Not sure if I did right...

Soniaeiou · 26th August 2008

Hi there!

I decide to ask for help before doing anything else. My brother laptop, a Sony Vaio running on Familial XP was working very slow. Very slow. He was also loosing files. A technician came home and he installed Windows Defender and the service pack 3. In the task manager he ereased an event... Evt... EvtEng telling me it was something bad. Then, he runned the last spybot search & destroy, windows defender, avg 8 and Hijackthis.

Spybot found :
Fraud.Antivirus2008
Zlob.Downloader.vcd
FunWeb
FunWebProducts
Microsoft.Windows.Explorer
Microsoft.Windows.System
Microsoft.WindowsSecurityCenter.AntivirusDisableNotify
Microsoft.WindowsSecurityCenter.AntivirusOverride
Microsoft.WindowsSecurityCenter.FirewallDisableNotify
Microsoft.WindowsSecurityCenter.RegistryTools
Microsoft.WindowsSecurityCenter.TaskManager
MyWay.MyWebSearch
MyWebSearch
Smitfraud-C.
Smitfraud-C.bs
Smitfraud-C.MSVPS
SpySheriff
SpywareBOT
Virtumonde

I can’t find his HijackThis log, but I’ve done one:

I can post the log if needed.

AVG 8 found:

Infection / Trojan jorse Sheur.CCXR / c:/System Volume Information/_restore{729F0AAC-4A60-973A-348F2CD9C1CD}/RP5/A0003100.exe

And 2 warnings about tracking coolies (smartadserver and tribalfusion)

Windows defender:
regkey:
1 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\vkquwexg

file:
C:\WINDOWS\system32\drivers\Combo-Fix.sys

2 iemain:
HKCU@S-1-5-21-1806955933-3719695076-2339571084-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page

3 iemain:
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page

4 iesearch:
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant

5 iemain:
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL

6 safeboot:
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PSEXESVC

7 safeboot:
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC

8 file:
C:\Program Files\rhce5tj0elec\license.txt

file:
C:\Program Files\rhce5tj0elec\database.dat

file:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\License Agreement.lnk

9 file:
C:\WINDOWS\system32\drivers\etc\hosts

10 file:
c:\Program Files\rhce5tj0elec\rhce5tj0elec.exe

file:
c:\documents and settings\piero\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk

My brother was once infected by a proxy-relay trojan virus so I wanted to look up further to be sure there was’nt any other trouble that kind...

I run a ComboFix, but forgot to install the XP Recovery Console...

I can post the log too... but this is what I thibk to be more relevant:
(((((((((((((((((((((((((((((((((((( Other deleted ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Piero\Application Data\macromedia\Flash Player\#SharedObjects\MU5HLHFV\interclick.com
C:\Documents and Settings\Piero\Application Data\macromedia\Flash Player\#SharedObjects\MU5HLHFV\interclick.com\ud.sol
C:\Documents and Settings\Piero\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Piero\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Piero\Application Data\rhce5tj0elec
C:\WINDOWS\search_res.txt
C:\WINDOWS\setup.exe
C:\WINDOWS\system32\actskn43.ocx

After, I did install the Recovery Console, so I runned a second ComboFix...

I can post the second Combofix log.

After, I runned a Malwarebyte Anti-Malware, and found:

HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Multimedia/WMPlayer/Schemes/f3pss
HKEY_CURRENT_USER/ControlPanel/Desktop/originalwallpaper (Data: C:/WINDOWS/system32/phca5tj0elec.bmp)
HKEY_CURRENT_USER/ControlPanel/Desktop/wallpaper (Data: C:/WINDOWS/system32/phca5tj0elec.bmp)
HKEY_CURRENT_USER/ControlPanel/Desktop/convertedwallpaper (Data: C:/WINDOWS/system32/phca5tj0elec.bmp)

I runned SuperAntiSpyWare... finding 64 adware.tracking cookies and this:

WinPup (comms.exe) / C:/PROGRAM FILES/BSS AUDIO/SOUNDWEB/COMMS.EXE

WinPup (comms.exe) / C:/SYSTEM VOLUME INFORMATION/_RESTORE{729F0AAC-51C0-4A60-973A-348F2CD9C1CD}-RP14/A0004923.EXE

NotHarmful.Sysinternals Bluescreen Screen Saver / C:/SYSTEM VOLUME INFORMATION/_RESTORE{729F0AAC-51C0-4A60-973A-348F2CD9C1CD}-RP9/A0003713.SCR

Finally:

Statistiques d'analyse
-----------------------------------------------------------------------------
Objets scannés: 1368
Objets infectés: 0
Objets ayant été modifiés: 0
Objets suspects: 0
Adwares détectés: 0
Dialers détectés: 0
Canulars détectés: 0
Riskwares détectés: 0
Hacktools détectés: 0
Désinfecté: 0
Supprimé: 0
Renommé: 0
Déplacé en quarantaine: 0
Ignoré: 0
Vitesse du scan: 440 Kb/s
Durée d'analyse: 00:10:31
-----------------------------------------------------------------------------

=========================================================================== ==
Statistiques totales de la session
=========================================================================== ==
Objets scannés: 1368
Objets infectés: 0
Objets ayant été modifiés: 0
Objets suspects: 0
Adwares détectés: 0
Dialers détectés: 0
Canulars détectés: 0
Riskwares détectés: 0
Hacktools détectés: 0
Désinfecté: 0
Supprimé: 0
Renommé: 0
Déplacé en quarantaine: 0
Ignoré: 0
Vitesse du scan: 440 Kb/s
Durée d'analyse: 00:10:31

Have i done right? The computer still seems slower than it should and I tried my Western Digital MyBook (external hard drive) with the notebook. At first, it worked, but after transfering 4 or 5 folders, I wasn’t able to see what I have in... I tried it on my own laptop, an Acer Aspire 5590 and I stil am not able to look at my files. Actually, it is written “local drive F” on “my computer” and if I click on, they are asking me if I want to format... If i look in properties, they are telling me that all the 500 gb are available...

Can it be a virus or trojan or something else I got from my brother computer?

Very many thanks to the one who’ll be able to answer me and to take time to take a look at my stuff...

Sonia

Soniaeiou · 26th August 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:54:44, on 2008-08-20
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Documents and Settings\Piero\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O8 - Extra context menu item: Transfert par Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E6450C3-31A3-48F6-A56D-6DA91256788F}: NameServer = 192.168.123.254,192.168.123.255
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: __c00415A3 - C:\WINDOWS\system32\__c00415A3.dat (file missing)
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 10571 bytes

Soniaeiou · 26th August 2008

ComboFix 08-08-19.06 - Piero 2008-08-20 21:29:15.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.137 [GMT -4:00]
Endroit: C:\Documents and Settings\Piero\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Piero\Application Data\macromedia\Flash Player\#SharedObjects\MU5HLHFV\interclick.com
C:\Documents and Settings\Piero\Application Data\macromedia\Flash Player\#SharedObjects\MU5HLHFV\interclick.com\ud.sol
C:\Documents and Settings\Piero\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Piero\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Piero\Application Data\rhce5tj0elec
C:\WINDOWS\search_res.txt
C:\WINDOWS\setup.exe
C:\WINDOWS\system32\actskn43.ocx

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_POOF

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-21 to 2008-08-21 ))))))))))))))))))))))))))))))))))))
.

2008-08-20 21:01 . <REP> C:\WINDOWS\LastGood.Tmp
2008-08-19 13:59 . 2008-08-19 14:00 <REP> d-------- C:\Program Files\Windows Defender
2008-08-18 17:31 . 2008-08-18 17:31 <REP> d-------- C:\WINDOWS\system32\fr
2008-08-18 17:31 . 2008-08-18 17:31 <REP> d-------- C:\WINDOWS\system32\bits
2008-08-18 17:31 . 2008-08-18 17:31 <REP> d-------- C:\WINDOWS\l2schemas
2008-08-18 17:25 . 2008-08-18 17:32 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-08-18 17:13 . 2008-08-18 17:13 <REP> d-------- C:\WINDOWS\EHome
2008-08-18 17:02 . 2008-08-19 19:02 <REP> d--h----- C:\$AVG8.VAULT$
2008-08-18 16:57 . 2008-08-20 19:49 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-18 16:57 . 2008-08-18 16:57 <REP> d-------- C:\Documents and Settings\Piero\Application Data\AVGTOOLBAR
2008-08-18 16:57 . 2008-08-18 16:57 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-18 16:57 . 2008-08-18 16:57 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-18 16:57 . 2008-08-18 16:57 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-14 17:14 . 2008-05-01 10:36 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-14 17:13 . 2008-04-11 15:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-05 13:56 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-20 23:52 --------- d-----w C:\Documents and Settings\Piero\Application Data\uTorrent
2008-08-19 23:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-19 19:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-18 20:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-08-07 20:59 --------- d-----w C:\Documents and Settings\Piero\Application Data\LimeWire
2008-08-07 11:45 --------- d-----w C:\Program Files\Apple Software Update
2008-08-07 00:58 --------- d-----w C:\Program Files\iTunes
2008-08-07 00:57 --------- d-----w C:\Program Files\iPod
2008-08-07 00:39 --------- d-----w C:\Program Files\Safari
2008-07-31 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-07-14 21:22 --------- d-----w C:\Program Files\AVG
2008-07-13 21:07 --------- d-----w C:\Program Files\HP
2008-07-13 21:07 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
2008-07-13 21:00 --------- d-----w C:\Program Files\Fichiers communs\HP
2008-07-12 05:39 --------- d-----w C:\Program Files\Bonjour
2008-07-12 05:38 --------- d-----w C:\Program Files\QuickTime
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-30 22:11 --------- d-----w C:\Program Files\Picasa2
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2007-11-28 19:56 720 ----a-w C:\Program Files\capfuebf.txt
2006-12-12 20:24 81,920 ----a-w C:\Documents and Settings\Piero\Application Data\ezpinst.exe
2006-12-12 20:24 47,360 ----a-w C:\Documents and Settings\Piero\Application Data\pcouffin.sys
2006-11-10 00:30 3,394,376 ----a-w C:\Program Files\BFINSTALL.exe
2006-11-09 23:55 7,418,552 ----a-w C:\Program Files\BearShareV6.exe
2006-07-03 22:04 0 ----a-w C:\Documents and Settings\Piero\Application Data\wklnhst.dat
2006-01-16 00:39 36,488,456 -c--a-w C:\Program Files\iTunesSetup.exe
2006-01-15 22:14 7,387,243 -c--a-w C:\Program Files\PlatoVideoConvert.exe
2006-01-13 20:10 3,317,484 -c--a-w C:\Program Files\EasyDVDShrink.exe
2006-01-12 18:21 1,906,352 -c--a-w C:\Program Files\SetupSonyDownloadTaxi.exe
2005-12-22 20:14 46,437,376 -c--a-w C:\Program Files\wireless_9.0.3.0_-_generic_TIC_103503.exe
2004-03-11 18:27 40,960 -c--a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 22:33 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 14:12 32768]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-29 17:33 94208]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-10-03 23:59 401408]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-10-03 23:59 385024]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-09 19:56 6746112]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-18 16:57 1232152]
"WD Button Manager"="WDBtnMgr.exe" [2008-01-06 17:27 364544 C:\WINDOWS\system32\WDBtnMgr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 22:33 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 17:18 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2005-10-03 23:59 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 17:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\WYSIWYG\\Bin\\Wyg.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Icmp Settings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-18 16:57]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 04:47]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-18 16:57]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-18 16:57]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-18 16:57]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 17:26]
R2 RVIEG01;VSC Engine;C:\Program Files\Cakewalk\Shared Dxi\Roland\RVIEg01.sys [2001-04-13 19:16]
R3 L6DP;L6DP;C:\WINDOWS\system32\Drivers\l6dp.sys [2005-12-09 20:07]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 14:45]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-04-05 13:06]
S3 L6TPortA;Service - Line 6 TonePort UX1;C:\WINDOWS\system32\Drivers\L6TPortA.sys [2005-12-09 20:06]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 17:23]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 14:45]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{0329303a-ca9a-11da-b57b-0013ce3da3be}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{e594049d-da95-11dc-861e-0013ce3da3be}]
\Shell\AutoRun\command - F:\Menu.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-08-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-08-20 C:\WINDOWS\Tasks\dfrg.job
- C:\WINDOWS\system32\dfrg.msc [2004-08-05 08:00]

2008-08-21 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-08-19 C:\WINDOWS\Tasks\Nettoyage de disque.job
- C:\WINDOWS\system32\cleanmgr.exe [2008-04-13 22:33]

2008-08-17 C:\WINDOWS\Tasks\WebReg 20080817000925.job
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe [2003-07-07 01:43]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitTorrent - C:\Program Files\BitTorrent\bittorrent.exe
Notify-__c00415A3 - C:\WINDOWS\system32\__c00415A3.dat

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Piero\Application Data\Mozilla\Firefox\Profiles\rpz6oqkt.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.ca/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-20 21:39:34
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-20 21:48:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-21 01:48:37

Pre-Run: 41,645,469,696 octets libres
Post-Run: 41,588,662,272 octets libres

198 --- E O F --- 2008-08-20 21:02:28

Soniaeiou · 26th August 2008

ComboFix 08-08-19.06 - Piero 2008-08-20 22:32:35.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.132 [GMT -4:00]
Endroit: C:\Documents and Settings\Piero\Bureau\Sonia_anti-proxy\ComboFix.exe
Command switches used :: C:\Documents and Settings\Piero\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2008-07-21 to 2008-08-21 ))))))))))))))))))))))))))))))))))))
.

2008-08-19 13:59 . 2008-08-19 14:00 <REP> d-------- C:\Program Files\Windows Defender
2008-08-18 17:31 . 2008-08-18 17:31 <REP> d-------- C:\WINDOWS\system32\fr
2008-08-18 17:31 . 2008-08-18 17:31 <REP> d-------- C:\WINDOWS\system32\bits
2008-08-18 17:31 . 2008-08-18 17:31 <REP> d-------- C:\WINDOWS\l2schemas
2008-08-18 17:25 . 2008-08-18 17:32 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-08-18 17:13 . 2008-08-18 17:13 <REP> d-------- C:\WINDOWS\EHome
2008-08-18 17:02 . 2008-08-19 19:02 <REP> d--h----- C:\$AVG8.VAULT$
2008-08-18 16:57 . 2008-08-20 19:49 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-18 16:57 . 2008-08-18 16:57 <REP> d-------- C:\Documents and Settings\Piero\Application Data\AVGTOOLBAR
2008-08-18 16:57 . 2008-08-18 16:57 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-18 16:57 . 2008-08-18 16:57 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-18 16:57 . 2008-08-18 16:57 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-14 17:14 . 2008-05-01 10:36 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-14 17:13 . 2008-04-11 15:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-05 13:56 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-20 23:52 --------- d-----w C:\Documents and Settings\Piero\Application Data\uTorrent
2008-08-19 23:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-19 19:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-18 20:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-08-07 20:59 --------- d-----w C:\Documents and Settings\Piero\Application Data\LimeWire
2008-08-07 11:45 --------- d-----w C:\Program Files\Apple Software Update
2008-08-07 00:58 --------- d-----w C:\Program Files\iTunes
2008-08-07 00:57 --------- d-----w C:\Program Files\iPod
2008-08-07 00:39 --------- d-----w C:\Program Files\Safari
2008-07-31 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-07-14 21:22 --------- d-----w C:\Program Files\AVG
2008-07-13 21:07 --------- d-----w C:\Program Files\HP
2008-07-13 21:07 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
2008-07-13 21:00 --------- d-----w C:\Program Files\Fichiers communs\HP
2008-07-12 05:39 --------- d-----w C:\Program Files\Bonjour
2008-07-12 05:38 --------- d-----w C:\Program Files\QuickTime
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-30 22:11 --------- d-----w C:\Program Files\Picasa2
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2007-11-28 19:56 720 ----a-w C:\Program Files\capfuebf.txt
2006-12-12 20:24 81,920 ----a-w C:\Documents and Settings\Piero\Application Data\ezpinst.exe
2006-12-12 20:24 47,360 ----a-w C:\Documents and Settings\Piero\Application Data\pcouffin.sys
2006-11-10 00:30 3,394,376 ----a-w C:\Program Files\BFINSTALL.exe
2006-11-09 23:55 7,418,552 ----a-w C:\Program Files\BearShareV6.exe
2006-07-03 22:04 0 ----a-w C:\Documents and Settings\Piero\Application Data\wklnhst.dat
2006-01-16 00:39 36,488,456 -c--a-w C:\Program Files\iTunesSetup.exe
2006-01-15 22:14 7,387,243 -c--a-w C:\Program Files\PlatoVideoConvert.exe
2006-01-13 20:10 3,317,484 -c--a-w C:\Program Files\EasyDVDShrink.exe
2006-01-12 18:21 1,906,352 -c--a-w C:\Program Files\SetupSonyDownloadTaxi.exe
2005-12-22 20:14 46,437,376 -c--a-w C:\Program Files\wireless_9.0.3.0_-_generic_TIC_103503.exe
2004-03-11 18:27 40,960 -c--a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 22:33 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 14:12 32768]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-29 17:33 94208]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-10-03 23:59 401408]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-10-03 23:59 385024]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-09 19:56 6746112]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-18 16:57 1232152]
"WD Button Manager"="WDBtnMgr.exe" [2008-01-06 17:27 364544 C:\WINDOWS\system32\WDBtnMgr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 22:33 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 17:18 443968]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24 237568]
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2008-01-31 21:08:19 151552]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2008-01-31 21:08:13 106496]
WD Backup Monitor.lnk - C:\Program Files\My Book\WD Backup\uBBMonitor.exe [2008-01-06 17:31:02 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2005-10-03 23:59 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 17:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\WYSIWYG\\Bin\\Wyg.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Icmp Settings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-18 16:57]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 04:47]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-18 16:57]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-18 16:57]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-18 16:57]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 17:26]
R2 RVIEG01;VSC Engine;C:\Program Files\Cakewalk\Shared Dxi\Roland\RVIEg01.sys [2001-04-13 19:16]
R3 L6DP;L6DP;C:\WINDOWS\system32\Drivers\l6dp.sys [2005-12-09 20:07]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 14:45]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-04-05 13:06]
S3 L6TPortA;Service - Line 6 TonePort UX1;C:\WINDOWS\system32\Drivers\L6TPortA.sys [2005-12-09 20:06]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 17:23]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 14:45]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{0329303a-ca9a-11da-b57b-0013ce3da3be}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{e594049d-da95-11dc-861e-0013ce3da3be}]
\Shell\AutoRun\command - F:\Menu.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-08-20 C:\WINDOWS\Tasks\dfrg.job
- C:\WINDOWS\system32\dfrg.msc [2004-08-05 08:00]

2008-08-21 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-08-17 C:\WINDOWS\Tasks\WebReg 20080817000925.job
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe [2003-07-07 01:43]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Piero\Application Data\Mozilla\Firefox\Profiles\rpz6oqkt.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.ca/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-20 22:37:16
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-08-20 22:41:53
ComboFix-quarantined-files.txt 2008-08-21 02:41:30

Pre-Run: 41,541,922,816 octets libres
Post-Run: 41,505,845,248 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP ﾐdition familiale" /noexecute=optin /fastdetect /PAE

168 --- E O F --- 2008-08-20 21:02:28

Thanks a lot for trying!!!!!!!!!

**Geri** · 27th August 2008

Hi Soniaeiou
Welcome to Windowsbbs.

Lets get a on line scan.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Please do an online scan with Kaspersky WebScanner

Click on “Accept” If your pop –up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

The program will launch and then begin downloading the latest definition files:
Under Scan on the left side.Click on My Computer
This will start the program and scan your system.
Click the “Scan Report” On the left side.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
Save the text file to your desktop.
Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri

I see you have P2P software ( Limewire, BitTorrent uTorrent etc… ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at Windowsbbs Malware and Virus removal.