Ver la Versión Completa : Avast mensaje sospechoso
medialuna 13/02/08, 15:59:16 Hola ,
Es la segunda vez que escribo, y no tengo respuesta. Por favor necesito su aseroramiento para liberarme de este problema; este es mi scaneo. Ayudenme por favor!!!!!:frown:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:56:15, on 13/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\drivers\STDSB.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\tdtpevshcbpn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\eMule\eMule.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 212.150.54.250 dv-networks.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: InstaFinder_K - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL (file missing)
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DXDllRegExe] C:\WINDOWS\system32\dxdllreg.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [hpcmd] C:\WINDOWS\system32\spool\cmd.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [tdtpevshcbpn] C:\WINDOWS\system32\tdtpevshcbpn.exe
O4 - HKLM\..\Run: [cjknstbnvdk] C:\WINDOWS\system32\cjknstbnvdk.exe
O4 - HKCU\..\Run: [TVAgent WiFi] C:\Program Files\Assistant de connexion WiFi\Wizard\Agent_WiFi.exe
O4 - HKCU\..\Run: [Skype] "C:\APPS\skype\phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\linkprd.exe /res
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120fd.bay120.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Service d'état ASP.NET (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
ElPiedra 14/02/08, 01:34:44 Hola medialuna, te doy la bienvenida al Foro de InfoSpyware.
Paso 1- Descarga, Instala y/o actualiza estos programas: (pero no los ejecutes aun).
ComboFix.exe (http://www.forospyware.com/sUBs/ComboFix.exe)
SUPERAntiSpyware (http://www.infospyware.com/Anti-Spywares.htm)
Paso 2- Con todos los programas cerrados ejecuta el HijackThis y dale "FIX Cheked" a estas entradas:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
O2 - BHO: InstaFinder_K - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL (file missing)
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [hpcmd] C:\WINDOWS\system32\spool\cmd.exe
O4 - HKLM\..\Run: [tdtpevshcbpn] C:\WINDOWS\system32\tdtpevshcbpn.exe
O4 - HKLM\..\Run: [cjknstbnvdk] C:\WINDOWS\system32\cjknstbnvdk.exe
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\linkprd.exe /res
O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
Paso 3- Ejecuta estas herramientas, de a una:
SUPERAntiSpyware
.:cf_icon:. Antes de usar ComboFix....
Desactiva temporalmente el Antivirus y/o Antispyware.
Cierra todas las ventanas abiertas.
Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
Cuando termine, generara un registro en C:\ComboFix.txt.
*Nota* [I]Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
*Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
Pega el reporte de ComboFix.txt en este mismo mensaje.
Paso 4- Descarga CCleaner (http://www.forospyware.com/t105564.html) y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).
Reinicia y nos contas los resultados. junto con el reporte de CF.
Salu2
medialuna 14/02/08, 07:32:31 Mi salvador, el Piedra!!!!!!:biggrin::aplausos:
Mil gracias por ayudarme, he seguido tus indicaciones, al menos internet se abrio normalmente, y hasta el momento no se abre ningun avast mensaje sospechoso. Sabes que tenia mas de 200 infecciones. Si que estaba muy enferma. Espero no haber contagiado a nadie màs!
No te habia dicho que tenia Avast como antivirus, lo he desinstalado. Es que el Superspyware reemplaza muy bien a Avast? debo dejarlo o borrarlo? Qué debo hacer con Combo fix, puedo borrarlo de mi sistema? tendré algun problema? No se si reinstalar Avast, espero tus consejos.
Este es el reporte de Combofix
ComboFix 08-02-14.1 - cécilia 2008-02-14 12:02:48.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.431 [GMT 1:00]
Endroit: C:\Program Files\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\cécilia\Application Data\MessengerSkinner
C:\Documents and Settings\cécilia\Application Data\MessengerSkinner\Userdata\languages_v2.xml
C:\Documents and Settings\cécilia\Application Data\MessengerSkinner\Userdata\pack1.cab
C:\Program Files\instant access
C:\Program Files\instant access\Center\NoCreditCard.upd
C:\Program Files\instant access\Center\sexe69.lnk
C:\Program Files\instant access\Center\sexe69.upd
C:\Program Files\instant access\Center\tray1.ico
C:\Program Files\instant access\DesktopIcons\sexe69.lnk
C:\Program Files\instant access\Multi\20061122161121\Common\module.php
C:\Program Files\instant access\Multi\20061122161121\Common\module.php_0.lo ginvis
C:\Program Files\instant access\Multi\20061122161121\dialerexe.ini
C:\Program Files\instant access\Multi\20061122161121\js\js_api_dialer.php
C:\Program Files\instant access\Multi\20061122161121\medias\button1.jpg
C:\Program Files\instant access\Multi\20061122161121\medias\button2.jpg
C:\Program Files\instant access\Multi\20061122161121\medias\button3.jpg
C:\Program Files\instant access\Multi\20061122161121\medias\button4.jpg
C:\Program Files\instant access\Multi\20061122161121\medias\dialer.ico
C:\WINDOWS\dialerexe.ini
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\drivers\Icon.exe
C:\WINDOWS\system32\nvs2.inf
c:\WINDOWS\system32\tzdfuq.dat
C:\WINDOWS\system32\tzdfuq.exe
C:\WINDOWS\system32\tzdfuq_nav.dat
C:\WINDOWS\system32\tzdfuq_navps.dat
C:\WINDOWS\tmlpcert2007
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-14 to 2008-02-14 ))))))))))))))))))))))))))))))))))))
.
2008-02-14 12:04 . 2008-02-14 12:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-14 12:04 . 2008-02-14 12:04 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-14 08:42 . 2008-02-14 11:59 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-14 08:42 . 2008-02-14 08:42 <REP> d-------- C:\Documents and Settings\cécilia\Application Data\SUPERAntiSpyware.com
2008-02-14 08:42 . 2008-02-14 08:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-14 08:29 . 2008-02-14 08:29 5,914,648 --a------ C:\Program Files\SUPERAntiSpyware.exe
2008-02-14 08:24 . 2008-02-14 08:24 1,597,222 --a------ C:\Program Files\ComboFix.exe
2008-02-14 03:01 . 2008-02-14 03:02 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-02-13 10:54 . 2008-02-13 10:55 22,845,992 --a------ C:\Program Files\AdbeRdr80_fr_FR.exe
2008-02-13 10:54 . 2008-02-13 10:54 867,424 --a------ C:\Program Files\GoogleToolbarInstaller_ADBx_fr_401019_signed .exe
2008-02-13 10:06 . 2008-02-13 10:08 <REP> d-------- C:\Program Files\PhotoFiltre
2008-02-13 10:05 . 2008-02-13 10:06 1,685,156 --a------ C:\Program Files\pf-setup-en.exe
2008-02-12 20:52 . 2008-02-12 20:52 <REP> d-------- C:\Documents and Settings\cécilia\System
2008-02-12 20:52 . 2008-02-12 20:52 <REP> d-------- C:\Documents and Settings\cécilia\System
2008-02-12 20:52 . 2008-02-12 20:59 <REP> d-------- C:\Documents and Settings\cécilia\Application Data\SmartDraw
2008-02-08 07:54 . 2008-02-08 07:54 <REP> d-------- C:\Documents and Settings\cécilia\Application Data\VideoEgg
2008-02-06 06:58 . 2008-02-06 06:58 <REP> d-------- C:\Program Files\Fichiers communs\DAZ
2008-02-05 17:44 . 2008-02-05 17:45 <REP> d-------- C:\Program Files\Windows Live
2008-02-05 17:44 . 2008-02-05 17:44 2,402,832 --a------ C:\Program Files\WLinstaller.exe
2008-02-05 17:41 . 2008-02-05 17:41 <REP> d-------- C:\Program Files\Trend Micro
2008-02-05 08:22 . 2008-02-05 13:26 812,344 --a------ C:\Program Files\scanner.exe
2008-02-02 23:24 . 2008-02-02 23:24 407,680 --a------ C:\Program Files\aswclnrnettoyer.exe
2008-01-31 21:20 . 2008-01-31 15:16 114,688 --a------ C:\WINDOWS\system32\cjknstbnvdk.exe
2008-01-31 21:18 . 2008-01-31 15:16 114,688 --a------ C:\WINDOWS\system32\spacm.exe
2008-01-31 21:17 . 2008-01-31 15:16 114,688 --a------ C:\WINDOWS\system32\tdtpevshcbpn.exe
2008-01-29 07:32 . 2008-01-29 07:32 283,688 --a------ C:\Program Files\EmoticonesAnimaux.exe
2008-01-27 17:52 . 2008-01-27 17:52 283,648 --a------ C:\WINDOWS\system32\rumrix.exe
2008-01-27 09:34 . 2008-01-28 10:51 300,032 --a------ C:\WINDOWS\system32\jenrhl.exe
2008-01-26 23:11 . 2008-01-26 23:11 308,736 --a------ C:\WINDOWS\system32\ifhcstlot.exe
2008-01-25 15:53 . 2008-01-25 15:53 300,032 --a------ C:\WINDOWS\system32\ugkkenhuv.exe
2008-01-24 06:42 . 2008-01-24 06:42 304,640 --a------ C:\WINDOWS\system32\xxwovs.exe
2008-01-23 21:43 . 2008-01-23 21:43 311,808 --a------ C:\WINDOWS\system32\sgfstdeacx.exe
2008-01-23 09:07 . 2008-01-23 09:07 308,224 --a------ C:\WINDOWS\system32\kuropdlci.exe
2008-01-22 18:15 . 2008-01-24 18:11 311,296 --a------ C:\WINDOWS\system32\lyrsed.exe
2008-01-22 12:16 . 2008-01-23 12:59 305,664 --a------ C:\WINDOWS\system32\tpvmwjhqew.exe
2008-01-21 20:38 . 2008-01-22 20:29 294,912 --a------ C:\WINDOWS\system32\dwlohpu.exe
2008-01-21 14:09 . 2008-01-21 14:09 299,008 --a------ C:\WINDOWS\system32\asajhbjtt.exe
2008-01-19 16:35 . 2008-01-19 16:35 312,832 --a------ C:\WINDOWS\system32\ytcjpfw.exe
2008-01-18 22:31 . 2008-01-21 11:31 317,440 --a------ C:\WINDOWS\system32\pwltyg.exe
2008-01-18 18:20 . 2008-01-19 18:17 288,256 --a------ C:\WINDOWS\system32\rqwawsnrue.exe
2008-01-18 09:54 . 2008-01-19 09:27 306,688 --a------ C:\WINDOWS\system32\pjuhuuabe.exe
2008-01-18 07:05 . 2008-01-21 07:54 313,856 --a------ C:\WINDOWS\system32\ktgcug.exe
2008-01-17 19:08 . 2008-01-17 19:26 274,432 --a------ C:\WINDOWS\system32\lfplzj.exe
2008-01-17 16:23 . 2008-01-17 16:23 <REP> d-------- C:\Program Files\Fichiers communs\Sonic
2008-01-17 08:13 . 2008-01-17 08:13 307,712 --a------ C:\WINDOWS\system32\einkuc.exe
2008-01-16 06:32 . 2008-01-16 06:32 293,888 --a------ C:\WINDOWS\system32\vvfsnpymk.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 10:08 --------- d-----w C:\Documents and Settings\cécilia\Application Data\OpenOffice.org2
2008-02-13 13:35 --------- d-----w C:\Documents and Settings\cécilia\Application Data\gtk-2.0
2008-02-13 09:57 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-07 15:14 --------- d-----w C:\Program Files\Sonic
2008-02-07 14:36 --------- d-----w C:\Program Files\SLD Codec Pack
2008-02-05 16:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-02 22:45 644 ----a-w C:\Program Files\aswclnrnettoyer.log
2008-01-29 06:10 --------- d-----w C:\Documents and Settings\cécilia\Application Data\Image Zone Express
2008-01-14 10:54 299,520 ----a-w C:\WINDOWS\system32\sfoujgwel.exe
2008-01-14 07:39 315,904 ----a-w C:\WINDOWS\system32\vdvoka.exe
2008-01-11 18:21 305,152 ----a-w C:\WINDOWS\system32\shdwspiold.exe
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-31 11:04 313,344 -c--a-w C:\WINDOWS\system32\zarksvofx.exe
2007-12-30 13:42 308,736 -c--a-w C:\WINDOWS\system32\ftzhietuqe.exe
2007-12-26 14:16 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2007-12-26 13:33 --------- d-----w C:\Documents and Settings\cécilia\Application Data\Sonic
2007-12-26 13:30 2,338,844 -c--a-w C:\Program Files\SonyDrive_SUM29.exe
2007-12-23 07:58 302,080 -c--a-w C:\WINDOWS\system32\jmpkqj.exe
2007-12-22 19:18 --------- d-----w C:\Program Files\PatternMaker Software
2007-12-22 19:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-22 19:00 --------- d---a-w C:\Program Files\webserver
2007-12-22 17:28 303,616 -c--a-w C:\WINDOWS\system32\ukytkkghfs.exe
2007-12-22 14:08 306,688 -c--a-w C:\WINDOWS\system32\huqyfxq.exe
2007-12-22 08:45 309,248 -c--a-w C:\WINDOWS\system32\lpzgnv.exe
2007-12-21 20:32 297,984 -c--a-w C:\WINDOWS\system32\xtyjuee.exe
2007-12-21 05:42 291,840 -c--a-w C:\WINDOWS\system32\vdceerqqws.exe
2007-12-20 12:34 306,176 -c--a-w C:\WINDOWS\system32\yuuvlnqgl.exe
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-17 08:47 308,224 -c--a-w C:\WINDOWS\system32\iaumysotl.exe
2007-12-14 10:04 293,376 -c--a-w C:\WINDOWS\system32\ormszne.exe
2007-12-13 19:01 284,160 -c--a-w C:\WINDOWS\system32\ltvaqas.exe
2007-12-13 13:51 310,784 -c--a-w C:\WINDOWS\system32\szrdiicfd.exe
2007-12-13 11:14 300,544 -c--a-w C:\WINDOWS\system32\yitplfpjhq.exe
2007-12-13 10:56 293,888 -c--a-w C:\WINDOWS\system32\tzhupfylv.exe
2007-12-13 10:53 304,640 -c--a-w C:\WINDOWS\system32\hlvdd.dll
2007-12-13 05:57 297,472 -c--a-w C:\WINDOWS\system32\shmiyg.exe
2007-12-12 09:16 300,544 -c--a-w C:\WINDOWS\system32\lchyniloj.exe
2007-12-12 02:13 286,208 -c--a-w C:\WINDOWS\system32\eijucu.exe
2007-12-11 06:43 296,960 -c--a-w C:\WINDOWS\system32\zbfuuuw.exe
2007-12-10 16:39 300,544 -c--a-w C:\WINDOWS\system32\tfcthny.exe
2007-12-10 14:43 272,384 -c--a-w C:\WINDOWS\system32\qgstnk.exe
2007-12-09 03:06 17,759,360 -c--a-w C:\Program Files\DivXInstaller.exe
2007-12-09 03:01 290,816 -c--a-w C:\WINDOWS\system32\xldaivdsy.exe
2007-12-09 02:56 25,839,688 -c--a-w C:\Program Files\wmp11-windowsxp-x86-FR-FR.exe
2007-12-08 05:08 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-07 10:22 295,424 -c--a-w C:\WINDOWS\system32\mvkwgi.exe
2007-12-07 08:15 299,520 -c--a-w C:\WINDOWS\system32\yqtyps.exe
2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-12-07 02:08 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-12-07 02:08 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-07 02:08 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-07 02:08 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-07 02:08 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-12-07 02:08 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-07 02:08 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-12-07 02:08 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-12-07 02:08 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-07 02:08 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-12-07 02:08 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-07 02:08 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-12-07 02:08 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-12-07 02:08 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-12-07 02:08 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-12-07 02:08 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-12-07 02:08 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-12-07 02:08 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-12-07 02:08 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-12-07 02:08 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-12-07 02:08 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-12-06 17:19 288,768 -c--a-w C:\WINDOWS\system32\yvewdjp.exe
2007-12-06 11:03 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:02 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-05 21:06 286,208 -c--a-w C:\WINDOWS\system32\xdaeunwut.exe
2007-12-05 20:41 281,600 -c--a-w C:\WINDOWS\system32\xdieweozc.exe
2007-12-04 21:51 287,744 -c--a-w C:\WINDOWS\system32\wiwnjbp.exe
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-12-04 01:33 823,296 -c--a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 01:33 802,816 -c--a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-12-03 05:33 283,648 -c--a-w C:\WINDOWS\system32\suzamw.exe
2007-12-02 13:34 285,696 -c--a-w C:\WINDOWS\system32\ouikbpazv.exe
2007-12-01 22:11 291,840 -c--a-w C:\WINDOWS\system32\nwslzhetc.exe
2007-12-01 11:17 295,936 -c--a-w C:\WINDOWS\system32\xhnejxken.exe
2007-11-30 17:38 301,056 -c--a-w C:\WINDOWS\system32\cuwlveph.exe
2007-11-30 09:28 282,112 -c--a-w C:\WINDOWS\system32\fhqklrqh.exe
2007-11-29 22:30 524,288 -c--a-w C:\WINDOWS\system32\DivXsm.exe
2007-11-29 22:30 3,596,288 -c--a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:30 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-29 22:28 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2007-11-29 12:33 300,544 -c--a-w C:\WINDOWS\system32\seqnko.exe
2007-11-28 21:55 156,992 -c--a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"TVAgent WiFi"="C:\Program Files\Assistant de connexion WiFi\Wizard\Agent_WiFi.exe" [ ]
"Skype"="C:\APPS\skype\phone\Skype.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-11-25 22:46 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 17:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 17:43 688218]
"VTTimer"="VTTimer.exe" [2005-03-08 02:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-09-14 12:47 167936 C:\WINDOWS\system32\VTTrayp.exe]
"STDSB"="C:\WINDOWS\system32\drivers\STDSB.exe" [2003-12-17 15:50 28672]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 17:39 90112 C:\WINDOWS\SOUNDMAN.EXE]
"DXDllRegExe"="C:\WINDOWS\system32\dxdllreg.exe" [ ]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 16:54 127022]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [ ]
"CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2005-10-03 10:23 20480]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2005-11-04 14:05 90112]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-19 08:07 827392]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-07 23:53 286720]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18 241664]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"tdtpevshcbpn"="C:\WINDOWS\system32\tdtpevshcbpn.exe" [2008-01-31 15:16 114688]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
C:\Documents and Settings\c‚cilia\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 17:42:22 61440]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2002-01-09 20:53:14 200704]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-02-05 14:29:20 54512]
R2 MTC0007_STDSB;Scroll Bar Driver;C:\WINDOWS\system32\drivers\STDSB.sys [2005-08-25 14:00]
S2 bfaa2iqc1u;Print Spooler Service;C:\WINDOWS\system32\tdtpevshcbpn.exe [2008-01-31 15:16]
S2 STDSB;STDSB;C:\WINDOWS\system32\DRIVERS\STDSB.sys [2005-08-25 14:00]
S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS []
S3 FontServer;Lectra Font Service;C:\Program Files\Lectra\IManager\bin\fontserver.exe []
S3 LpDaemon;Lectra Print Service;C:\Program Files\Lectra\IManager\bin\lpdaemon.exe []
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2004-07-14 01:52]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
S3 VPDaemon;Lectra VigiPrint Service;C:\Program Files\Lectra\VigiPrint\bin\vpdaemon.exe []
S4 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-10 20:53:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-09-27 15:30:35 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-02-14 10:07:14 C:\WINDOWS\Tasks\SDMsgUpdate (TE).job"
- C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exeW-PTE -V900 -SSDU.ini -A -Mhttp://www.smartdraw.com/msgs/messagecheck.aspx -D0 -T -N -X
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 12:04:35
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
************************************************** ************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
.
Temps d'accomplissement: 2008-02-14 12:06:01
ComboFix-quarantined-files.txt 2008-02-14 11:05:47
.
2008-02-14 02:05:09 --- E O F ---
Saludos, y mil gracias
ElPiedra 14/02/08, 14:53:31 Hola, ComboFix detecto y elimino ya algunos Malwares, pero todavía le quedaron algunas cosas para sacar siguiendo estos pasos:
A) - Abrir el Notepad (Bloc de Notas)
Ir a INICIO > EJECUTAR >
Y ahí pones notepad.exe y ACEPTAR
B) - Ahora copia y pega estos archivos dentro del Notepad
KillAll::
File::
C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\cjknstbnvdk.exe
C:\WINDOWS\system32\spacm.exe
C:\WINDOWS\system32\tdtpevshcbpn.exe
C:\Program Files\EmoticonesAnimaux.exe
C:\WINDOWS\system32\rumrix.exe
C:\WINDOWS\system32\jenrhl.exe
C:\WINDOWS\system32\ifhcstlot.exe
C:\WINDOWS\system32\ugkkenhuv.exe
C:\WINDOWS\system32\xxwovs.exe
C:\WINDOWS\system32\sgfstdeacx.exe
C:\WINDOWS\system32\kuropdlci.exe
C:\WINDOWS\system32\lyrsed.exe
C:\WINDOWS\system32\tpvmwjhqew.exe
C:\WINDOWS\system32\dwlohpu.exe
C:\WINDOWS\system32\asajhbjtt.exe
C:\WINDOWS\system32\ytcjpfw.exe
C:\WINDOWS\system32\pwltyg.exe
C:\WINDOWS\system32\rqwawsnrue.exe
C:\WINDOWS\system32\pjuhuuabe.exe
C:\WINDOWS\system32\ktgcug.exe
C:\WINDOWS\system32\lfplzj.exe
C:\WINDOWS\system32\einkuc.exe
C:\WINDOWS\system32\vvfsnpymk.exe
C:\WINDOWS\system32\vdvoka.exe
C:\WINDOWS\system32\shdwspiold.exe
C:\WINDOWS\system32\zarksvofx.exe
C:\WINDOWS\system32\ftzhietuqe.exe
C:\WINDOWS\system32\jmpkqj.exe
C:\WINDOWS\system32\ukytkkghfs.exe
C:\WINDOWS\system32\huqyfxq.exe
C:\WINDOWS\system32\lpzgnv.exe
C:\WINDOWS\system32\xtyjuee.exe
C:\WINDOWS\system32\vdceerqqws.exe
C:\WINDOWS\system32\yuuvlnqgl.exe
C:\WINDOWS\system32\iaumysotl.exe
C:\WINDOWS\system32\ormszne.exe
C:\WINDOWS\system32\ltvaqas.exe
C:\WINDOWS\system32\szrdiicfd.exe
C:\WINDOWS\system32\yitplfpjhq.exe
C:\WINDOWS\system32\tzhupfylv.exe
C:\WINDOWS\system32\hlvdd.dll
C:\WINDOWS\system32\shmiyg.exe
C:\WINDOWS\system32\lchyniloj.exe
C:\WINDOWS\system32\eijucu.exe
C:\WINDOWS\system32\zbfuuuw.exe
C:\WINDOWS\system32\tfcthny.exe
C:\WINDOWS\system32\qgstnk.exe
C:\WINDOWS\system32\xldaivdsy.exe
C:\WINDOWS\system32\mvkwgi.exe
C:\WINDOWS\system32\yqtyps.exe
C:\WINDOWS\system32\yvewdjp.exe
C:\WINDOWS\system32\xdaeunwut.exe
C:\WINDOWS\system32\xdieweozc.exe
C:\WINDOWS\system32\wiwnjbp.exe
C:\WINDOWS\system32\suzamw.exe
C:\WINDOWS\system32\ouikbpazv.exe
C:\WINDOWS\system32\nwslzhetc.exe
C:\WINDOWS\system32\xhnejxken.exe
C:\WINDOWS\system32\cuwlveph.exe
C:\WINDOWS\system32\fhqklrqh.exe
C:\WINDOWS\system32\seqnko.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"tdtpevshcbpn"=-
C) - Graba este archivo con el nombre CFScript.txt y déjalo en tu escritorio.
D) - Arrastrar y soltar el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra la animación de abajo. Esto activara ComboFix nuevamente.
http://www.forospyware.com/images/adv/CFScript.gif
Reinicia tu PC y nos dejas un el nuevo reporte de ComboFix, comentándonos como esta funcionado todo actualmente?
Salu2
medialuna 15/02/08, 04:36:32 Este es el nuevo reporte. Hay un aviso que me dice que no te pare feu y que tengo que instalar uno; por el resto parece normal
ComboFix 08-02-14.1 - cécilia 2008-02-15 9:23:48.2 - NTFSx86
Endroit: C:\Program Files\ComboFix.exe
Command switches used :: C:\Documents and Settings\cécilia\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
FILE
C:\Program Files\EmoticonesAnimaux.exe
C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\asajhbjtt.exe
C:\WINDOWS\system32\cjknstbnvdk.exe
C:\WINDOWS\system32\cuwlveph.exe
C:\WINDOWS\system32\dwlohpu.exe
C:\WINDOWS\system32\eijucu.exe
C:\WINDOWS\system32\einkuc.exe
C:\WINDOWS\system32\fhqklrqh.exe
C:\WINDOWS\system32\ftzhietuqe.exe
C:\WINDOWS\system32\hlvdd.dll
C:\WINDOWS\system32\huqyfxq.exe
C:\WINDOWS\system32\iaumysotl.exe
C:\WINDOWS\system32\ifhcstlot.exe
C:\WINDOWS\system32\jenrhl.exe
C:\WINDOWS\system32\jmpkqj.exe
C:\WINDOWS\system32\ktgcug.exe
C:\WINDOWS\system32\kuropdlci.exe
C:\WINDOWS\system32\lchyniloj.exe
C:\WINDOWS\system32\lfplzj.exe
C:\WINDOWS\system32\lpzgnv.exe
C:\WINDOWS\system32\ltvaqas.exe
C:\WINDOWS\system32\lyrsed.exe
C:\WINDOWS\system32\mvkwgi.exe
C:\WINDOWS\system32\nwslzhetc.exe
C:\WINDOWS\system32\ormszne.exe
C:\WINDOWS\system32\ouikbpazv.exe
C:\WINDOWS\system32\pjuhuuabe.exe
C:\WINDOWS\system32\pwltyg.exe
C:\WINDOWS\system32\qgstnk.exe
C:\WINDOWS\system32\rqwawsnrue.exe
C:\WINDOWS\system32\rumrix.exe
C:\WINDOWS\system32\seqnko.exe
C:\WINDOWS\system32\sgfstdeacx.exe
C:\WINDOWS\system32\shdwspiold.exe
C:\WINDOWS\system32\shmiyg.exe
C:\WINDOWS\system32\spacm.exe
C:\WINDOWS\system32\suzamw.exe
C:\WINDOWS\system32\szrdiicfd.exe
C:\WINDOWS\system32\tdtpevshcbpn.exe
C:\WINDOWS\system32\tfcthny.exe
C:\WINDOWS\system32\tpvmwjhqew.exe
C:\WINDOWS\system32\tzhupfylv.exe
C:\WINDOWS\system32\ugkkenhuv.exe
C:\WINDOWS\system32\ukytkkghfs.exe
C:\WINDOWS\system32\vdceerqqws.exe
C:\WINDOWS\system32\vdvoka.exe
C:\WINDOWS\system32\vvfsnpymk.exe
C:\WINDOWS\system32\wiwnjbp.exe
C:\WINDOWS\system32\xdaeunwut.exe
C:\WINDOWS\system32\xdieweozc.exe
C:\WINDOWS\system32\xhnejxken.exe
C:\WINDOWS\system32\xldaivdsy.exe
C:\WINDOWS\system32\xtyjuee.exe
C:\WINDOWS\system32\xxwovs.exe
C:\WINDOWS\system32\yitplfpjhq.exe
C:\WINDOWS\system32\yqtyps.exe
C:\WINDOWS\system32\ytcjpfw.exe
C:\WINDOWS\system32\yuuvlnqgl.exe
C:\WINDOWS\system32\yvewdjp.exe
C:\WINDOWS\system32\zarksvofx.exe
C:\WINDOWS\system32\zbfuuuw.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\EmoticonesAnimaux.exe
C:\WINDOWS\system32\asajhbjtt.exe
C:\WINDOWS\system32\cjknstbnvdk.exe
C:\WINDOWS\system32\cuwlveph.exe
C:\WINDOWS\system32\dwlohpu.exe
C:\WINDOWS\system32\eijucu.exe
C:\WINDOWS\system32\einkuc.exe
C:\WINDOWS\system32\fhqklrqh.exe
C:\WINDOWS\system32\ftzhietuqe.exe
C:\WINDOWS\system32\hlvdd.dll
C:\WINDOWS\system32\huqyfxq.exe
C:\WINDOWS\system32\iaumysotl.exe
C:\WINDOWS\system32\ifhcstlot.exe
C:\WINDOWS\system32\jenrhl.exe
C:\WINDOWS\system32\jmpkqj.exe
C:\WINDOWS\system32\ktgcug.exe
C:\WINDOWS\system32\kuropdlci.exe
C:\WINDOWS\system32\lchyniloj.exe
C:\WINDOWS\system32\lfplzj.exe
C:\WINDOWS\system32\lpzgnv.exe
C:\WINDOWS\system32\ltvaqas.exe
C:\WINDOWS\system32\lyrsed.exe
C:\WINDOWS\system32\mvkwgi.exe
C:\WINDOWS\system32\nwslzhetc.exe
C:\WINDOWS\system32\ormszne.exe
C:\WINDOWS\system32\ouikbpazv.exe
C:\WINDOWS\system32\pjuhuuabe.exe
C:\WINDOWS\system32\pwltyg.exe
C:\WINDOWS\system32\qgstnk.exe
C:\WINDOWS\system32\rqwawsnrue.exe
C:\WINDOWS\system32\rumrix.exe
C:\WINDOWS\system32\seqnko.exe
C:\WINDOWS\system32\sgfstdeacx.exe
C:\WINDOWS\system32\shdwspiold.exe
C:\WINDOWS\system32\shmiyg.exe
C:\WINDOWS\system32\spacm.exe
C:\WINDOWS\system32\suzamw.exe
C:\WINDOWS\system32\szrdiicfd.exe
C:\WINDOWS\system32\tdtpevshcbpn.exe
C:\WINDOWS\system32\tfcthny.exe
C:\WINDOWS\system32\tpvmwjhqew.exe
C:\WINDOWS\system32\tzhupfylv.exe
C:\WINDOWS\system32\ugkkenhuv.exe
C:\WINDOWS\system32\ukytkkghfs.exe
C:\WINDOWS\system32\vdceerqqws.exe
C:\WINDOWS\system32\vdvoka.exe
C:\WINDOWS\system32\vvfsnpymk.exe
C:\WINDOWS\system32\wiwnjbp.exe
C:\WINDOWS\system32\xdaeunwut.exe
C:\WINDOWS\system32\xdieweozc.exe
C:\WINDOWS\system32\xhnejxken.exe
C:\WINDOWS\system32\xldaivdsy.exe
C:\WINDOWS\system32\xtyjuee.exe
C:\WINDOWS\system32\xxwovs.exe
C:\WINDOWS\system32\yitplfpjhq.exe
C:\WINDOWS\system32\yqtyps.exe
C:\WINDOWS\system32\ytcjpfw.exe
C:\WINDOWS\system32\yuuvlnqgl.exe
C:\WINDOWS\system32\yvewdjp.exe
C:\WINDOWS\system32\zarksvofx.exe
C:\WINDOWS\system32\zbfuuuw.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-15 to 2008-02-15 ))))))))))))))))))))))))))))))))))))
.
2008-02-15 09:09 . 54,156 C:\WINDOWS\QTFont.qfn
2008-02-15 09:09 . 1,409 C:\WINDOWS\QTFont.for
2008-02-14 12:17 . 2008-02-14 12:17 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-14 08:42 . 2008-02-14 12:20 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-14 08:42 . 2008-02-14 08:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-14 08:29 . 2008-02-14 08:29 5,914,648 --a------ C:\Program Files\SUPERAntiSpyware.exe
2008-02-14 08:24 . 2008-02-14 08:24 1,597,222 --a------ C:\Program Files\ComboFix.exe
2008-02-13 10:54 . 2008-02-13 10:55 22,845,992 --a------ C:\Program Files\AdbeRdr80_fr_FR.exe
2008-02-13 10:54 . 2008-02-13 10:54 867,424 --a------ C:\Program Files\GoogleToolbarInstaller_ADBx_fr_401019_signed .exe
2008-02-13 10:06 . 2008-02-13 10:08 <REP> d-------- C:\Program Files\PhotoFiltre
2008-02-13 10:05 . 2008-02-13 10:06 1,685,156 --a------ C:\Program Files\pf-setup-en.exe
2008-02-06 06:58 . 2008-02-06 06:58 <REP> d-------- C:\Program Files\Fichiers communs\DAZ
2008-02-05 17:44 . 2008-02-05 17:45 <REP> d-------- C:\Program Files\Windows Live
2008-02-05 17:44 . 2008-02-05 17:44 2,402,832 --a------ C:\Program Files\WLinstaller.exe
2008-02-05 17:41 . 2008-02-05 17:41 <REP> d-------- C:\Program Files\Trend Micro
2008-02-05 08:22 . 2008-02-05 13:26 812,344 --a------ C:\Program Files\scanner.exe
2008-02-02 23:24 . 2008-02-02 23:24 407,680 --a------ C:\Program Files\aswclnrnettoyer.exe
2008-01-17 16:23 . 2008-01-17 16:23 <REP> d-------- C:\Program Files\Fichiers communs\Sonic
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 08:09 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-14 17:32 --------- d-----w C:\Program Files\Sonic
2008-02-07 14:36 --------- d-----w C:\Program Files\SLD Codec Pack
2008-02-05 16:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-02 22:45 644 ----a-w C:\Program Files\aswclnrnettoyer.log
2007-12-26 14:16 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2007-12-26 13:30 2,338,844 -c--a-w C:\Program Files\SonyDrive_SUM29.exe
2007-12-22 19:18 --------- d-----w C:\Program Files\PatternMaker Software
2007-12-22 19:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-22 19:00 --------- d---a-w C:\Program Files\webserver
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-09 03:06 17,759,360 -c--a-w C:\Program Files\DivXInstaller.exe
2007-12-09 02:56 25,839,688 -c--a-w C:\Program Files\wmp11-windowsxp-x86-FR-FR.exe
2007-11-28 17:44 3,028,458 -c--a-w C:\Program Files\pmaker_7.exe
2007-11-28 00:36 649,676 -c--a-w C:\Program Files\CutterDemo.zip
2007-11-15 22:20 6,313,288 -c--a-w C:\Program Files\tvpc.exe
2007-11-11 14:48 2,585,031 -c--a-w C:\Program Files\cartefran.exe
2007-11-02 13:29 1,052,120 -c--a-w C:\Program Files\mjpegcodecv3.2.4.zip
2007-11-02 13:26 1,156,096 -c--a-w C:\Program Files\iview410_setup.exe
2007-10-31 23:35 6,652,812 -c--a-w C:\Program Files\sld.codec.pack.2.2.exe
2007-10-17 20:27 2,936,651 -c--a-w C:\Program Files\HKSetup.exe
2007-10-17 18:58 25,982 -c--a-w C:\Program Files\trid_w32.zip
2007-09-24 19:32 2,643,113 -c--a-w C:\Program Files\eMulePlus-1.2c.Installer.exe
2007-07-22 17:30 1,126,968 -c--a-w C:\Program Files\yphotos_setup_fr.exe
2007-07-14 19:27 15,505,200 -c--a-w C:\Program Files\IE7-WindowsXP-x86-enu.exe
2007-07-14 14:41 372,520 -c--a-w C:\Program Files\ymjsetup_24.exe
2007-06-28 13:33 365,464 -c--a-w C:\Program Files\emoticones1_5.exe
2007-05-15 16:10 48,976 -c--a-w C:\Program Files\.imp
2007-05-15 16:10 19,812 -c--a-w C:\Program Files\.cfg
2007-05-14 10:10 545,992 -c--a-w C:\Program Files\sgc10_gtb401019_rdr80_DLM_fr_FR.exe
2007-05-07 17:19 344 -c--a-w C:\Program Files\downloads.txt
2007-05-06 20:13 73,728 -c--a-w C:\Program Files\antiLeech.dll
2007-03-31 16:36 262,032 -c--a-w C:\Program Files\emoticones.exe
2007-02-27 21:18 1,134,172 -c--a-w C:\Program Files\wrar362es.exe
2007-02-22 20:48 13,446,648 -c--a-w C:\Program Files\setupfre.exe
2006-11-19 22:08 3,921,909 -c--a-w C:\Program Files\Tubedownloader10.exe
2006-07-18 16:09 34,178 -c--a-w C:\Program Files\changelog xtreme.txt
2006-07-09 12:52 69,632 -c--a-w C:\Program Files\antiLeech.dll.new
2006-05-25 14:52 162,304 -c--a-w C:\Program Files\unrar.dll
2006-02-11 17:54 2,871,296 -c--a-w C:\Program Files\MediaInfo.dll
2005-06-16 17:55 14,894 -c--a-w C:\Program Files\Template.eMuleSkin.ini
2005-04-27 09:23 11,304,960 -c--a-w C:\Program Files\ProfNote.exe
2005-04-14 16:14 459,040 -c--a-w C:\Program Files\AidePF6.chm
2005-04-14 16:13 167,936 -c--a-w C:\Program Files\Dzip32.dll
2005-04-14 16:13 139,264 -c--a-w C:\Program Files\Dunzip32.dll
2005-04-07 11:59 537,904 -c----w C:\Program Files\NOTE60FR
2004-01-09 15:25 489,984 -c--a-w C:\Program Files\dbghelp.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"TVAgent WiFi"="C:\Program Files\Assistant de connexion WiFi\Wizard\Agent_WiFi.exe" [ ]
"Skype"="C:\APPS\skype\phone\Skype.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-11-25 22:46 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 17:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 17:43 688218]
"VTTimer"="VTTimer.exe" [2005-03-08 02:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-09-14 12:47 167936 C:\WINDOWS\system32\VTTrayp.exe]
"STDSB"="C:\WINDOWS\system32\drivers\STDSB.exe" [2003-12-17 15:50 28672]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 17:39 90112 C:\WINDOWS\SOUNDMAN.EXE]
"DXDllRegExe"="C:\WINDOWS\system32\dxdllreg.exe" [ ]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 16:54 127022]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [ ]
"CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2005-10-03 10:23 20480]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2005-11-04 14:05 90112]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-19 08:07 827392]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-07 23:53 286720]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18 241664]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices]
"tdtpevshcbpn"="C:\WINDOWS\system32\tdtpevshcbpn.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
R2 MTC0007_STDSB;Scroll Bar Driver;C:\WINDOWS\system32\drivers\STDSB.sys [2005-08-25 14:00]
S2 bfaa2iqc1u;Print Spooler Service;C:\WINDOWS\system32\tdtpevshcbpn.exe []
S2 STDSB;STDSB;C:\WINDOWS\system32\DRIVERS\STDSB.sys [2005-08-25 14:00]
S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS []
S3 FontServer;Lectra Font Service;C:\Program Files\Lectra\IManager\bin\fontserver.exe []
S3 LpDaemon;Lectra Print Service;C:\Program Files\Lectra\IManager\bin\lpdaemon.exe []
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2004-07-14 01:52]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
S3 VPDaemon;Lectra VigiPrint Service;C:\Program Files\Lectra\VigiPrint\bin\vpdaemon.exe []
S4 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-10 20:53:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-09-27 15:30:35 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-02-15 08:28:10 C:\WINDOWS\Tasks\SDMsgUpdate (TE).job"
- C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exeW-PTE -V900 -SSDU.ini -A -Mhttp://www.smartdraw.com/msgs/messagecheck.aspx -D0 -T -N -X
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 09:28:29
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slmdmsr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\wscntfy.exe
.
************************************************** ************************
.
Temps d'accomplissement: 2008-02-15 9:31:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-15 08:31:08
ComboFix2.txt 2008-02-14 11:06:02
.
2008-02-14 02:05:09 --- E O F ---
ElPiedra 16/02/08, 19:46:43 Hola, ComboFix ya se encargo de eliminar los archivos de malwares encontrados en tu PC, por lo que tendrías que comentarnos como esta funcionado todo luego de reiniciar ?
Salu2
| |