Ovfsthxnjyvbpmt.dll = cheval de troie. Help !
laurent
-
Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention -
Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention -
Bonjour,
Si j'en crois les recherches effectuées sur votre site, je suis uinfecté par le virus Sekena ou je ne sais plus quoi .... ^^
En tout cas ce fichier pose problème...
Que dois je faire pour supprimer ce cheval de troie ?
Merci d'avance pour voqs réponses ^^
Si j'en crois les recherches effectuées sur votre site, je suis uinfecté par le virus Sekena ou je ne sais plus quoi .... ^^
En tout cas ce fichier pose problème...
Que dois je faire pour supprimer ce cheval de troie ?
Merci d'avance pour voqs réponses ^^
A voir également:
- Ovfsthxnjyvbpmt.dll = cheval de troie. Help !
- Antivirus cheval de troie gratuit - Télécharger - Antivirus & Antimalwares
- Ordinateur bloqué cheval de troie - Accueil - Arnaque
- Qu'est ce que le cheval au poker - Forum Virus
- Comment se débarrasser d'un cheval de troie ✓ - Forum Virus
- Retrouver son cheval skyrim - Forum Jeux PC
7 réponses
Bonjour,
--> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
--> Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
--> Clique sur Continue à l'écran Disclaimer.
--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
--> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
Note : les rapports sont sauvegardés dans le dossier C:\rsit.
--> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
--> Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
--> Clique sur Continue à l'écran Disclaimer.
--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
--> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
Note : les rapports sont sauvegardés dans le dossier C:\rsit.
J'ai bien lancé le random's system information tool..
étape "listing event logs".. il reste vraiment peu de barre de progression à franchir, mais ça ne bouge toujours pas....
C'est normal que ce soit aussi long ?
étape "listing event logs".. il reste vraiment peu de barre de progression à franchir, mais ça ne bouge toujours pas....
C'est normal que ce soit aussi long ?
Non.
--> Désactive l'UAC le temps de la désinfection.
/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\
--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Clique droit sur ComboFix.exe (le .exe n'est pas forcément visible) et choisis Exécuter en tant qu'administrateur afin de le lancer.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
--> Désactive l'UAC le temps de la désinfection.
/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\
--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Clique droit sur ComboFix.exe (le .exe n'est pas forcément visible) et choisis Exécuter en tant qu'administrateur afin de le lancer.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
c'est bon, je poste les deux rapports :
log.txt :
Logfile of random's system information tool 1.06 (written by random/random)
Run by STEEVE at 2009-08-26 20:55:34
Microsoft® Windows Vista™ Édition Intégrale Service Pack 1
System drive C: has 197 GB (64%) free of 305 GB
Total RAM: 2047 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:58:22, on 26/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\STEEVE\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Zango\bin\10.3.85.0\OEAddOn.exe
C:\Program Files\Zango\bin\10.3.85.0\ZangoSA.exe
C:\Program Files\Zango\bin\10.3.85.0\Weather.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\STEEVE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYCFA71B\windows-xp-service-pack-2-sp2-_windows_xp_service_pack_2_msdn_francais_12824[1].exe
c:\f3ec3b91d374ec7d2d9e394e\i386\update\update.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\Taskmgr.exe
C:\Users\STEEVE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C85D6R43\RSIT[1].exe
C:\Program Files\trend micro\STEEVE.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.85.0\HostIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.85.0\HostIE.dll
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.3.85.0\OEAddOn.exe
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.3.85.0\ZangoSA.exe"
O4 - HKLM\..\RunOnce: [SoftwareHelper] C:\Users\STEEVE\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.85.0\Weather.exe" -auto
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Users\STEEVE\Desktop\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Users\STEEVE\Desktop\Titan Poker\casino.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O13 - Gopher Prefix:
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
log.txt :
Logfile of random's system information tool 1.06 (written by random/random)
Run by STEEVE at 2009-08-26 20:55:34
Microsoft® Windows Vista™ Édition Intégrale Service Pack 1
System drive C: has 197 GB (64%) free of 305 GB
Total RAM: 2047 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:58:22, on 26/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\STEEVE\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Zango\bin\10.3.85.0\OEAddOn.exe
C:\Program Files\Zango\bin\10.3.85.0\ZangoSA.exe
C:\Program Files\Zango\bin\10.3.85.0\Weather.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\STEEVE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYCFA71B\windows-xp-service-pack-2-sp2-_windows_xp_service_pack_2_msdn_francais_12824[1].exe
c:\f3ec3b91d374ec7d2d9e394e\i386\update\update.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\Taskmgr.exe
C:\Users\STEEVE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C85D6R43\RSIT[1].exe
C:\Program Files\trend micro\STEEVE.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.85.0\HostIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.85.0\HostIE.dll
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.3.85.0\OEAddOn.exe
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.3.85.0\ZangoSA.exe"
O4 - HKLM\..\RunOnce: [SoftwareHelper] C:\Users\STEEVE\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce
O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Zango\bin\10.3.85.0\Weather.exe" -auto
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Users\STEEVE\Desktop\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Users\STEEVE\Desktop\Titan Poker\casino.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O13 - Gopher Prefix:
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Combofix a terminé son opération, voici le log qu'il me transmet :
ComboFix 09-08-26.05 - STEEVE 26/08/2009 21:46.2.2 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.33.1036.18.2047.1136 [GMT 1:00]
Running from: c:\users\STEEVE\reste\Documents\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ShoppingReport
c:\program files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
c:\program files\ShoppingReport\Uninst.exe
c:\program files\zango
c:\program files\zango\bin\10.3.85.0\arrow.ico
c:\program files\zango\bin\10.3.85.0\CntntCntr.dll
c:\program files\zango\bin\10.3.85.0\copyright.txt
c:\program files\zango\bin\10.3.85.0\CoreSrv.dll
c:\program files\zango\bin\10.3.85.0\firefox\extensions\chrome.manifest
c:\program files\zango\bin\10.3.85.0\firefox\extensions\components\npclntax.xpt
c:\program files\zango\bin\10.3.85.0\firefox\extensions\install.rdf
c:\program files\zango\bin\10.3.85.0\firefox\extensions\plugins\npclntax_ZangoSA.dll
c:\program files\zango\bin\10.3.85.0\HostIE.dll
c:\program files\zango\bin\10.3.85.0\HostOE.dll
c:\program files\zango\bin\10.3.85.0\HostOL.dll
c:\program files\zango\bin\10.3.85.0\link.ico
c:\program files\zango\bin\10.3.85.0\OEAddOn.exe
c:\program files\zango\bin\10.3.85.0\Srv.exe
c:\program files\zango\bin\10.3.85.0\Toolbar.dll
c:\program files\zango\bin\10.3.85.0\Wallpaper.dll
c:\program files\zango\bin\10.3.85.0\Weather.exe
c:\program files\zango\bin\10.3.85.0\WeSkin.dll
c:\program files\zango\bin\10.3.85.0\ZangoSA.exe
c:\program files\zango\bin\10.3.85.0\ZangoSAAX.dll
c:\program files\zango\bin\10.3.85.0\ZangoSADF.exe
c:\program files\zango\bin\10.3.85.0\ZangoSAHook.dll
c:\program files\zango\bin\10.3.85.0\ZangoUninstaller.exe
c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango
c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Reset Cursor.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Weather.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Zango Customer Support Center.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Zango Games!.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Zango Library.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Zango Screensavers!.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Zango Uninstall Instructions.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Zango Videos!.lnk
c:\programdata\ZangoSA
c:\programdata\ZangoSA\ZangoSA.dat
c:\programdata\ZangoSA\ZangoSA_kyf.dat
c:\programdata\ZangoSA\ZangoSAAbout.mht
c:\programdata\ZangoSA\ZangoSAau.dat
c:\programdata\ZangoSA\ZangoSAEULA.mht
c:\users\STEEVE\AppData\Roaming\WeatherDPA
c:\users\STEEVE\AppData\Roaming\WeatherDPA\Weather\WeatherStartup.xml
c:\users\STEEVE\AppData\Roaming\Zango
c:\windows\system32\drivers\ovfsthxowgshcnq.sys
c:\windows\system32\ovfsthxbfbepege.dll
c:\windows\system32\ovfsthxctboetel.dat
c:\windows\system32\ovfsthxevtminxs.dat
c:\windows\system32\ovfsthxlog.dat
c:\windows\System32\ovfsthxmrdqimpl.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ovfsthxpniywpic
((((((((((((((((((((((((( Files Created from 2009-07-26 to 2009-08-26 )))))))))))))))))))))))))))))))
.
2009-08-26 20:52 . 2009-08-26 20:54 -------- d-----w- c:\users\STEEVE\AppData\Local\temp
2009-08-26 20:52 . 2009-08-26 20:52 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2009-08-26 20:52 . 2009-08-26 20:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-26 19:55 . 2009-08-26 19:58 -------- d-----w- c:\program files\trend micro
2009-08-26 19:55 . 2009-08-26 19:59 -------- d-----w- C:\rsit
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-26 20:53 . 2008-01-21 08:04 679192 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-26 20:53 . 2008-01-21 08:04 128212 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-21 17:22 . 2008-11-02 14:49 -------- d-----w- c:\users\STEEVE\AppData\Roaming\LimeWire
2009-07-31 21:15 . 2008-11-26 12:18 -------- d-----w- c:\program files\Everest Poker
2009-07-24 11:13 . 2009-07-24 11:13 1915520 ----a-w- c:\users\STEEVE\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-06-01 13:31 . 2009-06-01 13:31 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-01 13:31 . 2009-06-01 13:31 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-01 13:17 . 2009-06-01 13:17 86576 ----a-w- c:\users\STEEVE\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2009-06-01 13:17 . 2009-06-01 13:17 392728 ----a-w- c:\users\STEEVE\AppData\Roaming\Microsoft\Services Windows Live\Services Windows Live.dll
2009-06-01 13:17 . 2009-06-01 13:17 135680 ----a-w- c:\users\STEEVE\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
2009-06-01 13:17 . 2009-06-01 13:17 132672 ----a-w- c:\users\STEEVE\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
2008-01-21 02:21 . 2008-01-21 02:21 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\WinMail.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-06-01_16.00.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:56 . 2009-07-02 10:03 54364 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:03 . 2009-07-01 19:33 76800 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-07 17:27 . 2009-07-01 19:33 12378 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-939114007-804831884-1596719110-1000_UserData.bin
- 2008-05-07 17:27 . 2009-06-01 15:55 12378 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-939114007-804831884-1596719110-1000_UserData.bin
+ 2008-05-07 19:43 . 2009-07-24 11:13 88590 c:\windows\System32\Macromed\Flash\uninstall_activeX.exe
+ 2008-05-07 17:25 . 2009-08-26 20:54 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-07 17:25 . 2009-06-01 16:00 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-26 20:54 . 2009-08-26 20:54 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-07 17:25 . 2009-08-26 20:54 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-07 17:25 . 2009-06-01 16:00 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-21 19:28 . 2009-06-01 13:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-21 19:28 . 2009-07-07 12:51 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-21 19:28 . 2009-06-01 13:40 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-21 19:28 . 2009-07-07 12:51 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-21 19:28 . 2009-06-01 13:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-21 19:28 . 2009-07-07 12:51 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-01 13:55 . 2009-06-01 13:55 25088 c:\windows\Installer\1a95d8.msi
+ 2009-06-01 13:55 . 2009-06-01 13:55 28160 c:\windows\Installer\1a95c4.msi
+ 2009-06-01 13:55 . 2009-06-01 13:55 59904 c:\windows\Installer\1a95aa.msi
+ 2008-05-09 17:22 . 2009-06-13 15:44 290912 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2009-08-26 20:53 595748 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-01 15:46 595748 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-01 15:46 105078 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-08-26 20:53 105078 c:\windows\System32\perfc009.dat
+ 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\System32\Macromed\Flash\FlashUtil10b.exe
+ 2008-11-02 14:48 . 2008-11-02 14:48 369152 c:\windows\Installer\d8150c.msi
+ 2008-11-02 14:47 . 2008-11-02 14:47 561664 c:\windows\Installer\d81508.msi
+ 2009-04-12 18:50 . 2009-04-12 18:50 167424 c:\windows\Installer\b2ef77.msi
+ 2009-04-12 18:49 . 2009-04-12 18:49 242176 c:\windows\Installer\b2ef73.msi
+ 2009-04-19 18:36 . 2009-04-19 18:36 228352 c:\windows\Installer\af9c4.msi
+ 2008-10-05 13:02 . 2008-10-05 13:02 167424 c:\windows\Installer\a397c6.msi
+ 2008-05-07 18:40 . 2008-05-07 18:40 100352 c:\windows\Installer\58d61.msi
+ 2008-05-07 18:32 . 2008-05-07 18:32 269312 c:\windows\Installer\58d57.msi
+ 2008-07-29 22:09 . 2008-07-29 22:09 158720 c:\windows\Installer\546e07.msi
+ 2008-05-07 20:35 . 2008-05-07 20:35 504832 c:\windows\Installer\277fd2.msi
+ 2008-05-07 20:35 . 2008-05-07 20:35 514560 c:\windows\Installer\277fcc.msi
+ 2008-05-07 20:35 . 2008-05-07 20:35 506880 c:\windows\Installer\277fc7.msi
+ 2008-05-07 20:35 . 2008-05-07 20:35 516608 c:\windows\Installer\277fc1.msi
+ 2008-05-07 20:35 . 2008-05-07 20:35 513024 c:\windows\Installer\277fbb.msi
+ 2008-05-07 20:35 . 2008-05-07 20:35 513536 c:\windows\Installer\277fb5.msi
+ 2008-05-07 20:34 . 2008-05-07 20:34 505344 c:\windows\Installer\277fb0.msi
+ 2009-06-01 13:30 . 2009-06-01 13:30 821760 c:\windows\Installer\1c3bb.msi
+ 2009-06-01 13:55 . 2009-06-01 13:55 431104 c:\windows\Installer\1a95de.msi
+ 2009-06-01 13:55 . 2009-06-01 13:55 140288 c:\windows\Installer\1a95bf.msi
+ 2009-06-01 13:55 . 2009-06-01 13:55 202752 c:\windows\Installer\1a95b4.msi
+ 2009-06-01 13:55 . 2009-06-01 13:55 152576 c:\windows\Installer\1a95af.msi
+ 2009-06-01 13:54 . 2009-06-01 13:54 107008 c:\windows\Installer\1a95a5.msi
+ 2009-06-01 13:54 . 2009-06-01 13:54 301056 c:\windows\Installer\1a95a0.msi
+ 2008-09-23 13:29 . 2008-09-23 13:29 331264 c:\windows\Installer\142d8b.msi
+ 2009-05-18 16:29 . 2009-05-18 16:29 1129472 c:\windows\Installer\e7fecc.msi
+ 2008-05-07 17:59 . 2008-05-07 17:59 3673088 c:\windows\Installer\bc86e.msi
+ 2008-05-07 20:00 . 2008-05-07 20:00 3430912 c:\windows\Installer\7e699.msi
+ 2008-05-07 18:38 . 2008-05-07 18:38 7782912 c:\windows\Installer\58d5c.msi
+ 2009-04-19 15:30 . 2009-04-19 15:30 3966976 c:\windows\Installer\4cf821.msi
+ 2009-04-19 15:28 . 2009-04-19 15:28 3293696 c:\windows\Installer\4cf4f8.msi
+ 2009-04-19 15:26 . 2009-04-19 15:26 1659392 c:\windows\Installer\4cf3ef.msi
+ 2008-05-07 20:35 . 2008-05-07 20:35 1657856 c:\windows\Installer\277fe2.msi
+ 2008-05-07 20:35 . 2008-05-07 20:35 1657344 c:\windows\Installer\277fdd.msi
+ 2008-05-07 20:35 . 2008-05-07 20:35 1666048 c:\windows\Installer\277fd7.msi
+ 2008-05-07 20:34 . 2008-05-07 20:34 2366464 c:\windows\Installer\277fab.msi
+ 2008-05-07 20:34 . 2008-05-07 20:34 1645568 c:\windows\Installer\277fa6.msi
+ 2008-05-07 20:34 . 2008-05-07 20:34 2027520 c:\windows\Installer\277fa0.msi
+ 2008-05-07 20:34 . 2008-05-07 20:34 1754112 c:\windows\Installer\277f9b.msi
+ 2008-05-07 20:34 . 2008-05-07 20:34 2418176 c:\windows\Installer\277f96.msi
+ 2009-04-27 15:34 . 2009-04-27 15:34 8348160 c:\windows\Installer\1c4c2.msp
+ 2009-03-09 19:43 . 2009-03-09 19:43 8992256 c:\windows\Installer\18c9c48.msi
+ 2009-03-09 19:43 . 2009-03-09 19:43 1549312 c:\windows\Installer\18c9c43.msi
+ 2008-05-07 20:37 . 2008-05-07 20:37 15830016 c:\windows\Installer\277fe8.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SoftwareHelper"="c:\users\STEEVE\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe" [2008-12-09 368224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5B0DE3D8-767C-4940-AD81-75CDAB687ED2}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{98D76340-F6AA-4340-9F97-6A1EACFAAF05}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{C8BACF73-42D1-494E-B920-59D44A97E765}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{268089B5-A644-457F-AB22-A77755BA4761}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2B82D65A-5578-4E5C-85F4-21ED1471080B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{C9FF0A94-0F63-42F4-BCA2-2D21C93FBE47}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{4A217428-0FDF-4DB7-993A-D6D4482AD844}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{354F5A61-D589-46EE-84A0-55D8DCD1154A}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{8067ADC1-A0AB-49DD-B655-DE1E94AAFA03}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2AE92903-1A21-48AB-ADA6-E83C715B0DA6}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [01/06/2009 13:52 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [01/06/2009 13:52 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [01/06/2009 13:52 51792]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [01/06/2009 14:31 604416]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [07/05/2008 19:01 1153368]
S3 PAC207;SoC PC-Camera;c:\windows\System32\drivers\PFC027.SYS [05/12/2006 11:34 507136]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [26/10/2008 13:39 28224]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\System32\drivers\s916bus.sys [23/09/2008 14:27 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\System32\drivers\s916mdfl.sys [23/09/2008 14:27 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\System32\drivers\s916mdm.sys [23/09/2008 14:27 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s916mgmt.sys [23/09/2008 14:28 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\System32\drivers\s916obex.sys [23/09/2008 14:27 100008]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lo.st/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-26 21:54
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000003d
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000003d
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\IoctlSvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-08-26 21:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-26 20:58
ComboFix2.txt 2009-06-01 16:02
Pre-Run: 207 083 352 064 octets libres
Post-Run: 208 116 191 232 octets libres
285 --- E O F --- 2008-05-07 19:48
Dois-je faire autre chose ?
ComboFix 09-08-26.05 - STEEVE 26/08/2009 21:46.2.2 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.33.1036.18.2047.1136 [GMT 1:00]
Running from: c:\users\STEEVE\reste\Documents\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ShoppingReport
c:\program files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
c:\program files\ShoppingReport\Uninst.exe
c:\program files\zango
c:\program files\zango\bin\10.3.85.0\arrow.ico
c:\program files\zango\bin\10.3.85.0\CntntCntr.dll
c:\program files\zango\bin\10.3.85.0\copyright.txt
c:\program files\zango\bin\10.3.85.0\CoreSrv.dll
c:\program files\zango\bin\10.3.85.0\firefox\extensions\chrome.manifest
c:\program files\zango\bin\10.3.85.0\firefox\extensions\components\npclntax.xpt
c:\program files\zango\bin\10.3.85.0\firefox\extensions\install.rdf
c:\program files\zango\bin\10.3.85.0\firefox\extensions\plugins\npclntax_ZangoSA.dll
c:\program files\zango\bin\10.3.85.0\HostIE.dll
c:\program files\zango\bin\10.3.85.0\HostOE.dll
c:\program files\zango\bin\10.3.85.0\HostOL.dll
c:\program files\zango\bin\10.3.85.0\link.ico
c:\program files\zango\bin\10.3.85.0\OEAddOn.exe
c:\program files\zango\bin\10.3.85.0\Srv.exe
c:\program files\zango\bin\10.3.85.0\Toolbar.dll
c:\program files\zango\bin\10.3.85.0\Wallpaper.dll
c:\program files\zango\bin\10.3.85.0\Weather.exe
c:\program files\zango\bin\10.3.85.0\WeSkin.dll
c:\program files\zango\bin\10.3.85.0\ZangoSA.exe
c:\program files\zango\bin\10.3.85.0\ZangoSAAX.dll
c:\program files\zango\bin\10.3.85.0\ZangoSADF.exe
c:\program files\zango\bin\10.3.85.0\ZangoSAHook.dll
c:\program files\zango\bin\10.3.85.0\ZangoUninstaller.exe
c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango
c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Reset Cursor.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Weather.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Zango Customer Support Center.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Zango Games!.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Zango Library.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Zango Screensavers!.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Zango Uninstall Instructions.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Zango\Zango Videos!.lnk
c:\programdata\ZangoSA
c:\programdata\ZangoSA\ZangoSA.dat
c:\programdata\ZangoSA\ZangoSA_kyf.dat
c:\programdata\ZangoSA\ZangoSAAbout.mht
c:\programdata\ZangoSA\ZangoSAau.dat
c:\programdata\ZangoSA\ZangoSAEULA.mht
c:\users\STEEVE\AppData\Roaming\WeatherDPA
c:\users\STEEVE\AppData\Roaming\WeatherDPA\Weather\WeatherStartup.xml
c:\users\STEEVE\AppData\Roaming\Zango
c:\windows\system32\drivers\ovfsthxowgshcnq.sys
c:\windows\system32\ovfsthxbfbepege.dll
c:\windows\system32\ovfsthxctboetel.dat
c:\windows\system32\ovfsthxevtminxs.dat
c:\windows\system32\ovfsthxlog.dat
c:\windows\System32\ovfsthxmrdqimpl.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ovfsthxpniywpic
((((((((((((((((((((((((( Files Created from 2009-07-26 to 2009-08-26 )))))))))))))))))))))))))))))))
.
2009-08-26 20:52 . 2009-08-26 20:54 -------- d-----w- c:\users\STEEVE\AppData\Local\temp
2009-08-26 20:52 . 2009-08-26 20:52 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2009-08-26 20:52 . 2009-08-26 20:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-26 19:55 . 2009-08-26 19:58 -------- d-----w- c:\program files\trend micro
2009-08-26 19:55 . 2009-08-26 19:59 -------- d-----w- C:\rsit
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-26 20:53 . 2008-01-21 08:04 679192 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-26 20:53 . 2008-01-21 08:04 128212 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-21 17:22 . 2008-11-02 14:49 -------- d-----w- c:\users\STEEVE\AppData\Roaming\LimeWire
2009-07-31 21:15 . 2008-11-26 12:18 -------- d-----w- c:\program files\Everest Poker
2009-07-24 11:13 . 2009-07-24 11:13 1915520 ----a-w- c:\users\STEEVE\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-06-01 13:31 . 2009-06-01 13:31 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-01 13:31 . 2009-06-01 13:31 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-01 13:17 . 2009-06-01 13:17 86576 ----a-w- c:\users\STEEVE\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2009-06-01 13:17 . 2009-06-01 13:17 392728 ----a-w- c:\users\STEEVE\AppData\Roaming\Microsoft\Services Windows Live\Services Windows Live.dll
2009-06-01 13:17 . 2009-06-01 13:17 135680 ----a-w- c:\users\STEEVE\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
2009-06-01 13:17 . 2009-06-01 13:17 132672 ----a-w- c:\users\STEEVE\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
2008-01-21 02:21 . 2008-01-21 02:21 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\WinMail.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-06-01_16.00.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:56 . 2009-07-02 10:03 54364 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:03 . 2009-07-01 19:33 76800 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-07 17:27 . 2009-07-01 19:33 12378 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-939114007-804831884-1596719110-1000_UserData.bin
- 2008-05-07 17:27 . 2009-06-01 15:55 12378 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-939114007-804831884-1596719110-1000_UserData.bin
+ 2008-05-07 19:43 . 2009-07-24 11:13 88590 c:\windows\System32\Macromed\Flash\uninstall_activeX.exe
+ 2008-05-07 17:25 . 2009-08-26 20:54 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-07 17:25 . 2009-06-01 16:00 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-26 20:54 . 2009-08-26 20:54 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-07 17:25 . 2009-08-26 20:54 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-07 17:25 . 2009-06-01 16:00 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-21 19:28 . 2009-06-01 13:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-21 19:28 . 2009-07-07 12:51 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-21 19:28 . 2009-06-01 13:40 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-21 19:28 . 2009-07-07 12:51 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-21 19:28 . 2009-06-01 13:40 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-21 19:28 . 2009-07-07 12:51 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-01 13:55 . 2009-06-01 13:55 25088 c:\windows\Installer\1a95d8.msi
+ 2009-06-01 13:55 . 2009-06-01 13:55 28160 c:\windows\Installer\1a95c4.msi
+ 2009-06-01 13:55 . 2009-06-01 13:55 59904 c:\windows\Installer\1a95aa.msi
+ 2008-05-09 17:22 . 2009-06-13 15:44 290912 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2009-08-26 20:53 595748 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-01 15:46 595748 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-01 15:46 105078 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-08-26 20:53 105078 c:\windows\System32\perfc009.dat
+ 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\System32\Macromed\Flash\FlashUtil10b.exe
+ 2008-11-02 14:48 . 2008-11-02 14:48 369152 c:\windows\Installer\d8150c.msi
+ 2008-11-02 14:47 . 2008-11-02 14:47 561664 c:\windows\Installer\d81508.msi
+ 2009-04-12 18:50 . 2009-04-12 18:50 167424 c:\windows\Installer\b2ef77.msi
+ 2009-04-12 18:49 . 2009-04-12 18:49 242176 c:\windows\Installer\b2ef73.msi
+ 2009-04-19 18:36 . 2009-04-19 18:36 228352 c:\windows\Installer\af9c4.msi
+ 2008-10-05 13:02 . 2008-10-05 13:02 167424 c:\windows\Installer\a397c6.msi
+ 2008-05-07 18:40 . 2008-05-07 18:40 100352 c:\windows\Installer\58d61.msi
+ 2008-05-07 18:32 . 2008-05-07 18:32 269312 c:\windows\Installer\58d57.msi
+ 2008-07-29 22:09 . 2008-07-29 22:09 158720 c:\windows\Installer\546e07.msi
+ 2008-05-07 20:35 . 2008-05-07 20:35 504832 c:\windows\Installer\277fd2.msi
+ 2008-05-07 20:35 . 2008-05-07 20:35 514560 c:\windows\Installer\277fcc.msi
+ 2008-05-07 20:35 . 2008-05-07 20:35 506880 c:\windows\Installer\277fc7.msi
+ 2008-05-07 20:35 . 2008-05-07 20:35 516608 c:\windows\Installer\277fc1.msi
+ 2008-05-07 20:35 . 2008-05-07 20:35 513024 c:\windows\Installer\277fbb.msi
+ 2008-05-07 20:35 . 2008-05-07 20:35 513536 c:\windows\Installer\277fb5.msi
+ 2008-05-07 20:34 . 2008-05-07 20:34 505344 c:\windows\Installer\277fb0.msi
+ 2009-06-01 13:30 . 2009-06-01 13:30 821760 c:\windows\Installer\1c3bb.msi
+ 2009-06-01 13:55 . 2009-06-01 13:55 431104 c:\windows\Installer\1a95de.msi
+ 2009-06-01 13:55 . 2009-06-01 13:55 140288 c:\windows\Installer\1a95bf.msi
+ 2009-06-01 13:55 . 2009-06-01 13:55 202752 c:\windows\Installer\1a95b4.msi
+ 2009-06-01 13:55 . 2009-06-01 13:55 152576 c:\windows\Installer\1a95af.msi
+ 2009-06-01 13:54 . 2009-06-01 13:54 107008 c:\windows\Installer\1a95a5.msi
+ 2009-06-01 13:54 . 2009-06-01 13:54 301056 c:\windows\Installer\1a95a0.msi
+ 2008-09-23 13:29 . 2008-09-23 13:29 331264 c:\windows\Installer\142d8b.msi
+ 2009-05-18 16:29 . 2009-05-18 16:29 1129472 c:\windows\Installer\e7fecc.msi
+ 2008-05-07 17:59 . 2008-05-07 17:59 3673088 c:\windows\Installer\bc86e.msi
+ 2008-05-07 20:00 . 2008-05-07 20:00 3430912 c:\windows\Installer\7e699.msi
+ 2008-05-07 18:38 . 2008-05-07 18:38 7782912 c:\windows\Installer\58d5c.msi
+ 2009-04-19 15:30 . 2009-04-19 15:30 3966976 c:\windows\Installer\4cf821.msi
+ 2009-04-19 15:28 . 2009-04-19 15:28 3293696 c:\windows\Installer\4cf4f8.msi
+ 2009-04-19 15:26 . 2009-04-19 15:26 1659392 c:\windows\Installer\4cf3ef.msi
+ 2008-05-07 20:35 . 2008-05-07 20:35 1657856 c:\windows\Installer\277fe2.msi
+ 2008-05-07 20:35 . 2008-05-07 20:35 1657344 c:\windows\Installer\277fdd.msi
+ 2008-05-07 20:35 . 2008-05-07 20:35 1666048 c:\windows\Installer\277fd7.msi
+ 2008-05-07 20:34 . 2008-05-07 20:34 2366464 c:\windows\Installer\277fab.msi
+ 2008-05-07 20:34 . 2008-05-07 20:34 1645568 c:\windows\Installer\277fa6.msi
+ 2008-05-07 20:34 . 2008-05-07 20:34 2027520 c:\windows\Installer\277fa0.msi
+ 2008-05-07 20:34 . 2008-05-07 20:34 1754112 c:\windows\Installer\277f9b.msi
+ 2008-05-07 20:34 . 2008-05-07 20:34 2418176 c:\windows\Installer\277f96.msi
+ 2009-04-27 15:34 . 2009-04-27 15:34 8348160 c:\windows\Installer\1c4c2.msp
+ 2009-03-09 19:43 . 2009-03-09 19:43 8992256 c:\windows\Installer\18c9c48.msi
+ 2009-03-09 19:43 . 2009-03-09 19:43 1549312 c:\windows\Installer\18c9c43.msi
+ 2008-05-07 20:37 . 2008-05-07 20:37 15830016 c:\windows\Installer\277fe8.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SoftwareHelper"="c:\users\STEEVE\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe" [2008-12-09 368224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5B0DE3D8-767C-4940-AD81-75CDAB687ED2}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{98D76340-F6AA-4340-9F97-6A1EACFAAF05}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{C8BACF73-42D1-494E-B920-59D44A97E765}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{268089B5-A644-457F-AB22-A77755BA4761}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2B82D65A-5578-4E5C-85F4-21ED1471080B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{C9FF0A94-0F63-42F4-BCA2-2D21C93FBE47}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{4A217428-0FDF-4DB7-993A-D6D4482AD844}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{354F5A61-D589-46EE-84A0-55D8DCD1154A}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{8067ADC1-A0AB-49DD-B655-DE1E94AAFA03}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2AE92903-1A21-48AB-ADA6-E83C715B0DA6}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [01/06/2009 13:52 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [01/06/2009 13:52 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [01/06/2009 13:52 51792]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [01/06/2009 14:31 604416]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [07/05/2008 19:01 1153368]
S3 PAC207;SoC PC-Camera;c:\windows\System32\drivers\PFC027.SYS [05/12/2006 11:34 507136]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [26/10/2008 13:39 28224]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\System32\drivers\s916bus.sys [23/09/2008 14:27 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\System32\drivers\s916mdfl.sys [23/09/2008 14:27 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\System32\drivers\s916mdm.sys [23/09/2008 14:27 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s916mgmt.sys [23/09/2008 14:28 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\System32\drivers\s916obex.sys [23/09/2008 14:27 100008]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lo.st/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-26 21:54
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000003d
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000003d
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\IoctlSvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-08-26 21:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-26 20:58
ComboFix2.txt 2009-06-01 16:02
Pre-Run: 207 083 352 064 octets libres
Post-Run: 208 116 191 232 octets libres
285 --- E O F --- 2008-05-07 19:48
Dois-je faire autre chose ?
