Solve : VBS:Obfuscated-gen trj problem?

1.	Solve : VBS:Obfuscated-gen trj problem?
Answer» Hello, Today I opened my OPERA browser -which is my main browser-, and all of a sudden avast! said that this trojan (the Obfuscated-gen one) was trying to connect with my computer, and alerted me via a window, asking me if I wanted to stop the connection with the trojan. I ran Malwarebytes and it eliminated two entries from the registry called: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security CENTER\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Then I closed and tried opening Opera again, and again avast! alerted me of the trojan problem. Since I didn't know how to get rid of it, I looked for solutions on the Internet and I found this website. I went through all the steps, and after running CCleaner I can open Opera without problems. Nevertheless, I went through all the steps indicated just in case. Here I have the SuperAntispyware, Malwarebytes and HJT logs. I would like to know if my computer has eliminated the nuisance, and if there are no other trojans nor malware on it? Thank you very much in advance. [attachment deleted by admin]Download the Norton Removal Tool (SymNRT) to your desktop. Once downloaded please close ALL open browsers, also save any work because this may require a restart. * Go to your desktop and double click on the 'Norton_Removal_Tool' and then click Setup. * Once open Click Next * Accept the license agreement and click Next * Type in the letters/numbers that you see into the text box then click Next. * Then click Next and the tool will start running. * Once finished restart the PC. * Delete the 'Norton_Removal_Tool' from your desktop.[/list] ---------- Download DDS from \|HERE\| or \|HERE\| or \|HERE\| and save it to your desktop. Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it) * XP users Double click on dds to run it. * If your antivirus or firewall try to block DDS then please allow it to run. * When finished DDS will open two (2) logs. 1) DDS.txt 2) Attach.txt * Save both logs to your desktop. * Please copy and paste the entire contents of both logs in your next reply. Note: DDS will instruct you to post the Attach.txt log as an attachment. Please just post it as you would any other log by copy and pasting it into the reply.Thank you very much for your speedy answer, here are the two logs created by DDS. By the way, on a sidenote, my DVD drive in the CPU opened by itself some time after posting my problem. Might it be related to the trojan issue, or is it an isolated problem? Here is the DDS log: DDS (Ver_09-06-26.01) - NTFSx86 Run by HP_Administrateur at 22:55:14,93 on 05/07/2009 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1336 [GMT 2:00] AV: avast! antivirus 4.8.1335 [VPS 090705-0] On-access scanning enabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\a-squared Free\a2service.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Wireless 802.11g Monitor\WLService.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\ehome\RMSvc.exe C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\UPHClean\uphclean.exe C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Transcode360\Transcode360Tray.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\HP\KBD\KBD.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\HP Wireless Keyboard\KMaestro.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe c:\windows\system\hpsysdrv.exe C:\WINDOWS\ehome\RMSysTry.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Opera\opera.exe C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode mRun: [RTHDCPL] RTHDCPL.EXE mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe" mRun: [PCDrProfiler] mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run mRun: [EPSON Stylus DX4200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200" mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe mRun: [transcode360] c:\program files\transcode360\Transcode360Tray.exe mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe mRun: [BtcMaestro] "c:\program files\hp wireless keyboard\KMaestro.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" StartupFolder: c:\docume~1\hp_adm~1.nom\menudm~1\progra~1\dmarra~1\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe StartupFolder: c:\docume~1\alluse~1\menudé~1\progra~1\démarr~1\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE StartupFolder: c:\docume~1\alluse~1\menudé~1\progra~1\démarr~1\monite~1.lnk - c:\windows\ehome\RMSysTry.exe StartupFolder: c:\docume~1\alluse~1\menudé~1\progra~1\démarr~1\autoru~1\maximemo.lnk - c:\program files\maximemo\MaxiMemo.exe IE: E&xportar a Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000 IE: Tout télécharger avec Free Download Manager - file://c:\program files\free download manager\dlall.htm IE: Télécharger avec Free Download Manager - file://c:\program files\free download manager\dllink.htm IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\free download manager\dlselected.htm IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\hp_adm~1.nom\applic~1\mozilla\firefox\profiles\5axz8c0l.default\ FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-24 64160] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-9-22 114768] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944] R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2008-9-22 380536] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-9-22 20560] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-9-22 138680] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-29 98304] R2 R54G Wireless Service;R54G Wireless Service;c:\program files\wireless 802.11g monitor\WLService.exe [2009-1-15 49152] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2006-1-2 2829696] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-9-22 254040] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-9-22 352920] R3 rt2571;Wireless 802.11g USB Adapter Driver;c:\windows\system32\drivers\rt2571.sys [2007-2-28 79616] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408] S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2006-1-2 468768] =============== Created Last 30 ================ 2009-07-05 22:41--d-----c:\docume~1\alluse~1\applic~1\NortonInstaller 2009-07-05 18:25--d-----c:\program files\Trend Micro 2009-07-05 18:1273,728a-------c:\windows\system32\javacpl.cpl 2009-07-05 18:10410,984a-------c:\windows\system32\deploytk.dll 2009-07-05 16:13--d-----c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2009-07-05 16:13--d-----c:\program files\SUPERAntiSpyware 2009-07-05 16:13--d-----c:\docume~1\hp_adm~1.nom\applic~1\SUPERAntiSpyware.com 2009-07-05 16:12--d-----c:\program files\fichiers communs\Wise Installation Wizard 2009-07-05 15:58--d-----c:\program files\CCleaner 2009-07-03 13:18244a---h---C:\sqmnoopt07.sqm 2009-07-03 13:18232a---h---C:\sqmdata07.sqm 2009-06-10 00:15--d-----c:\program files\fichiers communs\DivX Shared ==================== Find3M ==================== 2009-06-17 11:2738,160a-------c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 11:2719,096a-------c:\windows\system32\drivers\mbam.sys 2009-06-08 15:0715,688a-------c:\windows\system32\lsdelete.exe 2009-05-07 17:33348,672a-------c:\windows\system32\localspl.dll 2009-05-07 17:33348,672--------c:\windows\system32\dllcache\localspl.dll 2009-04-29 06:343,089,920--------c:\windows\system32\dllcache\mshtml.dll 2009-04-29 06:34670,720a-------c:\windows\system32\wininet.dll 2009-04-29 06:34670,720--------c:\windows\system32\dllcache\wininet.dll 2009-04-29 06:34621,056--------c:\windows\system32\dllcache\urlmon.dll 2009-04-29 06:3481,920a-------c:\windows\system32\ieencode.dll 2009-04-29 06:341,499,648--------c:\windows\system32\dllcache\shdocvw.dll 2009-04-29 06:3481,920--------c:\windows\system32\dllcache\ieencode.dll 2009-04-19 21:501,847,296a-------c:\windows\system32\win32k.sys 2009-04-19 21:501,847,296--------c:\windows\system32\dllcache\win32k.sys 2009-04-18 12:56446,984a-------c:\windows\system32\perfh00C.dat 2009-04-18 12:5664,724a-------c:\windows\system32\perfc00C.dat 2009-04-15 16:53585,216a-------c:\windows\system32\rpcrt4.dll 2009-04-15 16:53585,216--------c:\windows\system32\dllcache\rpcrt4.dll 2009-01-13 14:144,610a-------c:\docume~1\hp_adm~1.nom\applic~1\wklnhst.dat 2009-01-12 13:2786,016a-------c:\documents and settings\hp_administrateur.nom-fb9b15d2723\IDHWTSS1.dll 2008-09-02 20:1236,868a-------c:\documents and settings\hp_administrateur.nom-fb9b15d2723\PrtDLL.dll 2008-07-30 18:00155,280a-------c:\docume~1\hp_adm~1.nom\applic~1\GDIPFONTCACHEV1.DAT 2006-11-04 12:09251a-------c:\program files\wt3d.ini ============= FINISH: 22:56:28,10 =============== Here is the Attach log: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-06-26.01) Microsoft Windows XP Professionnel Boot Device: \Device\HarddiskVolume1 Install Date: 24/07/2008 19:26:21 System Uptime: 07/05/2009 22:44:13 (1416 hours ago) Motherboard: ASUSTek Computer INC. \| \| Basswood Processor: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz \| Socket 775 \| 2133/266mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 179 GiB total, 85,031 GiB free. D: is FIXED (NTFS) - 186 GiB total, 152,933 GiB free. E: is FIXED (FAT32) - 7 GiB total, 0,805 GiB free. F: is CDROM () G: is Removable H: is Removable I: is Removable J: is Removable ==== Disabled Device Manager Items ============= Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Wireless LAN PCI 802.11 b/g adapter WN5301A Device ID: PCI\VEN_168C&DEV_001B&SUBSYS_500111AD&REV_01\4&11B6166B&0&20F0 Manufacturer: Liteon Name: Wireless LAN PCI 802.11 b/g adapter WN5301A PNP Device ID: PCI\VEN_168C&DEV_001B&SUBSYS_500111AD&REV_01\4&11B6166B&0&20F0 Service: WN5301 ==== System Restore Points =================== RP315: 07/04/2009 08:20:46 - Point de vérification système RP316: 08/04/2009 12:40:16 - Point de vérification système RP317: 09/04/2009 03:00:16 - Software Distribution Service 3.0 RP318: 10/04/2009 15:23:28 - Point de vérification système RP319: 11/04/2009 03:00:16 - Software Distribution Service 3.0 RP320: 12/04/2009 04:40:01 - Point de vérification système RP321: 13/04/2009 06:50:27 - Point de vérification système RP322: 14/04/2009 07:20:58 - Point de vérification système RP323: 16/04/2009 00:02:45 - Point de vérification système RP324: 17/04/2009 18:40:44 - Software Distribution Service 3.0 RP325: 18/04/2009 19:19:47 - Point de vérification système RP326: 19/04/2009 03:00:17 - Software Distribution Service 3.0 RP327: 20/04/2009 07:42:56 - Point de vérification système RP328: 21/04/2009 09:01:33 - Point de vérification système RP329: 22/04/2009 09:47:02 - Point de vérification système RP330: 23/04/2009 21:08:55 - Point de vérification système RP331: 25/04/2009 03:00:16 - Software Distribution Service 3.0 RP332: 26/04/2009 03:00:18 - Software Distribution Service 3.0 RP333: 27/04/2009 03:00:16 - Software Distribution Service 3.0 RP334: 28/04/2009 03:00:15 - Software Distribution Service 3.0 RP335: 29/04/2009 06:46:50 - Point de vérification système RP336: 30/04/2009 06:59:15 - Point de vérification système RP337: 01/05/2009 03:00:14 - Software Distribution Service 3.0 RP338: 02/05/2009 05:03:25 - Point de vérification système RP339: 03/05/2009 06:02:39 - Point de vérification système RP340: 04/05/2009 06:45:18 - Point de vérification système RP341: 05/05/2009 07:45:18 - Point de vérification système RP342: 06/05/2009 08:45:18 - Point de vérification système RP343: 07/05/2009 21:34:57 - Point de vérification système RP344: 08/05/2009 03:00:14 - Software Distribution Service 3.0 RP345: 09/05/2009 04:12:23 - Point de vérification système RP346: 10/05/2009 06:53:10 - Point de vérification système RP347: 11/05/2009 07:28:56 - Point de vérification système RP348: 12/05/2009 19:08:31 - Point de vérification système RP349: 13/05/2009 03:00:29 - Software Distribution Service 3.0 RP350: 14/05/2009 05:02:06 - Point de vérification système RP351: 15/05/2009 06:53:19 - Point de vérification système RP352: 16/05/2009 07:16:20 - Point de vérification système RP353: 17/05/2009 07:30:48 - Point de vérification système RP354: 18/05/2009 08:18:39 - Point de vérification système RP355: 19/05/2009 08:21:42 - Point de vérification système RP356: 20/05/2009 03:00:13 - Software Distribution Service 3.0 RP357: 21/05/2009 16:07:28 - Point de vérification système RP358: 22/05/2009 03:00:34 - Software Distribution Service 3.0 RP359: 23/05/2009 07:21:25 - Point de vérification système RP360: 24/05/2009 07:39:56 - Point de vérification système RP361: 26/05/2009 00:21:32 - Point de vérification système RP362: 27/05/2009 03:33:35 - Point de vérification système RP363: 28/05/2009 03:00:18 - Software Distribution Service 3.0 RP364: 29/05/2009 08:39:39 - Point de vérification système RP365: 29/05/2009 20:31:02 - Software Distribution Service 3.0 RP366: 01/06/2009 03:00:19 - Software Distribution Service 3.0 RP367: 03/06/2009 03:01:02 - Software Distribution Service 3.0 RP368: 04/06/2009 16:38:39 - Point de vérification système RP369: 04/06/2009 18:53:25 - Installé QuickTime RP370: 05/06/2009 16:14:59 - Software Distribution Service 3.0 RP371: 07/06/2009 03:00:18 - Software Distribution Service 3.0 RP372: 10/06/2009 00:23:57 - Supprimé QuickTime RP373: 10/06/2009 03:00:15 - Software Distribution Service 3.0 RP374: 11/06/2009 03:00:30 - Software Distribution Service 3.0 RP375: 12/06/2009 03:00:24 - Software Distribution Service 3.0 RP376: 20/06/2009 03:00:28 - Software Distribution Service 3.0 RP377: 22/06/2009 03:00:15 - Software Distribution Service 3.0 RP378: 24/06/2009 03:00:18 - Software Distribution Service 3.0 RP379: 25/06/2009 01:10:44 - Software Distribution Service 3.0 RP380: 26/06/2009 03:00:19 - Software Distribution Service 3.0 RP381: 27/06/2009 03:01:19 - Software Distribution Service 3.0 RP382: 28/06/2009 03:00:21 - Software Distribution Service 3.0 RP383: 29/06/2009 16:21:56 - Software Distribution Service 3.0 RP384: 30/06/2009 01:51:37 - Software Distribution Service 3.0 RP385: 01/07/2009 02:17:02 - Software Distribution Service 3.0 RP386: 01/07/2009 16:22:52 - Software Distribution Service 3.0 RP387: 02/07/2009 03:00:14 - Software Distribution Service 3.0 RP388: 02/07/2009 15:07:59 - Software Distribution Service 3.0 RP389: 03/07/2009 03:02:26 - Software Distribution Service 3.0 RP390: 05/07/2009 03:00:16 - Software Distribution Service 3.0 RP391: 05/07/2009 16:13:45 - Installed SUPERAntiSpyware Free Edition RP392: 05/07/2009 18:10:07 - Installé Java(TM) 6 Update 14 RP393: 05/07/2009 18:11:31 - Supprimé Java(TM) 6 Update 14 RP394: 05/07/2009 18:12:22 - Installé Java(TM) 6 Update 14 ==== Installed Programs ====================== a-squared Free 3.5 Ad-Aware Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Adobe Reader 7.1.0 - Français Adobe Shockwave Player 11 Amélioration de nos services Apple Software Update Archiveur WinRAR Ares Ultra 4.0.0 Assistant de connexion Windows Live AutoUpdate avast! Antivirus BufferChm CCleaner (remove only) Compatibility Pack for the 2007 Office system Connexion Facile à Internet Correctif n°2 pour Windows XP Édition Media Center 2005 Correctif pour Lecteur Windows Media 10 (KB910393) Correctif pour Lecteur Windows Media 11 (KB939683) Correctif pour Windows XP (KB952287) CP_AtenaShokunin1Config CP_CalendarTemplates1 cp_LightScribeConfig cp_OnlineProjectsConfig CP_Package_Basic1 CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 CP_Panorama1Config cp_PosterPrintConfig cp_UpdateProjectsConfig CueTour Destinations DeviceManagementQFolder DivX Codec DivX Converter DivX Player DivX Web Player DVD X Player 4.1 Professional Enhanced Multimedia Keyboard Solution EPSON Attach To Email EPSON Copy Utility 3 EPSON Easy Photo Print EPSON File Manager EPSON Image Clip Palette EPSON Logiciel imprimante EPSON Scan EPSON Scan Assistant EPSON Web-To-Page ESDX4800_4200 Guide util. ffdshow [rev 1723] [2007-12-24] Foxit Reader Free Download Manager 2.5 FullDPAppQFolder Galerie de photos Windows Live GameSpy Comrade GemMaster Mystic Google Earth Google Gmail Notifier Google Toolbar for Internet Explorer Half-Life High Definition Audio - KB888111 HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) HP Boot Optimizer HP DigitalMedia Archive HP DVD Play 2.1 HP Imaging Device Functions 7.0 HP Photosmart for Media Center PC HP Photosmart Premier Software 6.5 HP Update HP Wireless Keyboard Driver V1.8 (2.0.W-127AU MUL) HPPhotoSmartExpress HpSdpAppCoreApp InstantShareDevices Intel(R) Matrix Storage Manager Intel(R) PRO Network Connections Drivers Intel(R) Quick Resume Technology Drivers J2SE Runtime Environment 5.0 Update 6 Java(TM) 6 Update 14 Last.fm 1.5.4.24567 Le logiciel Intel® Viiv™ Lecteur Windows Media11 LightScribe 1.4.105.1 Macromedia Flash Player 8 MainConcept for Software Encoder Malwarebytes' Anti-Malware Media Center Extender Messenger Plus! Live Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Bootvis Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office XP Professional Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Works mIRC Mise à jour critique pour Lecteur Windows Media 11 (KB959772) Mise à jour de sécurité pour Lecteur Windows Media (KB952069) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154) Mise à jour de sécurité pour Step by Step Interactive TRAINING (KB923723) Mise à jour de sécurité pour Windows XP (KB923561) Mise à jour de sécurité pour Windows XP (KB923689) Mise à jour de sécurité pour Windows XP (KB938464) Mise à jour de sécurité pour Windows XP (KB941569) Mise à jour de sécurité pour Windows XP (KB946648) Mise à jour de sécurité pour Windows XP (KB950759) Mise à jour de sécurité pour Windows XP (KB950760) Mise à jour de sécurité pour Windows XP (KB950762) Mise à jour de sécurité pour Windows XP (KB950974) Mise à jour de sécurité pour Windows XP (KB951066) Mise à jour de sécurité pour Windows XP (KB951376-v2) Mise à jour de sécurité pour Windows XP (KB951698) Mise à jour de sécurité pour Windows XP (KB951748) Mise à jour de sécurité pour Windows XP (KB952004) Mise à jour de sécurité pour Windows XP (KB952954) Mise à jour de sécurité pour Windows XP (KB953838) Mise à jour de sécurité pour Windows XP (KB953839) Mise à jour de sécurité pour Windows XP (KB954211) Mise à jour de sécurité pour Windows XP (KB954459) Mise à jour de sécurité pour Windows XP (KB954600) Mise à jour de sécurité pour Windows XP (KB955069) Mise à jour de sécurité pour Windows XP (KB956390) Mise à jour de sécurité pour Windows XP (KB956391) Mise à jour de sécurité pour Windows XP (KB956572) Mise à jour de sécurité pour Windows XP (KB956802) Mise à jour de sécurité pour Windows XP (KB956803) Mise à jour de sécurité pour Windows XP (KB956841) Mise à jour de sécurité pour Windows XP (KB957095) Mise à jour de sécurité pour Windows XP (KB957097) Mise à jour de sécurité pour Windows XP (KB958215) Mise à jour de sécurité pour Windows XP (KB958644) Mise à jour de sécurité pour Windows XP (KB958687) Mise à jour de sécurité pour Windows XP (KB958690) Mise à jour de sécurité pour Windows XP (KB959426) Mise à jour de sécurité pour Windows XP (KB960225) Mise à jour de sécurité pour Windows XP (KB960714) Mise à jour de sécurité pour Windows XP (KB960715) Mise à jour de sécurité pour Windows XP (KB960803) Mise à jour de sécurité pour Windows XP (KB961373) Mise à jour de sécurité pour Windows XP (KB961501) Mise à jour de sécurité pour Windows XP (KB963027) Mise à jour de sécurité pour Windows XP (KB968537) Mise à jour de sécurité pour Windows XP (KB969897) Mise à jour de sécurité pour Windows XP (KB969898) Mise à jour de sécurité pour Windows XP (KB970238) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB942763) Mise à jour pour Windows XP (KB951072-v2) Mise à jour pour Windows XP (KB951978) Mise à jour pour Windows XP (KB955839) Mise à jour pour Windows XP (KB967715) Mozilla Firefox (3.0.11) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) muvee autoProducer 5.0 muvee autoProducer unPlugged 2.0 NVIDIA Drivers Opera 9.64 OptionalContentQFolder Otto PC-Doctor 5 pour Windows PhotoGallery PIF DESIGNER Python 2.2 pywin32 extensions (build 203) Python 2.2.3 RandMap RAR Password Cracker 4.12 RealPlayer Realtek High Definition Audio Driver Rome - Total War(TM) Security Update for CAPICOM (KB931906) Services Internet Sid Meier's Civilization 4 Sid Meier's Civilization 4 - Beyond the Sword Sid Meier's Civilization 4 - Warlords SkinsHP1 SlideShow SlideShowMusic Sonic Express Labeler Sonic MyDVD Plus Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Sonic_PrimoSDK Starcraft SUPERAntiSpyware Free Edition Transcode 360 for Windows Media Center Edition 2005 TVersity Codec Pack 1.2 Unload Unlocker 1.8.7 User Profile Hive Cleanup Service VC80CRTRedist - 8.0.50727.762 Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VobSub v2.23 (Remove Only) WebFldrs XP Winamp Windows Imaging Component Windows Live installer Windows Live Messenger Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player Firefox Plugin Windows XP Media Center Edition 2005 KB905589 Windows XP Media Center Edition 2005 KB925766 Windows XP Service Pack3 Wireless 802.11g USB Adapter Xfire (remove only) ==== End Of File =========================== Download the MBR Rootkit Detector to your desktop. * DOUBLECLICK mbr.exe and follow prompts. * A black DOS window will quickly appear then disappear. * When mbr.exe is finished it will create a log on your desktop. * Copy and paste contents of that log file to your next reply.Here is the requested log: Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK You have too many antispyware applications running. a-squared Ad-Aware PC-Doctor 5 . I suggest uninstalling a-squared and PC-Doctor 5. Use Malwarebytes and SUPERAntiSpyware for on-demand scanning. a-squared is known for false positives and PC-Doctor 5 is not very reliable in my opinion. Also uninstall J2SE Runtime Environment 5.0 Update 6 ---------- Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 Note: It is important that it is saved directly to your Desktop DO NOT run it yet! Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: DDS:: BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Folder:: c:\docume~1\alluse~1\applic~1\NortonInstaller 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze** I'm sorry I've got a question. This step requires me to install ComboFix, isn't it? I must look for it online? Since it doesn't seem to be present in my desktop.Sorry I copied the wrong speech. I edited the above instructions.Here is the log. Was my computer severely contaminated? ComboFix 09-07-05.01 - HP_Administrateur 06/07/2009 3:02.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1447 [GMT 2:00] Lancé depuis: c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\CFScript.txt AV: avast! antivirus 4.8.1335 [VPS 090705-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\alluse~1\applic~1\NortonInstaller c:\docume~1\alluse~1\applic~1\NortonInstaller\Logs\07-05-2009-22h41m25s\SymNRT-07-05-2009-22h41m25s.log c:\docume~1\alluse~1\applic~1\NortonInstaller\Logs\07-05-2009-22h41m25s\SymNRT.1.mft.7z c:\docume~1\alluse~1\applic~1\NortonInstaller\Settings\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}.7z c:\docume~1\HP_ADM~1.NOM\LOCALS~1\Temp\tmp1.tmp c:\docume~1\HP_ADM~1.NOM\LOCALS~1\Temp\tmp2.tmp C:\Documents c:\program files\messenger\msmsgs.exe c:\recycler\NPROTECT c:\recycler\S-1-5-21-25602794-1062246565-3331014846-1007 c:\recycler\S-1-5-21-2631055522-4284232903-2707980172-1007 c:\recycler\S-1-5-21-2631055522-4284232903-2707980172-500 c:\recycler\S-1-5-21-3208901557-1489751670-1171760114-1007 c:\recycler\S-1-5-21-4147084904-3235195045-2169894318-1007 c:\windows\desktop c:\windows\desktop\IRcap.lnk c:\windows\Installer\101420.msi c:\windows\Installer\122fe5.msi c:\windows\Installer\122fe9.msi c:\windows\Installer\122ff0.msi c:\windows\Installer\1291ec4.msi c:\windows\Installer\1345b1e.msp c:\windows\Installer\1345b23.msi c:\windows\Installer\14174e0.msp c:\windows\Installer\14f79ca.msi c:\windows\Installer\1752119.msi c:\windows\Installer\17ec23d.msi c:\windows\Installer\180998d.msp c:\windows\Installer\1c14a14.msi c:\windows\Installer\1f712d.msi c:\windows\Installer\1f8515e.msi c:\windows\Installer\207722e.msp c:\windows\Installer\20a41e.msi c:\windows\Installer\23c2e86.msi c:\windows\Installer\2a05f8.msi c:\windows\Installer\2a05ff.msi c:\windows\Installer\2a0628.msi c:\windows\Installer\2a0634.msi c:\windows\Installer\2bd3ee9.msi c:\windows\Installer\2cbdc55.msi c:\windows\Installer\2d751ee.msi c:\windows\Installer\2e1d7f7.msi c:\windows\Installer\2e24c2c.msi c:\windows\Installer\2f6d251.msi c:\windows\Installer\2f6d253.msi c:\windows\Installer\3037834.msp c:\windows\Installer\343cf.msi c:\windows\Installer\378191e.msi c:\windows\Installer\378195e.msi c:\windows\Installer\3781978.msp c:\windows\Installer\378197f.msi c:\windows\Installer\378198a.msp c:\windows\Installer\3b768cc.msi c:\windows\Installer\3ddbb2b.msi c:\windows\Installer\3ebcb1.msi c:\windows\Installer\434684.msi c:\windows\Installer\472fd7.msi c:\windows\Installer\4ad34da.msi c:\windows\Installer\4ad34db.msp c:\windows\Installer\4ad34dc.msp c:\windows\Installer\4ad34dd.msp c:\windows\Installer\4ad34de.msp c:\windows\Installer\4ad34df.msp c:\windows\Installer\4ad34e0.msp c:\windows\Installer\4ad34e1.msp c:\windows\Installer\4ad34e2.msp c:\windows\Installer\4ad34e3.msp c:\windows\Installer\571a62e.msi c:\windows\Installer\6696d.msi c:\windows\Installer\6697a.msi c:\windows\Installer\683998a.msi c:\windows\Installer\69b5f9b.msi c:\windows\Installer\6d641a.msi c:\windows\Installer\7378d2d.msi c:\windows\Installer\783269.msi c:\windows\Installer\798d75e.msp c:\windows\Installer\7e837.msi c:\windows\Installer\800b1.msp c:\windows\Installer\864935.msi c:\windows\Installer\8a950.msi c:\windows\Installer\8a955.msi c:\windows\Installer\911a0e1.msi c:\windows\Installer\911a0e9.msi c:\windows\Installer\93bd6d.msi c:\windows\Installer\9ff10.msi c:\windows\Installer\a73455.msi c:\windows\Installer\c69b55.msi c:\windows\Installer\d333d3.msi c:\windows\Installer\e13c5.msi c:\windows\Installer\e795b7b.msp c:\windows\Installer\f1698c.msi c:\windows\Installer\f2b19a.msi c:\windows\Installer\fc34f.msi c:\windows\Installer\fc35f.msi c:\windows\Installer\fc374.msi c:\windows\Installer\fc37c.msi c:\windows\Installer\fc38d.msi c:\windows\kb913800.exe E:\Autorun.inf . ((((((((((((((((((((((((((((( Fichiers créés du 2009-06-06 au 2009-07-06 )))))))))))))))))))))))))))))))))))) . 2009-07-05 16:25 . 2009-07-05 16:28--------d-----w-c:\program files\Trend Micro 2009-07-05 16:10 . 2009-07-05 16:12410984----a-w-c:\windows\system32\deploytk.dll 2009-07-05 14:14 . 2009-07-05 15:52117760----a-w-c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-07-05 14:13 . 2009-07-05 14:13--------d-----w-c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-07-05 14:13 . 2009-07-05 14:13--------d-----w-c:\program files\SUPERAntiSpyware 2009-07-05 14:13 . 2009-07-05 14:13--------d-----w-c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\SUPERAntiSpyware.com 2009-07-05 14:12 . 2009-07-05 14:12--------d-----w-c:\program files\Fichiers communs\Wise Installation Wizard 2009-07-05 13:58 . 2009-07-05 13:58--------d-----w-c:\program files\CCleaner 2009-07-05 12:27 . 2009-07-05 12:273561743----a-w-c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-06-22 20:48 . 2009-06-22 20:48--------d-----w-c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2009-06-22 13:19 . 2009-07-02 23:30314712----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe 2009-06-22 13:19 . 2009-07-02 23:3025440----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\savapibridge.dll 2009-06-22 13:19 . 2009-07-02 23:30169312----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll 2009-06-22 13:18 . 2009-07-02 23:30348496----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll 2009-06-22 13:18 . 2009-07-02 23:30298336----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\UpdateManager.dll 2009-06-22 13:18 . 2009-07-02 23:301630560----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll 2009-06-22 13:17 . 2009-07-02 23:3085352----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\AAWDriverTool.exe 2009-06-22 13:17 . 2009-07-02 23:30664424----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll 2009-06-22 13:17 . 2009-07-02 23:30563064----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe 2009-06-22 13:16 . 2009-07-02 23:30566632----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe 2009-06-22 13:16 . 2009-06-29 14:112352968----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe 2009-06-22 13:14 . 2009-06-29 14:10629072----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWWSC.exe 2009-06-22 13:14 . 2009-07-02 23:30520024----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe 2009-06-22 13:14 . 2009-07-02 23:301029456----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe 2009-06-09 22:15 . 2009-06-09 22:15--------d-----w-c:\program files\Fichiers communs\DivX Shared 2009-06-09 22:15 . 2009-06-09 22:15--------d-----w-c:\documents and settings\LocalService\Local Settings\Application Data\Google 2009-06-08 13:07 . 2009-06-08 13:0715688----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe 2009-06-08 13:07 . 2009-07-02 23:3084832----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\ShellExt.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-06 01:21 . 2008-07-24 19:42--------d-----w-c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\OpenOffice.org2 2009-07-06 01:18 . 2008-07-27 23:59--------d-----w-c:\program files\Transcode360 2009-07-06 00:38 . 2006-01-02 20:13--------d-----w-c:\program files\Java 2009-07-05 20:42 . 2006-01-02 20:57--------d-----w-c:\program files\Fichiers communs\Symantec Shared 2009-07-05 14:03 . 2008-07-24 22:50--------d-----w-c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Azureus 2009-07-05 12:28 . 2008-12-30 02:14--------d-----w-c:\program files\Malwarebytes' Anti-Malware 2009-07-02 23:30 . 2009-06-01 13:24246128----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll 2009-07-02 23:30 . 2009-06-01 13:2440288----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll 2009-06-17 09:27 . 2008-12-30 02:1438160----a-w-c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 09:27 . 2008-12-30 02:1419096----a-w-c:\windows\system32\drivers\mbam.sys 2009-06-11 15:37 . 2008-07-26 21:33--------d-----w-c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Free Download Manager 2009-06-09 22:24 . 2006-09-08 21:18--------d-----w-c:\documents and settings\All Users\Application Data\Apple Computer 2009-06-09 22:17 . 2006-01-02 20:41--------d-----w-c:\program files\DivX 2009-06-09 22:16 . 2006-01-02 20:52--------d-----w-c:\program files\Google 2009-06-08 13:07 . 2009-01-24 19:1315688----a-w-c:\windows\system32\lsdelete.exe 2009-06-04 16:53 . 2009-06-04 16:53--------d-----w-c:\program files\Apple Software Update 2009-06-04 16:53 . 2009-06-04 16:53--------d-----w-c:\documents and settings\All Users\Application Data\Apple 2009-06-02 12:16 . 2009-06-02 12:16--------d-----w-c:\program files\HP Wireless Keyboard 2009-05-31 23:04 . 2008-08-04 18:23--------d-----w-c:\program files\Azureus Games 2009-05-31 15:28 . 2009-05-31 15:28--------d-----w-c:\program files\Western Digital 2009-05-26 18:29 . 2008-10-28 11:59265----a-w-c:\windows\system32\qwavecache.dat 2009-05-07 15:33 . 2004-08-10 11:00348672----a-w-c:\windows\system32\localspl.dll 2009-04-29 04:34 . 2004-08-10 11:00670720----a-w-c:\windows\system32\wininet.dll 2009-04-29 04:34 . 2004-08-10 11:0081920----a-w-c:\windows\system32\ieencode.dll 2009-04-25 17:05 . 2009-04-25 17:0564160----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys 2009-04-25 17:05 . 2009-01-24 18:0564160----a-w-c:\windows\system32\drivers\Lbd.sys 2009-04-19 19:50 . 2004-08-10 11:001847296----a-w-c:\windows\system32\win32k.sys 2009-04-18 10:56 . 2005-10-10 11:3964724----a-w-c:\windows\system32\perfc00C.dat 2009-04-18 10:56 . 2005-10-10 11:39446984----a-w-c:\windows\system32\perfh00C.dat 2009-04-15 14:53 . 2004-08-10 11:00585216----a-w-c:\windows\system32\rpcrt4.dll 2006-11-04 10:09 . 2006-11-04 10:09251----a-w-c:\program files\wt3d.ini 2009-05-01 21:02 . 2009-05-01 21:021044480----a-w-c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02200704----a-w-c:\program files\mozilla firefox\plugins\ssldivx.dll 2009-05-01 21:02 . 2009-05-01 21:021044480----a-w-c:\program files\opera\program\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02200704----a-w-c:\program files\opera\program\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . Note les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-28 7573504] "DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856] "EPSON Stylus DX4200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE" [2005-03-08 98304] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "Transcode360"="c:\program files\Transcode360\Transcode360Tray.exe" [2006-05-02 192512] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-02 520024] "BtcMaestro"="c:\program files\HP Wireless Keyboard\KMaestro.exe" [2005-06-13 278528] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-05 148888] "ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-14 16239616] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-04-28 1519616] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-1-2 27136] PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-1-2 27136] c:\documents and settings\MCX1\Menu D‚marrer\Programmes\D‚marrage\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-1-2 27136] PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-1-2 27136] c:\documents and settings\MCX2\Menu D‚marrer\Programmes\D‚marrage\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-1-2 27136] PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-1-2 27136] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-1-2 27136] PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-1-2 27136] c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Moniteur de ressources Extender.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\AutorunsDisabled MaxiMemo.lnk - c:\program files\MaxiMemo\MaxiMemo.exe [2008-1-19 828928] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-1-2 27136] PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-1-2 27136] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 10:05356352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.sys [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"= "c:\\mIRC\\mirc.exe"= "c:\\Program Files\\Transcode360\\Transcode360Tray.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\Ares Ultra\\Ares Ultra.exe"= "c:\\Program Files\\Valve\\Half-Life\\hl.exe"= "d:\\Games\\Unreal Tournament\\System\\UnrealTournament.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3776:UDP"= 3776:UDP:Service de Media Center Extender "3390:TCP"= 3390:TCP:Services Media Center à distance R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [24/01/2009 20:05 64160] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22/09/2008 17:22 114768] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/06/2009 11:01 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/06/2009 11:01 72944] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22/09/2008 17:22 20560] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456] R2 R54G Wireless Service;R54G Wireless Service;c:\program files\Wireless 802.11g Monitor\WLService.exe [15/01/2009 12:21 49152] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [02/01/2006 22:28 2829696] R3 rt2571;Wireless 802.11g USB Adapter Driver;c:\windows\system32\drivers\rt2571.sys [28/02/2007 22:41 79616] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/06/2009 11:01 7408] S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [02/01/2006 22:28 468768] --- Autres Services/Pilotes en mémoire --- NewlyCreated - GTNDIS5 Deregistered - uphcleanhlp [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] QWAVEREG_MULTI_SZ QWAVE . Contenu du dossier 'Tâches planifiées' 2009-06-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 23:30] 2009-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-07-05 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20] . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-PCDrProfiler - (no file) . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm FF - ProfilePath - c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Mozilla\Firefox\Profiles\5axz8c0l.default\ FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-06 03:15 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ********************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(992) c:\program files\SUPERAntiSpyware\SASWINLO.dll - - - - - - - > 'explorer.exe'(3328) c:\windows\system32\nview.dll c:\windows\system32\NVWRSFR.DLL c:\program files\HP Wireless Keyboard\HidKeybd.dll c:\windows\system32\eappprxy.dll c:\windows\system32\nvwddi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\program files\Fichiers communs\LightScribe\LSSrvc.exe c:\windows\system32\nvsvc32.exe c:\windows\ehome\RMSvc.exe c:\program files\Wireless 802.11g Monitor\WLanCfgG.exe c:\program files\UPHClean\uphclean.exe c:\windows\ehome\McrdSvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\rundll32.exe c:\windows\system\hpsysdrv.exe c:\program files\OpenOffice.org 2.4\program\soffice.exe c:\program files\OpenOffice.org 2.4\program\soffice.bin . ********************************************************************** . Heure de fin: 2009-07-06 3:33 - La machine a redémarré ComboFix-quarantined-files.txt 2009-07-06 01:33 Avant-CF: 91259133952 octets libres Après-CF: 95215472640 octets libres 359--- E O F ---2009-07-06 01:00 Quote from: TMNT on July 05, 2009, 07:36:23 PM Was my computer severely contaminated? Yes and I'm not sure it's all gone yet. Go to Start > Run and type notepad.exe then click OK Copy and paste the below into Notepad and save as fixme.reg to Your Desktop Code: [Select]REGEDIT4 [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry. Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work.** Delete the fixme.reg from the Desktop. ---------- * Click START then RUN * Now type Combofix /u in the runbox * Make sure there's a space between Combofix and /u * Then hit Enter * The above procedure will: * Delete the following: * ComboFix and its associated files and folders. * Reset the CLOCK settings. * Hide file extensions, if required. * Hide System/Hidden files, if required. * Set a new, clean Restore Point. ---------- Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ---------- Use the Kaspersky Lab Online Scanner In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator. Click on SCAN NOW Click Accept. The program will then begin downloading the latest definition files. Once the files have been downloaded locate the Scan Settings and have it scan My Computer. The scan will take a while, so be patient and let it finish. When the scan is done, in the Scan is complete window, any infection is displayed. There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As Next, in the Save as prompt, Save in area, select: Desktop. In the File name area use KScan, or something similar. In Save as type: click the drop arrow and select: *Text file [.txt] Then, click: Save Copy and paste the Kaspersky Online Scanner Report in your next reply. Note for Internet Explorer 7 and 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%. If needed, this animation will guide you through the process.Does this mean I should change important passwords just in case? fixme.reg was succesfully added to the registry. Here is the requested log: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Monday, July 6, 2009 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Monday, July 06, 2009 03:33:55 Records in database: 2430652 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ Scan statistics: Files scanned: 166837 Threat name: 1 Infected objects: 2 Suspicious objects: 0 Duration of the scan: 02:25:17 File name / Threat name / Threats count C:\mIRC\mirc.exeInfected: not-a-virus:Client-IRC.Win32.mIRC.6031 C:\Program Files\mIRC\mirc.exeInfected: not-a-virus:Client-IRC.Win32.mIRC.6031 The selected area was scanned. Quote Does this mean I should change important passwords just in case? It's always a good idea to do that now and then. You use mIRC so those are false positives. Use the Secunia Software Inspector to check for out of date software. Click Start Now Check the box next to Enable thorough system inspection. Click Start** Allow the scan to finish and scroll down to see if any updates are needed. Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. Thank you very much evilfantasy for your valuable help!

Answer»

Hello,

Today I opened my OPERA browser -which is my main browser-, and all of a sudden avast! said that this trojan (the Obfuscated-gen one) was trying to connect with my computer, and alerted me via a window, asking me if I wanted to stop the connection with the trojan. I ran Malwarebytes and it eliminated two entries from the registry called: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security CENTER\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Then I closed and tried opening Opera again, and again avast! alerted me of the trojan problem. Since I didn't know how to get rid of it, I looked for solutions on the Internet and I found this website. I went through all the steps, and after running CCleaner I can open Opera without problems. Nevertheless, I went through all the steps indicated just in case. Here I have the SuperAntispyware, Malwarebytes and HJT logs. I would like to know if my computer has eliminated the nuisance, and if there are no other trojans nor malware on it?

Thank you very much in advance.

[attachment deleted by admin]Download the Norton Removal Tool (SymNRT) to your desktop.

Once downloaded please close ALL open browsers, also save any work because this may require a restart.

* Go to your desktop and double click on the 'Norton_Removal_Tool' and then click Setup.
* Once open Click Next
* Accept the license agreement and click Next
* Type in the letters/numbers that you see into the text box then click Next.
* Then click Next and the tool will start running.
* Once finished restart the PC.
* Delete the 'Norton_Removal_Tool' from your desktop.[/list]

----------

Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.Thank you very much for your speedy answer, here are the two logs created by DDS. By the way, on a sidenote, my DVD drive in the CPU opened by itself some time after posting my problem. Might it be related to the trojan issue, or is it an isolated problem?

Here is the DDS log:

DDS (Ver_09-06-26.01) - NTFSx86
Run by HP_Administrateur at 22:55:14,93 on 05/07/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1336 [GMT 2:00]

AV: avast! antivirus 4.8.1335 [VPS 090705-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Wireless 802.11g Monitor\WLService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Transcode360\Transcode360Tray.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\HP Wireless Keyboard\KMaestro.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [EPSON Stylus DX4200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [transcode360] c:\program files\transcode360\Transcode360Tray.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [BtcMaestro] "c:\program files\hp wireless keyboard\KMaestro.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\hp_adm~1.nom\menudm~1\progra~1\dmarra~1\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\menudé~1\progra~1\démarr~1\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\menudé~1\progra~1\démarr~1\monite~1.lnk - c:\windows\ehome\RMSysTry.exe
StartupFolder: c:\docume~1\alluse~1\menudé~1\progra~1\démarr~1\autoru~1\maximemo.lnk - c:\program files\maximemo\MaxiMemo.exe
IE: E&xportar a Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Tout télécharger avec Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1.nom\applic~1\mozilla\firefox\profiles\5axz8c0l.default\
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-24 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-9-22 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2008-9-22 380536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-9-22 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-9-22 138680]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-29 98304]
R2 R54G Wireless Service;R54G Wireless Service;c:\program files\wireless 802.11g monitor\WLService.exe [2009-1-15 49152]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2006-1-2 2829696]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-9-22 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-9-22 352920]
R3 rt2571;Wireless 802.11g USB Adapter Driver;c:\windows\system32\drivers\rt2571.sys [2007-2-28 79616]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2006-1-2 468768]

=============== Created Last 30 ================

2009-07-05 22:41--d-----c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-07-05 18:25--d-----c:\program files\Trend Micro
2009-07-05 18:1273,728a-------c:\windows\system32\javacpl.cpl
2009-07-05 18:10410,984a-------c:\windows\system32\deploytk.dll
2009-07-05 16:13--d-----c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-05 16:13--d-----c:\program files\SUPERAntiSpyware
2009-07-05 16:13--d-----c:\docume~1\hp_adm~1.nom\applic~1\SUPERAntiSpyware.com
2009-07-05 16:12--d-----c:\program files\fichiers communs\Wise Installation Wizard
2009-07-05 15:58--d-----c:\program files\CCleaner
2009-07-03 13:18244a---h---C:\sqmnoopt07.sqm
2009-07-03 13:18232a---h---C:\sqmdata07.sqm
2009-06-10 00:15--d-----c:\program files\fichiers communs\DivX Shared

==================== Find3M ====================

2009-06-17 11:2738,160a-------c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:2719,096a-------c:\windows\system32\drivers\mbam.sys
2009-06-08 15:0715,688a-------c:\windows\system32\lsdelete.exe
2009-05-07 17:33348,672a-------c:\windows\system32\localspl.dll
2009-05-07 17:33348,672--------c:\windows\system32\dllcache\localspl.dll
2009-04-29 06:343,089,920--------c:\windows\system32\dllcache\mshtml.dll
2009-04-29 06:34670,720a-------c:\windows\system32\wininet.dll
2009-04-29 06:34670,720--------c:\windows\system32\dllcache\wininet.dll
2009-04-29 06:34621,056--------c:\windows\system32\dllcache\urlmon.dll
2009-04-29 06:3481,920a-------c:\windows\system32\ieencode.dll
2009-04-29 06:341,499,648--------c:\windows\system32\dllcache\shdocvw.dll
2009-04-29 06:3481,920--------c:\windows\system32\dllcache\ieencode.dll
2009-04-19 21:501,847,296a-------c:\windows\system32\win32k.sys
2009-04-19 21:501,847,296--------c:\windows\system32\dllcache\win32k.sys
2009-04-18 12:56446,984a-------c:\windows\system32\perfh00C.dat
2009-04-18 12:5664,724a-------c:\windows\system32\perfc00C.dat
2009-04-15 16:53585,216a-------c:\windows\system32\rpcrt4.dll
2009-04-15 16:53585,216--------c:\windows\system32\dllcache\rpcrt4.dll
2009-01-13 14:144,610a-------c:\docume~1\hp_adm~1.nom\applic~1\wklnhst.dat
2009-01-12 13:2786,016a-------c:\documents and settings\hp_administrateur.nom-fb9b15d2723\IDHWTSS1.dll
2008-09-02 20:1236,868a-------c:\documents and settings\hp_administrateur.nom-fb9b15d2723\PrtDLL.dll
2008-07-30 18:00155,280a-------c:\docume~1\hp_adm~1.nom\applic~1\GDIPFONTCACHEV1.DAT
2006-11-04 12:09251a-------c:\program files\wt3d.ini

============= FINISH: 22:56:28,10 ===============

Here is the Attach log:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professionnel
Boot Device: \Device\HarddiskVolume1
Install Date: 24/07/2008 19:26:21
System Uptime: 07/05/2009 22:44:13 (1416 hours ago)

Motherboard: ASUSTek Computer INC. | | Basswood
Processor: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz | Socket 775 | 2133/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 179 GiB total, 85,031 GiB free.
D: is FIXED (NTFS) - 186 GiB total, 152,933 GiB free.
E: is FIXED (FAT32) - 7 GiB total, 0,805 GiB free.
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Wireless LAN PCI 802.11 b/g adapter WN5301A
Device ID: PCI\VEN_168C&DEV_001B&SUBSYS_500111AD&REV_01\4&11B6166B&0&20F0
Manufacturer: Liteon
Name: Wireless LAN PCI 802.11 b/g adapter WN5301A
PNP Device ID: PCI\VEN_168C&DEV_001B&SUBSYS_500111AD&REV_01\4&11B6166B&0&20F0
Service: WN5301

==== System Restore Points ===================

RP315: 07/04/2009 08:20:46 - Point de vérification système
RP316: 08/04/2009 12:40:16 - Point de vérification système
RP317: 09/04/2009 03:00:16 - Software Distribution Service 3.0
RP318: 10/04/2009 15:23:28 - Point de vérification système
RP319: 11/04/2009 03:00:16 - Software Distribution Service 3.0
RP320: 12/04/2009 04:40:01 - Point de vérification système
RP321: 13/04/2009 06:50:27 - Point de vérification système
RP322: 14/04/2009 07:20:58 - Point de vérification système
RP323: 16/04/2009 00:02:45 - Point de vérification système
RP324: 17/04/2009 18:40:44 - Software Distribution Service 3.0
RP325: 18/04/2009 19:19:47 - Point de vérification système
RP326: 19/04/2009 03:00:17 - Software Distribution Service 3.0
RP327: 20/04/2009 07:42:56 - Point de vérification système
RP328: 21/04/2009 09:01:33 - Point de vérification système
RP329: 22/04/2009 09:47:02 - Point de vérification système
RP330: 23/04/2009 21:08:55 - Point de vérification système
RP331: 25/04/2009 03:00:16 - Software Distribution Service 3.0
RP332: 26/04/2009 03:00:18 - Software Distribution Service 3.0
RP333: 27/04/2009 03:00:16 - Software Distribution Service 3.0
RP334: 28/04/2009 03:00:15 - Software Distribution Service 3.0
RP335: 29/04/2009 06:46:50 - Point de vérification système
RP336: 30/04/2009 06:59:15 - Point de vérification système
RP337: 01/05/2009 03:00:14 - Software Distribution Service 3.0
RP338: 02/05/2009 05:03:25 - Point de vérification système
RP339: 03/05/2009 06:02:39 - Point de vérification système
RP340: 04/05/2009 06:45:18 - Point de vérification système
RP341: 05/05/2009 07:45:18 - Point de vérification système
RP342: 06/05/2009 08:45:18 - Point de vérification système
RP343: 07/05/2009 21:34:57 - Point de vérification système
RP344: 08/05/2009 03:00:14 - Software Distribution Service 3.0
RP345: 09/05/2009 04:12:23 - Point de vérification système
RP346: 10/05/2009 06:53:10 - Point de vérification système
RP347: 11/05/2009 07:28:56 - Point de vérification système
RP348: 12/05/2009 19:08:31 - Point de vérification système
RP349: 13/05/2009 03:00:29 - Software Distribution Service 3.0
RP350: 14/05/2009 05:02:06 - Point de vérification système
RP351: 15/05/2009 06:53:19 - Point de vérification système
RP352: 16/05/2009 07:16:20 - Point de vérification système
RP353: 17/05/2009 07:30:48 - Point de vérification système
RP354: 18/05/2009 08:18:39 - Point de vérification système
RP355: 19/05/2009 08:21:42 - Point de vérification système
RP356: 20/05/2009 03:00:13 - Software Distribution Service 3.0
RP357: 21/05/2009 16:07:28 - Point de vérification système
RP358: 22/05/2009 03:00:34 - Software Distribution Service 3.0
RP359: 23/05/2009 07:21:25 - Point de vérification système
RP360: 24/05/2009 07:39:56 - Point de vérification système
RP361: 26/05/2009 00:21:32 - Point de vérification système
RP362: 27/05/2009 03:33:35 - Point de vérification système
RP363: 28/05/2009 03:00:18 - Software Distribution Service 3.0
RP364: 29/05/2009 08:39:39 - Point de vérification système
RP365: 29/05/2009 20:31:02 - Software Distribution Service 3.0
RP366: 01/06/2009 03:00:19 - Software Distribution Service 3.0
RP367: 03/06/2009 03:01:02 - Software Distribution Service 3.0
RP368: 04/06/2009 16:38:39 - Point de vérification système
RP369: 04/06/2009 18:53:25 - Installé QuickTime
RP370: 05/06/2009 16:14:59 - Software Distribution Service 3.0
RP371: 07/06/2009 03:00:18 - Software Distribution Service 3.0
RP372: 10/06/2009 00:23:57 - Supprimé QuickTime
RP373: 10/06/2009 03:00:15 - Software Distribution Service 3.0
RP374: 11/06/2009 03:00:30 - Software Distribution Service 3.0
RP375: 12/06/2009 03:00:24 - Software Distribution Service 3.0
RP376: 20/06/2009 03:00:28 - Software Distribution Service 3.0
RP377: 22/06/2009 03:00:15 - Software Distribution Service 3.0
RP378: 24/06/2009 03:00:18 - Software Distribution Service 3.0
RP379: 25/06/2009 01:10:44 - Software Distribution Service 3.0
RP380: 26/06/2009 03:00:19 - Software Distribution Service 3.0
RP381: 27/06/2009 03:01:19 - Software Distribution Service 3.0
RP382: 28/06/2009 03:00:21 - Software Distribution Service 3.0
RP383: 29/06/2009 16:21:56 - Software Distribution Service 3.0
RP384: 30/06/2009 01:51:37 - Software Distribution Service 3.0
RP385: 01/07/2009 02:17:02 - Software Distribution Service 3.0
RP386: 01/07/2009 16:22:52 - Software Distribution Service 3.0
RP387: 02/07/2009 03:00:14 - Software Distribution Service 3.0
RP388: 02/07/2009 15:07:59 - Software Distribution Service 3.0
RP389: 03/07/2009 03:02:26 - Software Distribution Service 3.0
RP390: 05/07/2009 03:00:16 - Software Distribution Service 3.0
RP391: 05/07/2009 16:13:45 - Installed SUPERAntiSpyware Free Edition
RP392: 05/07/2009 18:10:07 - Installé Java(TM) 6 Update 14
RP393: 05/07/2009 18:11:31 - Supprimé Java(TM) 6 Update 14
RP394: 05/07/2009 18:12:22 - Installé Java(TM) 6 Update 14

==== Installed Programs ======================

a-squared Free 3.5
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 7.1.0 - Français
Adobe Shockwave Player 11
Amélioration de nos services
Apple Software Update
Archiveur WinRAR
Ares Ultra 4.0.0
Assistant de connexion Windows Live
AutoUpdate
avast! Antivirus
BufferChm
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Connexion Facile à Internet
Correctif n°2 pour Windows XP Édition Media Center 2005
Correctif pour Lecteur Windows Media 10 (KB910393)
Correctif pour Lecteur Windows Media 11 (KB939683)
Correctif pour Windows XP (KB952287)
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Destinations
DeviceManagementQFolder
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DVD X Player 4.1 Professional
Enhanced Multimedia Keyboard Solution
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Image Clip Palette
EPSON Logiciel imprimante
EPSON Scan
EPSON Scan Assistant
EPSON Web-To-Page
ESDX4800_4200 Guide util.
ffdshow [rev 1723] [2007-12-24]
Foxit Reader
Free Download Manager 2.5
FullDPAppQFolder
Galerie de photos Windows Live
GameSpy Comrade
GemMaster Mystic
Google Earth
Google Gmail Notifier
Google Toolbar for Internet Explorer
Half-Life
High Definition Audio - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
HP Boot Optimizer
HP DigitalMedia Archive
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP Update
HP Wireless Keyboard Driver V1.8 (2.0.W-127AU MUL)
HPPhotoSmartExpress
HpSdpAppCoreApp
InstantShareDevices
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Intel(R) Quick Resume Technology Drivers
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 14
Last.fm 1.5.4.24567
Le logiciel Intel® Viiv™
Lecteur Windows Media11
LightScribe 1.4.105.1
Macromedia Flash Player 8
MainConcept for Software Encoder
Malwarebytes' Anti-Malware
Media Center Extender
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Bootvis
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
mIRC
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)
Mise à jour de sécurité pour Step by Step Interactive TRAINING (KB923723)
Mise à jour de sécurité pour Windows XP (KB923561)
Mise à jour de sécurité pour Windows XP (KB923689)
Mise à jour de sécurité pour Windows XP (KB938464)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB946648)
Mise à jour de sécurité pour Windows XP (KB950759)
Mise à jour de sécurité pour Windows XP (KB950760)
Mise à jour de sécurité pour Windows XP (KB950762)
Mise à jour de sécurité pour Windows XP (KB950974)
Mise à jour de sécurité pour Windows XP (KB951066)
Mise à jour de sécurité pour Windows XP (KB951376-v2)
Mise à jour de sécurité pour Windows XP (KB951698)
Mise à jour de sécurité pour Windows XP (KB951748)
Mise à jour de sécurité pour Windows XP (KB952004)
Mise à jour de sécurité pour Windows XP (KB952954)
Mise à jour de sécurité pour Windows XP (KB953838)
Mise à jour de sécurité pour Windows XP (KB953839)
Mise à jour de sécurité pour Windows XP (KB954211)
Mise à jour de sécurité pour Windows XP (KB954459)
Mise à jour de sécurité pour Windows XP (KB954600)
Mise à jour de sécurité pour Windows XP (KB955069)
Mise à jour de sécurité pour Windows XP (KB956390)
Mise à jour de sécurité pour Windows XP (KB956391)
Mise à jour de sécurité pour Windows XP (KB956572)
Mise à jour de sécurité pour Windows XP (KB956802)
Mise à jour de sécurité pour Windows XP (KB956803)
Mise à jour de sécurité pour Windows XP (KB956841)
Mise à jour de sécurité pour Windows XP (KB957095)
Mise à jour de sécurité pour Windows XP (KB957097)
Mise à jour de sécurité pour Windows XP (KB958215)
Mise à jour de sécurité pour Windows XP (KB958644)
Mise à jour de sécurité pour Windows XP (KB958687)
Mise à jour de sécurité pour Windows XP (KB958690)
Mise à jour de sécurité pour Windows XP (KB959426)
Mise à jour de sécurité pour Windows XP (KB960225)
Mise à jour de sécurité pour Windows XP (KB960714)
Mise à jour de sécurité pour Windows XP (KB960715)
Mise à jour de sécurité pour Windows XP (KB960803)
Mise à jour de sécurité pour Windows XP (KB961373)
Mise à jour de sécurité pour Windows XP (KB961501)
Mise à jour de sécurité pour Windows XP (KB963027)
Mise à jour de sécurité pour Windows XP (KB968537)
Mise à jour de sécurité pour Windows XP (KB969897)
Mise à jour de sécurité pour Windows XP (KB969898)
Mise à jour de sécurité pour Windows XP (KB970238)
Mise à jour pour Windows XP (KB898461)
Mise à jour pour Windows XP (KB942763)
Mise à jour pour Windows XP (KB951072-v2)
Mise à jour pour Windows XP (KB951978)
Mise à jour pour Windows XP (KB955839)
Mise à jour pour Windows XP (KB967715)
Mozilla Firefox (3.0.11)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
NVIDIA Drivers
Opera 9.64
OptionalContentQFolder
Otto
PC-Doctor 5 pour Windows
PhotoGallery
PIF DESIGNER
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
RandMap
RAR Password Cracker 4.12
RealPlayer
Realtek High Definition Audio Driver
Rome - Total War(TM)
Security Update for CAPICOM (KB931906)
Services Internet
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization 4 - Warlords
SkinsHP1
SlideShow
SlideShowMusic
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Starcraft
SUPERAntiSpyware Free Edition
Transcode 360 for Windows Media Center Edition 2005
TVersity Codec Pack 1.2
Unload
Unlocker 1.8.7
User Profile Hive Cleanup Service
VC80CRTRedist - 8.0.50727.762
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VobSub v2.23 (Remove Only)
WebFldrs XP
Winamp
Windows Imaging Component
Windows Live installer
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack3
Wireless 802.11g USB Adapter
Xfire (remove only)

==== End Of File ===========================
Download the MBR Rootkit Detector to your desktop.

* DOUBLECLICK mbr.exe and follow prompts.
* A black DOS window will quickly appear then disappear.
* When mbr.exe is finished it will create a log on your desktop.
* Copy and paste contents of that log file to your next reply.Here is the requested log:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK You have too many antispyware applications running.

a-squared
Ad-Aware
PC-Doctor 5

.
I suggest uninstalling a-squared and PC-Doctor 5. Use Malwarebytes and SUPERAntiSpyware for on-demand scanning. a-squared is known for false positives and PC-Doctor 5 is not very reliable in my opinion.

Also uninstall J2SE Runtime Environment 5.0 Update 6

----------

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]KillAll::

DDS::
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Folder::
c:\docume~1\alluse~1\applic~1\NortonInstaller

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
I'm sorry I've got a question. This step requires me to install ComboFix, isn't it? I must look for it online? Since it doesn't seem to be present in my desktop.Sorry I copied the wrong speech. I edited the above instructions.Here is the log. Was my computer severely contaminated?

ComboFix 09-07-05.01 - HP_Administrateur 06/07/2009 3:02.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1447 [GMT 2:00]
Lancé depuis: c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090705-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\alluse~1\applic~1\NortonInstaller
c:\docume~1\alluse~1\applic~1\NortonInstaller\Logs\07-05-2009-22h41m25s\SymNRT-07-05-2009-22h41m25s.log
c:\docume~1\alluse~1\applic~1\NortonInstaller\Logs\07-05-2009-22h41m25s\SymNRT.1.mft.7z
c:\docume~1\alluse~1\applic~1\NortonInstaller\Settings\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}.7z
c:\docume~1\HP_ADM~1.NOM\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\HP_ADM~1.NOM\LOCALS~1\Temp\tmp2.tmp
C:\Documents
c:\program files\messenger\msmsgs.exe
c:\recycler\NPROTECT
c:\recycler\S-1-5-21-25602794-1062246565-3331014846-1007
c:\recycler\S-1-5-21-2631055522-4284232903-2707980172-1007
c:\recycler\S-1-5-21-2631055522-4284232903-2707980172-500
c:\recycler\S-1-5-21-3208901557-1489751670-1171760114-1007
c:\recycler\S-1-5-21-4147084904-3235195045-2169894318-1007
c:\windows\desktop
c:\windows\desktop\IRcap.lnk
c:\windows\Installer\101420.msi
c:\windows\Installer\122fe5.msi
c:\windows\Installer\122fe9.msi
c:\windows\Installer\122ff0.msi
c:\windows\Installer\1291ec4.msi
c:\windows\Installer\1345b1e.msp
c:\windows\Installer\1345b23.msi
c:\windows\Installer\14174e0.msp
c:\windows\Installer\14f79ca.msi
c:\windows\Installer\1752119.msi
c:\windows\Installer\17ec23d.msi
c:\windows\Installer\180998d.msp
c:\windows\Installer\1c14a14.msi
c:\windows\Installer\1f712d.msi
c:\windows\Installer\1f8515e.msi
c:\windows\Installer\207722e.msp
c:\windows\Installer\20a41e.msi
c:\windows\Installer\23c2e86.msi
c:\windows\Installer\2a05f8.msi
c:\windows\Installer\2a05ff.msi
c:\windows\Installer\2a0628.msi
c:\windows\Installer\2a0634.msi
c:\windows\Installer\2bd3ee9.msi
c:\windows\Installer\2cbdc55.msi
c:\windows\Installer\2d751ee.msi
c:\windows\Installer\2e1d7f7.msi
c:\windows\Installer\2e24c2c.msi
c:\windows\Installer\2f6d251.msi
c:\windows\Installer\2f6d253.msi
c:\windows\Installer\3037834.msp
c:\windows\Installer\343cf.msi
c:\windows\Installer\378191e.msi
c:\windows\Installer\378195e.msi
c:\windows\Installer\3781978.msp
c:\windows\Installer\378197f.msi
c:\windows\Installer\378198a.msp
c:\windows\Installer\3b768cc.msi
c:\windows\Installer\3ddbb2b.msi
c:\windows\Installer\3ebcb1.msi
c:\windows\Installer\434684.msi
c:\windows\Installer\472fd7.msi
c:\windows\Installer\4ad34da.msi
c:\windows\Installer\4ad34db.msp
c:\windows\Installer\4ad34dc.msp
c:\windows\Installer\4ad34dd.msp
c:\windows\Installer\4ad34de.msp
c:\windows\Installer\4ad34df.msp
c:\windows\Installer\4ad34e0.msp
c:\windows\Installer\4ad34e1.msp
c:\windows\Installer\4ad34e2.msp
c:\windows\Installer\4ad34e3.msp
c:\windows\Installer\571a62e.msi
c:\windows\Installer\6696d.msi
c:\windows\Installer\6697a.msi
c:\windows\Installer\683998a.msi
c:\windows\Installer\69b5f9b.msi
c:\windows\Installer\6d641a.msi
c:\windows\Installer\7378d2d.msi
c:\windows\Installer\783269.msi
c:\windows\Installer\798d75e.msp
c:\windows\Installer\7e837.msi
c:\windows\Installer\800b1.msp
c:\windows\Installer\864935.msi
c:\windows\Installer\8a950.msi
c:\windows\Installer\8a955.msi
c:\windows\Installer\911a0e1.msi
c:\windows\Installer\911a0e9.msi
c:\windows\Installer\93bd6d.msi
c:\windows\Installer\9ff10.msi
c:\windows\Installer\a73455.msi
c:\windows\Installer\c69b55.msi
c:\windows\Installer\d333d3.msi
c:\windows\Installer\e13c5.msi
c:\windows\Installer\e795b7b.msp
c:\windows\Installer\f1698c.msi
c:\windows\Installer\f2b19a.msi
c:\windows\Installer\fc34f.msi
c:\windows\Installer\fc35f.msi
c:\windows\Installer\fc374.msi
c:\windows\Installer\fc37c.msi
c:\windows\Installer\fc38d.msi
c:\windows\kb913800.exe
E:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-06-06 au 2009-07-06 ))))))))))))))))))))))))))))))))))))
.

2009-07-05 16:25 . 2009-07-05 16:28--------d-----w-c:\program files\Trend Micro
2009-07-05 16:10 . 2009-07-05 16:12410984----a-w-c:\windows\system32\deploytk.dll
2009-07-05 14:14 . 2009-07-05 15:52117760----a-w-c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-05 14:13 . 2009-07-05 14:13--------d-----w-c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-05 14:13 . 2009-07-05 14:13--------d-----w-c:\program files\SUPERAntiSpyware
2009-07-05 14:13 . 2009-07-05 14:13--------d-----w-c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\SUPERAntiSpyware.com
2009-07-05 14:12 . 2009-07-05 14:12--------d-----w-c:\program files\Fichiers communs\Wise Installation Wizard
2009-07-05 13:58 . 2009-07-05 13:58--------d-----w-c:\program files\CCleaner
2009-07-05 12:27 . 2009-07-05 12:273561743----a-w-c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-22 20:48 . 2009-06-22 20:48--------d-----w-c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-06-22 13:19 . 2009-07-02 23:30314712----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe
2009-06-22 13:19 . 2009-07-02 23:3025440----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\savapibridge.dll
2009-06-22 13:19 . 2009-07-02 23:30169312----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll
2009-06-22 13:18 . 2009-07-02 23:30348496----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll
2009-06-22 13:18 . 2009-07-02 23:30298336----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\UpdateManager.dll
2009-06-22 13:18 . 2009-07-02 23:301630560----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll
2009-06-22 13:17 . 2009-07-02 23:3085352----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\AAWDriverTool.exe
2009-06-22 13:17 . 2009-07-02 23:30664424----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll
2009-06-22 13:17 . 2009-07-02 23:30563064----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2009-06-22 13:16 . 2009-07-02 23:30566632----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2009-06-22 13:16 . 2009-06-29 14:112352968----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-06-22 13:14 . 2009-06-29 14:10629072----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWWSC.exe
2009-06-22 13:14 . 2009-07-02 23:30520024----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe
2009-06-22 13:14 . 2009-07-02 23:301029456----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe
2009-06-09 22:15 . 2009-06-09 22:15--------d-----w-c:\program files\Fichiers communs\DivX Shared
2009-06-09 22:15 . 2009-06-09 22:15--------d-----w-c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-06-08 13:07 . 2009-06-08 13:0715688----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe
2009-06-08 13:07 . 2009-07-02 23:3084832----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\ShellExt.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 01:21 . 2008-07-24 19:42--------d-----w-c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\OpenOffice.org2
2009-07-06 01:18 . 2008-07-27 23:59--------d-----w-c:\program files\Transcode360
2009-07-06 00:38 . 2006-01-02 20:13--------d-----w-c:\program files\Java
2009-07-05 20:42 . 2006-01-02 20:57--------d-----w-c:\program files\Fichiers communs\Symantec Shared
2009-07-05 14:03 . 2008-07-24 22:50--------d-----w-c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Azureus
2009-07-05 12:28 . 2008-12-30 02:14--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2009-07-02 23:30 . 2009-06-01 13:24246128----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll
2009-07-02 23:30 . 2009-06-01 13:2440288----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll
2009-06-17 09:27 . 2008-12-30 02:1438160----a-w-c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2008-12-30 02:1419096----a-w-c:\windows\system32\drivers\mbam.sys
2009-06-11 15:37 . 2008-07-26 21:33--------d-----w-c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Free Download Manager
2009-06-09 22:24 . 2006-09-08 21:18--------d-----w-c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-09 22:17 . 2006-01-02 20:41--------d-----w-c:\program files\DivX
2009-06-09 22:16 . 2006-01-02 20:52--------d-----w-c:\program files\Google
2009-06-08 13:07 . 2009-01-24 19:1315688----a-w-c:\windows\system32\lsdelete.exe
2009-06-04 16:53 . 2009-06-04 16:53--------d-----w-c:\program files\Apple Software Update
2009-06-04 16:53 . 2009-06-04 16:53--------d-----w-c:\documents and settings\All Users\Application Data\Apple
2009-06-02 12:16 . 2009-06-02 12:16--------d-----w-c:\program files\HP Wireless Keyboard
2009-05-31 23:04 . 2008-08-04 18:23--------d-----w-c:\program files\Azureus Games
2009-05-31 15:28 . 2009-05-31 15:28--------d-----w-c:\program files\Western Digital
2009-05-26 18:29 . 2008-10-28 11:59265----a-w-c:\windows\system32\qwavecache.dat
2009-05-07 15:33 . 2004-08-10 11:00348672----a-w-c:\windows\system32\localspl.dll
2009-04-29 04:34 . 2004-08-10 11:00670720----a-w-c:\windows\system32\wininet.dll
2009-04-29 04:34 . 2004-08-10 11:0081920----a-w-c:\windows\system32\ieencode.dll
2009-04-25 17:05 . 2009-04-25 17:0564160----a-w-c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys
2009-04-25 17:05 . 2009-01-24 18:0564160----a-w-c:\windows\system32\drivers\Lbd.sys
2009-04-19 19:50 . 2004-08-10 11:001847296----a-w-c:\windows\system32\win32k.sys
2009-04-18 10:56 . 2005-10-10 11:3964724----a-w-c:\windows\system32\perfc00C.dat
2009-04-18 10:56 . 2005-10-10 11:39446984----a-w-c:\windows\system32\perfh00C.dat
2009-04-15 14:53 . 2004-08-10 11:00585216----a-w-c:\windows\system32\rpcrt4.dll
2006-11-04 10:09 . 2006-11-04 10:09251----a-w-c:\program files\wt3d.ini
2009-05-01 21:02 . 2009-05-01 21:021044480----a-w-c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02200704----a-w-c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:021044480----a-w-c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02200704----a-w-c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-28 7573504]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"EPSON Stylus DX4200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE" [2005-03-08 98304]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Transcode360"="c:\program files\Transcode360\Transcode360Tray.exe" [2006-05-02 192512]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-02 520024]
"BtcMaestro"="c:\program files\HP Wireless Keyboard\KMaestro.exe" [2005-06-13 278528]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-05 148888]
"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-14 16239616]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-04-28 1519616]

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-1-2 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-1-2 27136]

c:\documents and settings\MCX1\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-1-2 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-1-2 27136]

c:\documents and settings\MCX2\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-1-2 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-1-2 27136]

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-1-2 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-1-2 27136]

c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Moniteur de ressources Extender.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\AutorunsDisabled
MaxiMemo.lnk - c:\program files\MaxiMemo\MaxiMemo.exe [2008-1-19 828928]

c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-1-2 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-1-2 27136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05356352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.sys

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\mIRC\\mirc.exe"=
"c:\\Program Files\\Transcode360\\Transcode360Tray.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Ares Ultra\\Ares Ultra.exe"=
"c:\\Program Files\\Valve\\Half-Life\\hl.exe"=
"d:\\Games\\Unreal Tournament\\System\\UnrealTournament.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Service de Media Center Extender
"3390:TCP"= 3390:TCP:Services Media Center à distance

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [24/01/2009 20:05 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22/09/2008 17:22 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/06/2009 11:01 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/06/2009 11:01 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22/09/2008 17:22 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456]
R2 R54G Wireless Service;R54G Wireless Service;c:\program files\Wireless 802.11g Monitor\WLService.exe [15/01/2009 12:21 49152]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [02/01/2006 22:28 2829696]
R3 rt2571;Wireless 802.11g USB Adapter Driver;c:\windows\system32\drivers\rt2571.sys [28/02/2007 22:41 79616]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/06/2009 11:01 7408]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [02/01/2006 22:28 468768]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - GTNDIS5
*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVEREG_MULTI_SZ QWAVE
.
Contenu du dossier 'Tâches planifiées'

2009-06-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 23:30]

2009-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-07-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-PCDrProfiler - (no file)

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
FF - ProfilePath - c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Mozilla\Firefox\Profiles\5axz8c0l.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 03:15
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(992)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(3328)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSFR.DLL
c:\program files\HP Wireless Keyboard\HidKeybd.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\RMSvc.exe
c:\program files\Wireless 802.11g Monitor\WLanCfgG.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\ehome\McrdSvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\windows\system\hpsysdrv.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
.
**************************************************************************
.
Heure de fin: 2009-07-06 3:33 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-07-06 01:33

Avant-CF: 91259133952 octets libres
Après-CF: 95215472640 octets libres

359--- E O F ---2009-07-06 01:00
Quote from: TMNT on July 05, 2009, 07:36:23 PM

Was my computer severely contaminated?

Yes and I'm not sure it's all gone yet.

Go to Start > Run and type notepad.exe then click OK

Copy and paste the below into Notepad and save as fixme.reg to Your Desktop

Code: [Select]REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.

Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work.

Delete the fixme.reg from the Desktop.

----------

* Click START then RUN
* Now type Combofix /u in the runbox
* Make sure there's a space between Combofix and /u
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the CLOCK settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

----------

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

----------

Use the Kaspersky Lab Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

Click on SCAN NOW
Click Accept.
The program will then begin downloading the latest definition files.
Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As

Next, in the Save as prompt, Save in area, select: Desktop.
In the File name area use KScan, or something similar.
In Save as type: click the drop arrow and select: Text file [*.txt]
Then, click: Save

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 and 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

If needed, this animation will guide you through the process.Does this mean I should change important passwords just in case? fixme.reg was succesfully added to the registry. Here is the requested log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, July 6, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, July 06, 2009 03:33:55
Records in database: 2430652
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 166837
Threat name: 1
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 02:25:17

File name / Threat name / Threats count
C:\mIRC\mirc.exeInfected: not-a-virus:Client-IRC.Win32.mIRC.6031
C:\Program Files\mIRC\mirc.exeInfected: not-a-virus:Client-IRC.Win32.mIRC.6031

The selected area was scanned.
Quote

Does this mean I should change important passwords just in case?

It's always a good idea to do that now and then.

You use mIRC so those are false positives.

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Thank you very much evilfantasy for your valuable help!

Solve : VBS:Obfuscated-gen trj problem?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment