Tasks\At182.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-06 12:00:02 C:\WINDOWS\Tasks\At183.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-06 13:00:03 C:\WINDOWS\Tasks\At184.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-06 14:00:02 C:\WINDOWS\Tasks\At185.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-06 15:00:01 C:\WINDOWS\Tasks\At186.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-06 16:00:06 C:\WINDOWS\Tasks\At187.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-06 17:00:01 C:\WINDOWS\Tasks\At188.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-06 18:00:01 C:\WINDOWS\Tasks\At189.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-06 16:00:02 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-06 19:00:01 C:\WINDOWS\Tasks\At190.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-06 20:00:03 C:\WINDOWS\Tasks\At191.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-06 21:00:02 C:\WINDOWS\Tasks\At192.job"
- C:\WINDOWS\system32\oi3X8efj.exe
"2008-07-06 23:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-06 17:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-06 18:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-06 19:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-06 20:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-06 21:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-07 00:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-07 01:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-07 02:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-07 03:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-07 04:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-07 05:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2008-07-07 06:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\a58plwpD.exe
"2007-05-15 09:59:58 C:\WINDOWS\Tasks\bghyrd.job"


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:03, on 2008-07-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\hithis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = htt