Trojan : Dldr.FraudoLo.sxm
Fermé
Tharkhun
-
2 sept. 2009 à 09:44
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 3 sept. 2009 à 21:38
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 3 sept. 2009 à 21:38
A voir également:
- Trojan : Dldr.FraudoLo.sxm
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Trojan al11 - Forum Virus
- Csrss.exe trojan - Forum Virus
- Trojan agent ✓ - Forum Virus
- Csrss.exe : processus suspect/virus ? - Forum Virus
5 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
2 sept. 2009 à 11:35
2 sept. 2009 à 11:35
slt
scan avec malwarebyte , fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
______________________
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
scan avec malwarebyte , fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
______________________
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Merci beaucoup de ton aide,
Voici le rapport Malewarebyte :
Et voici les rapport Hjackthis :
alwarebytes' Anti-Malware 1.40
Version de la base de données: 2731
Windows 5.1.2600 Service Pack 3
02/09/2009 21:13:38
mbam-log-2009-09-02 (21-13-34).txt
Type de recherche: Examen rapide
Eléments examinés: 104586
Temps écoulé: 16 minute(s), 58 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 9
Processus mémoire infecté(s):
C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> No action taken.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\wisdstr.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\wisdstr.VIR (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Thomas\Local Settings\Temporary Internet Files\Content.IE5\WYM2MS4T\Install[1].exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Thomas\Application Data\wiaserva.log (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\dllcache\figaro.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\temp\wpv881251705172.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Thomas\delself.bat (Malware.Trace) -> No action taken.
C:\Documents and Settings\Thomas\Menu Démarrer\Programmes\Démarrage\ikowin32.exe (Trojan.Downloader) -> No action taken.
Quelques fichiers n'ont pas pu etre supprimés et j'ai du redémarer.
Mais le trojan est toujours là avec ses messages antivir.
LOG :
Logfile of random's system information tool 1.06 (written by random/random)
Run by Thomas at 2009-09-02 21:19:43
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 25 GB (17%) free of 149 GB
Total RAM: 1022 MB (41% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:19:56, on 02/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Documents and Settings\Thomas\Mes documents\Utilitaires\Bluesoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\sys32_nov.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Thomas\Mes documents\Utilitaires\DT\daemon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Documents and Settings\Thomas\sys32_nov.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\braviax.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Thomas\Bureau\RSIT.exe
C:\Program Files\trend micro\Thomas.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sys32_nov] C:\WINDOWS\system32\sys32_nov.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Documents and Settings\Thomas\Mes documents\Utilitaires\DT\daemon.exe" -autorun
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [sys32_nov] C:\Documents and Settings\Thomas\sys32_nov.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: RaptisoftGameLoader - https://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.systemrequirementslab.com/cyri
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Documents and Settings\Thomas\Mes documents\Utilitaires\Bluesoleil\BTNtService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
Voici le rapport Malewarebyte :
Et voici les rapport Hjackthis :
alwarebytes' Anti-Malware 1.40
Version de la base de données: 2731
Windows 5.1.2600 Service Pack 3
02/09/2009 21:13:38
mbam-log-2009-09-02 (21-13-34).txt
Type de recherche: Examen rapide
Eléments examinés: 104586
Temps écoulé: 16 minute(s), 58 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 9
Processus mémoire infecté(s):
C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> No action taken.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\wisdstr.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\wisdstr.VIR (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Thomas\Local Settings\Temporary Internet Files\Content.IE5\WYM2MS4T\Install[1].exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Thomas\Application Data\wiaserva.log (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\dllcache\figaro.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\temp\wpv881251705172.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Thomas\delself.bat (Malware.Trace) -> No action taken.
C:\Documents and Settings\Thomas\Menu Démarrer\Programmes\Démarrage\ikowin32.exe (Trojan.Downloader) -> No action taken.
Quelques fichiers n'ont pas pu etre supprimés et j'ai du redémarer.
Mais le trojan est toujours là avec ses messages antivir.
LOG :
Logfile of random's system information tool 1.06 (written by random/random)
Run by Thomas at 2009-09-02 21:19:43
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 25 GB (17%) free of 149 GB
Total RAM: 1022 MB (41% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:19:56, on 02/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Documents and Settings\Thomas\Mes documents\Utilitaires\Bluesoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\sys32_nov.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Thomas\Mes documents\Utilitaires\DT\daemon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Documents and Settings\Thomas\sys32_nov.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\braviax.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Thomas\Bureau\RSIT.exe
C:\Program Files\trend micro\Thomas.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sys32_nov] C:\WINDOWS\system32\sys32_nov.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Documents and Settings\Thomas\Mes documents\Utilitaires\DT\daemon.exe" -autorun
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [sys32_nov] C:\Documents and Settings\Thomas\sys32_nov.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: RaptisoftGameLoader - https://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.systemrequirementslab.com/cyri
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} (DLoader Class) - http://dl.uc.sina.com/cab/downloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Documents and Settings\Thomas\Mes documents\Utilitaires\Bluesoleil\BTNtService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
3 sept. 2009 à 10:19
3 sept. 2009 à 10:19
ok envoie ces deux fichiers sur les liens ici pour faire progresser le logiciel:
http://uploads.malwarebytes.org/
C:\WINDOWS\system32\sys32_nov.exe
C:\WINDOWS\system32\regedit.exe
_________________________
puis
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
http://uploads.malwarebytes.org/
C:\WINDOWS\system32\sys32_nov.exe
C:\WINDOWS\system32\regedit.exe
_________________________
puis
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Merci encore une fois.
Voici le rapport log :
ComboFix 09-09-01.04 - Thomas 03/09/2009 20:51.2.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1022.562 [GMT 2:00]
Running from: c:\documents and settings\Thomas\Bureau\C-Fix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ARK38.tmp
c:\documents and settings\Thomas\delself.bat
c:\windows\cru629.dat
c:\windows\system32\braviax.exe
c:\windows\system32\cru629.dat
c:\windows\system32\dllcache\beep.sys
Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP649\A0101409.sys
.
((((((((((((((((((((((((( Files Created from 2009-08-03 to 2009-09-03 )))))))))))))))))))))))))))))))
.
2063-09-19 05:50 . 2063-09-19 05:50 5501 ----a-w- c:\windows\system32\rtclmg32.dll
2009-09-03 18:44 . 2008-04-13 17:36 42368 ----a-w- c:\windows\system32\drivers\agp440.sys
2009-09-03 18:44 . 2008-04-13 17:36 42368 ----a-w- c:\windows\system32\dllcache\agp440.sys
2009-09-02 19:19 . 2009-09-02 19:20 -------- d-----w- C:\rsit
2009-09-02 19:19 . 2009-09-02 19:19 -------- d-----w- c:\program files\trend micro
2009-09-01 22:43 . 2009-09-02 06:01 -------- d-----w- C:\VundoFix Backups
2009-09-01 22:35 . 2009-09-01 22:35 -------- d-s---w- c:\documents and settings\LocalService\Favoris
2009-09-01 22:35 . 2009-09-01 22:35 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-01 22:34 . 2009-09-01 22:34 29216 ----a-w- c:\windows\system32\sys32_nov.exe
2009-09-01 22:34 . 2009-09-01 22:34 29216 ----a-w- c:\documents and settings\Thomas\sys32_nov.exe
2009-08-23 18:29 . 2009-08-23 18:29 -------- d-----w- c:\program files\Reasonable NoClone 2007 Enterprise
2009-08-23 16:20 . 2009-08-23 16:20 -------- d-----w- c:\program files\Reasonable
2009-08-23 16:15 . 2009-08-23 19:52 -------- d-----w- c:\documents and settings\Thomas\Local Settings\Application Data\Reasonable_Software_House
2009-08-23 16:02 . 2009-08-23 16:02 -------- d-----w- c:\documents and settings\Thomas\Application Data\Reasonable Software House Ltd
2009-08-23 16:01 . 2009-08-23 16:01 -------- d-----w- c:\program files\Reasonable NoClone 2007 Home
2009-08-21 17:34 . 2009-08-21 17:34 -------- d-----w- c:\documents and settings\Thomas\Local Settings\Application Data\F4
2009-08-21 17:34 . 2009-08-21 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\F4
2009-08-21 17:25 . 2009-08-21 18:01 -------- d-----w- c:\documents and settings\Thomas\Application Data\F4
2009-08-21 17:24 . 2009-09-01 06:21 -------- d-----w- c:\program files\Empire of Sports
2009-08-19 06:07 . 2009-08-19 06:08 -------- d-----w- c:\documents and settings\Thomas\Local Settings\Application Data\Google
2009-08-19 06:07 . 2009-08-19 06:07 -------- d-----w- c:\program files\Google
2009-08-18 22:12 . 2009-08-18 22:14 -------- d-----w- c:\program files\Music AlarmClock v2
2009-08-17 22:30 . 2009-07-31 22:26 139016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-17 05:00 . 2009-07-24 06:55 -------- d-----w- c:\documents and settings\Thomas\Application Data\Pro Cycling Manager 2009
2009-08-17 01:24 . 2009-08-17 01:24 3033712 ----a-w- c:\windows\system32\drivers\appdrv01.sys
2009-08-17 01:24 . 2009-08-17 01:24 316816 ----a-w- c:\windows\system32\appdrvrem01.exe
2009-08-16 23:24 . 2009-08-16 23:24 -------- d-----w- c:\program files\Cyanide
2009-08-16 18:46 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:00 . 2009-08-05 09:00 205312 ------w- c:\windows\system32\dllcache\mswebdvd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-02 19:28 . 2005-09-02 13:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-02 18:55 . 2009-03-18 07:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-01 22:29 . 2005-10-27 16:53 -------- d-----w- c:\program files\LIVEUPDATE
2009-08-28 17:19 . 2008-12-05 19:06 -------- d-----w- c:\program files\BitComet
2009-08-22 13:48 . 2006-11-06 19:48 -------- d-----w- c:\program files\KONAMI
2009-08-18 22:43 . 2005-09-10 08:45 91616 ----a-w- c:\documents and settings\Thomas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-16 20:52 . 2004-08-20 09:24 86240 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-16 20:52 . 2004-08-20 09:24 514778 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-16 20:41 . 2005-10-14 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-16 18:39 . 2009-06-06 14:10 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-05 09:00 . 2004-08-20 09:23 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 11:36 . 2009-03-18 07:47 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2009-03-18 07:47 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-31 22:26 . 2009-04-15 20:07 189488 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-26 19:50 . 2009-06-26 19:05 139152 ----a-w- c:\documents and settings\Thomas\Application Data\PnkBstrK.sys
2009-07-26 19:50 . 2009-06-26 19:05 139152 ----a-w- c:\documents and settings\Thomas\Application Data\PnkBstrK.sys
2009-07-26 19:50 . 2009-04-15 20:07 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-26 19:50 . 2009-06-26 19:05 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-17 19:03 . 2004-08-20 09:23 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-20 09:24 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 21:06 . 2009-07-09 21:06 -------- d-----w- c:\program files\BurnAware Free
2009-07-03 16:57 . 2004-08-20 09:24 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 14:36 . 2009-06-26 18:59 1291640 ----a-w- c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\x68pkyc0.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-06-25 14:36 . 2009-06-26 18:59 729088 ----a-w- c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\x68pkyc0.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-06-25 08:26 . 2004-08-20 09:24 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:26 . 2004-08-20 09:24 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:26 . 2004-08-20 09:24 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:26 . 2004-08-20 09:23 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:26 . 2004-08-20 09:23 736768 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:26 . 2004-08-20 09:23 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-20 09:23 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-20 10:17 . 2009-06-20 10:17 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-16 14:40 . 2004-08-20 09:24 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2004-08-20 09:23 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 10:44 . 2004-08-20 09:24 78848 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:14 . 2004-08-20 09:23 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2004-08-20 09:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2004-08-20 09:24 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2003-08-16 19:56 . 2005-10-27 00:39 579584 --sha-r- c:\windows\system32\cd.exe
2006-06-25 10:13 . 2006-02-14 20:44 10856 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-09-02_06.39.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-25 08:26 . 2009-06-25 08:26 54272 c:\windows\system32\dllcache\wdigest.dll
- 2009-02-03 19:58 . 2009-02-03 19:58 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-02-03 19:58 . 2009-06-25 08:26 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
- 2009-06-29 18:47 . 2009-06-29 18:47 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-06-29 18:47 . 2009-06-29 18:47 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2005-09-13 11:08 . 2004-08-05 11:00 4224 c:\windows\system32\drivers\beep.sys
- 2004-08-20 09:23 . 2004-08-05 11:00 4224 c:\windows\system32\drivers\beep.sys
+ 2008-12-05 06:57 . 2009-06-25 08:26 147456 c:\windows\system32\dllcache\schannel.dll
+ 2009-06-25 08:26 . 2009-06-25 08:26 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2009-04-16 18:23 . 2009-06-25 08:26 736768 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-06-25 08:26 . 2009-06-25 08:26 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-06-29 18:47 . 2009-06-29 18:47 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2009-06-29 18:47 . 2009-06-29 18:47 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2009-06-29 18:47 . 2009-06-29 18:47 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-06-29 18:47 . 2009-06-29 18:47 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2009-06-29 18:47 . 2009-06-29 18:47 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-06-29 18:47 . 2009-06-29 18:47 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-06-29 18:47 . 2009-06-29 18:47 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-06-29 18:47 . 2009-06-29 18:47 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-06-29 18:47 . 2009-06-29 18:47 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-06-29 18:47 . 2009-06-29 18:47 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-06-29 18:47 . 2009-06-29 18:47 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-06-29 18:46 . 2009-06-29 18:46 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-06-29 18:46 . 2009-06-29 18:46 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-06-29 18:47 . 2009-06-29 18:47 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2009-06-29 18:46 . 2009-06-29 18:46 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-06-29 18:46 . 2009-06-29 18:46 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"DAEMON Tools Lite"="c:\documents and settings\Thomas\Mes documents\Utilitaires\DT\daemon.exe" [2008-07-24 490952]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-14 344064]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Openwares LiveUpdate"="c:\program files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"AliceSAV"="c:\program files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 81408]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
c:\documents and settings\Thomas\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2007-11-14 880730]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Jeux\\Battlefield Vietnam\\bfvietnam.exe"=
"c:\\Jeux\\Age Of Empires II\\empires2.exe"=
"c:\\Documents and Settings\\Thomas\\Mes documents\\Utilitaires\\3dsmax\\3dsmax.exe"=
"c:\\Program Files\\backburner 2\\monitor.exe"=
"c:\\Program Files\\backburner 2\\manager.exe"=
"c:\\Program Files\\backburner 2\\server.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Jeux\\Age Of Empires II\\EMPIRES2.ICD"=
"c:\\Jeux\\hrm\\GAMEHR.EXE"=
"c:\\Jeux\\Dofus\\Dofus.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Jeux\\Et\\ET.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Jeux\\starwars\\GameData\\jamp.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\Thomas\\Mes documents\\Utilitaires\\Maguma Open Studio\\tools\\DbgListener.exe"=
"c:\\Documents and Settings\\Thomas\\Mes documents\\Utilitaires\\mathematica\\Mathematica.exe"=
"c:\\Documents and Settings\\Thomas\\Mes documents\\Utilitaires\\mathematica\\MathKernel.exe"=
"c:\\Documents and Settings\\Thomas\\Mes documents\\Utilitaires\\mathematica\\math.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\system32\\svchost.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\Thomas\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\StubInstaller.exe"=
"c:\\Documents and Settings\\Thomas\\Mes documents\\Utilitaires\\FileZilla\\FileZilla.exe"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Jeux\\Swat\\Content\\System\\Swat4.exe"=
"c:\\Jeux\\RavenShield\\system\\ravenshield.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Documents and Settings\\Thomas\\Mes documents\\Utilitaires\\Bluesoleil\\BlueSoleil.exe"=
"c:\\Jeux\\BF2\\BF2.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\MusicBrainz Picard\\picard.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Jeux\\Blood Bowl\\BB.exe"=
"c:\\Jeux\\Blood Bowl\\Autorun\\Exe\\Autorun.exe"=
"c:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"=
"c:\\Jeux\\Pro Cycling Manager - Season 2009\\PCM.exe"=
"c:\\Jeux\\Pro Cycling Manager - Season 2009\\Autorun\\Exe\\Autorun.exe"=
"c:\\Program Files\\Empire of Sports\\NetworkDiagnostic.exe"=
"c:\\Program Files\\Empire of Sports\\EmpireOfSports.exe"=
"c:\\Documents and Settings\\Thomas\\Local Settings\\Application Data\\F4\\ClientUpdater\\ClientUpdater.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4662:TCP"= 4662:TCP:emule
"4672:UDP"= 4672:UDP:emule
"27663:TCP"= 27663:TCP:BitComet 27663 TCP
"27663:UDP"= 27663:UDP:BitComet 27663 UDP
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [17/08/2009 03:24 3033712]
R2 Devx;Devx;c:\windows\system32\drivers\Devx.sys [17/09/2006 21:38 4448]
R2 VtPr;VtPr;c:\windows\system32\drivers\VtPr.sys [17/09/2006 21:38 3328]
S0 FVDSCSI;FVDSCSI;c:\windows\system32\DRIVERS\fvdscsi.sys --> c:\windows\system32\DRIVERS\fvdscsi.sys [?]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [01/10/2007 17:57 17149]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [14/11/2007 21:02 362944]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2005-09-11 c:\windows\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-20 02:34]
2009-08-18 c:\windows\Tasks\Winamp.job
- c:\docume~1\Thomas\MESDOC~1\UTILIT~1\winamp\winamp.exe [2009-07-01 16:38]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-sys32_nov - c:\documents and settings\Thomas\sys32_nov.exe
HKLM-Run-sys32_nov - c:\windows\system32\sys32_nov.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan8/oscan8.cab
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
FF - ProfilePath - c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\x68pkyc0.default\
FF - component: c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\x68pkyc0.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\x68pkyc0.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJPI150_09.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPOJI610.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-03 21:10
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AliceSAV = c:\program files\TechCity Solutions\AliceSAV\AliceAgent.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1502684365-1334776804-603962076-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:42,0f,9f,4a,67,34,09,65,d5,5d,d7,77,00,41,0a,c8,c8,53,46,0c,00,eb,e7,
16,bc,dc,5c,6e,fc,92,6e,08,cc,7a,b6,4a,ac,ef,a9,4d,6d,41,e9,bb,d3,4c,f0,6e,\
"??"=hex:69,3e,43,58,9f,64,ba,75,fe,6b,77,07,2a,78,dd,74
[HKEY_USERS\S-1-5-21-1502684365-1334776804-603962076-1006\Software\SecuROM\License information*]
"datasecu"=hex:74,84,d1,68,47,bc,1b,f4,02,cf,23,f5,21,23,94,6c,b1,38,4f,a3,5e,
94,2c,b3,7b,dd,98,fe,80,7a,0d,ed,a1,22,9e,52,5a,67,10,5f,92,5c,d9,3b,c9,b3,\
"rkeysecu"=hex:73,c4,22,47,88,65,e3,5c,82,0b,74,5d,a2,84,be,a2
[HKEY_LOCAL_MACHINE\software\NETGEAR\NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\NETGEAR\WPN111]
@DACL=(02 0000)
@="\"\""
"Domain"="<DomainKey>"
"Version"="1.0.0"
[HKEY_LOCAL_MACHINE\software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:11,37,23,5e,b4,bc,ef,69,0b,20,17,7c,5b,bc,e5,ca,81,08,8a,20,b6,f7,26,
bd,cd,6f,c2,a4,aa,09,e0,25,e1,86,ff,59,68,ae,1b,5d,26,fc,49,78,f5,a2,a5,0e,\
"??"=hex:18,a8,5d,c0,02,2d,46,dc,68,0b,be,82,93,78,f2,b4
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2296)
c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll
c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\documents and settings\Thomas\Mes documents\Utilitaires\Bluesoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-09-03 21:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-03 19:21
ComboFix2.txt 2009-09-02 06:49
Pre-Run: 24 142 163 968 octets libres
Post-Run: 24 108 523 520 octets libres
377 --- E O F --- 2009-09-03 05:41
Voici le rapport log :
ComboFix 09-09-01.04 - Thomas 03/09/2009 20:51.2.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1022.562 [GMT 2:00]
Running from: c:\documents and settings\Thomas\Bureau\C-Fix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ARK38.tmp
c:\documents and settings\Thomas\delself.bat
c:\windows\cru629.dat
c:\windows\system32\braviax.exe
c:\windows\system32\cru629.dat
c:\windows\system32\dllcache\beep.sys
Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP649\A0101409.sys
.
((((((((((((((((((((((((( Files Created from 2009-08-03 to 2009-09-03 )))))))))))))))))))))))))))))))
.
2063-09-19 05:50 . 2063-09-19 05:50 5501 ----a-w- c:\windows\system32\rtclmg32.dll
2009-09-03 18:44 . 2008-04-13 17:36 42368 ----a-w- c:\windows\system32\drivers\agp440.sys
2009-09-03 18:44 . 2008-04-13 17:36 42368 ----a-w- c:\windows\system32\dllcache\agp440.sys
2009-09-02 19:19 . 2009-09-02 19:20 -------- d-----w- C:\rsit
2009-09-02 19:19 . 2009-09-02 19:19 -------- d-----w- c:\program files\trend micro
2009-09-01 22:43 . 2009-09-02 06:01 -------- d-----w- C:\VundoFix Backups
2009-09-01 22:35 . 2009-09-01 22:35 -------- d-s---w- c:\documents and settings\LocalService\Favoris
2009-09-01 22:35 . 2009-09-01 22:35 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-01 22:34 . 2009-09-01 22:34 29216 ----a-w- c:\windows\system32\sys32_nov.exe
2009-09-01 22:34 . 2009-09-01 22:34 29216 ----a-w- c:\documents and settings\Thomas\sys32_nov.exe
2009-08-23 18:29 . 2009-08-23 18:29 -------- d-----w- c:\program files\Reasonable NoClone 2007 Enterprise
2009-08-23 16:20 . 2009-08-23 16:20 -------- d-----w- c:\program files\Reasonable
2009-08-23 16:15 . 2009-08-23 19:52 -------- d-----w- c:\documents and settings\Thomas\Local Settings\Application Data\Reasonable_Software_House
2009-08-23 16:02 . 2009-08-23 16:02 -------- d-----w- c:\documents and settings\Thomas\Application Data\Reasonable Software House Ltd
2009-08-23 16:01 . 2009-08-23 16:01 -------- d-----w- c:\program files\Reasonable NoClone 2007 Home
2009-08-21 17:34 . 2009-08-21 17:34 -------- d-----w- c:\documents and settings\Thomas\Local Settings\Application Data\F4
2009-08-21 17:34 . 2009-08-21 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\F4
2009-08-21 17:25 . 2009-08-21 18:01 -------- d-----w- c:\documents and settings\Thomas\Application Data\F4
2009-08-21 17:24 . 2009-09-01 06:21 -------- d-----w- c:\program files\Empire of Sports
2009-08-19 06:07 . 2009-08-19 06:08 -------- d-----w- c:\documents and settings\Thomas\Local Settings\Application Data\Google
2009-08-19 06:07 . 2009-08-19 06:07 -------- d-----w- c:\program files\Google
2009-08-18 22:12 . 2009-08-18 22:14 -------- d-----w- c:\program files\Music AlarmClock v2
2009-08-17 22:30 . 2009-07-31 22:26 139016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-17 05:00 . 2009-07-24 06:55 -------- d-----w- c:\documents and settings\Thomas\Application Data\Pro Cycling Manager 2009
2009-08-17 01:24 . 2009-08-17 01:24 3033712 ----a-w- c:\windows\system32\drivers\appdrv01.sys
2009-08-17 01:24 . 2009-08-17 01:24 316816 ----a-w- c:\windows\system32\appdrvrem01.exe
2009-08-16 23:24 . 2009-08-16 23:24 -------- d-----w- c:\program files\Cyanide
2009-08-16 18:46 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:00 . 2009-08-05 09:00 205312 ------w- c:\windows\system32\dllcache\mswebdvd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-02 19:28 . 2005-09-02 13:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-02 18:55 . 2009-03-18 07:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-01 22:29 . 2005-10-27 16:53 -------- d-----w- c:\program files\LIVEUPDATE
2009-08-28 17:19 . 2008-12-05 19:06 -------- d-----w- c:\program files\BitComet
2009-08-22 13:48 . 2006-11-06 19:48 -------- d-----w- c:\program files\KONAMI
2009-08-18 22:43 . 2005-09-10 08:45 91616 ----a-w- c:\documents and settings\Thomas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-16 20:52 . 2004-08-20 09:24 86240 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-16 20:52 . 2004-08-20 09:24 514778 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-16 20:41 . 2005-10-14 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-16 18:39 . 2009-06-06 14:10 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-05 09:00 . 2004-08-20 09:23 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 11:36 . 2009-03-18 07:47 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2009-03-18 07:47 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-31 22:26 . 2009-04-15 20:07 189488 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-26 19:50 . 2009-06-26 19:05 139152 ----a-w- c:\documents and settings\Thomas\Application Data\PnkBstrK.sys
2009-07-26 19:50 . 2009-06-26 19:05 139152 ----a-w- c:\documents and settings\Thomas\Application Data\PnkBstrK.sys
2009-07-26 19:50 . 2009-04-15 20:07 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-26 19:50 . 2009-06-26 19:05 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-17 19:03 . 2004-08-20 09:23 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-20 09:24 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 21:06 . 2009-07-09 21:06 -------- d-----w- c:\program files\BurnAware Free
2009-07-03 16:57 . 2004-08-20 09:24 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 14:36 . 2009-06-26 18:59 1291640 ----a-w- c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\x68pkyc0.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-06-25 14:36 . 2009-06-26 18:59 729088 ----a-w- c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\x68pkyc0.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-06-25 08:26 . 2004-08-20 09:24 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:26 . 2004-08-20 09:24 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:26 . 2004-08-20 09:24 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:26 . 2004-08-20 09:23 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:26 . 2004-08-20 09:23 736768 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:26 . 2004-08-20 09:23 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-20 09:23 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-20 10:17 . 2009-06-20 10:17 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-16 14:40 . 2004-08-20 09:24 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2004-08-20 09:23 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 10:44 . 2004-08-20 09:24 78848 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:14 . 2004-08-20 09:23 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2004-08-20 09:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2004-08-20 09:24 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2003-08-16 19:56 . 2005-10-27 00:39 579584 --sha-r- c:\windows\system32\cd.exe
2006-06-25 10:13 . 2006-02-14 20:44 10856 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-09-02_06.39.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-25 08:26 . 2009-06-25 08:26 54272 c:\windows\system32\dllcache\wdigest.dll
- 2009-02-03 19:58 . 2009-02-03 19:58 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-02-03 19:58 . 2009-06-25 08:26 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
- 2009-06-29 18:47 . 2009-06-29 18:47 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-06-29 18:47 . 2009-06-29 18:47 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2005-09-13 11:08 . 2004-08-05 11:00 4224 c:\windows\system32\drivers\beep.sys
- 2004-08-20 09:23 . 2004-08-05 11:00 4224 c:\windows\system32\drivers\beep.sys
+ 2008-12-05 06:57 . 2009-06-25 08:26 147456 c:\windows\system32\dllcache\schannel.dll
+ 2009-06-25 08:26 . 2009-06-25 08:26 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2009-04-16 18:23 . 2009-06-25 08:26 736768 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-06-25 08:26 . 2009-06-25 08:26 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-06-29 18:47 . 2009-06-29 18:47 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2009-06-29 18:47 . 2009-06-29 18:47 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2009-06-29 18:47 . 2009-06-29 18:47 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-06-29 18:47 . 2009-06-29 18:47 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2009-06-29 18:47 . 2009-06-29 18:47 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-06-29 18:47 . 2009-06-29 18:47 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-06-29 18:47 . 2009-06-29 18:47 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-06-29 18:47 . 2009-06-29 18:47 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-06-29 18:47 . 2009-06-29 18:47 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-06-29 18:47 . 2009-06-29 18:47 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-06-29 18:47 . 2009-06-29 18:47 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-06-29 18:46 . 2009-06-29 18:46 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-06-29 18:46 . 2009-06-29 18:46 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-06-29 18:47 . 2009-06-29 18:47 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2009-06-29 18:46 . 2009-06-29 18:46 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-09-02 19:35 . 2009-09-02 19:35 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-06-29 18:46 . 2009-06-29 18:46 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"DAEMON Tools Lite"="c:\documents and settings\Thomas\Mes documents\Utilitaires\DT\daemon.exe" [2008-07-24 490952]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-14 344064]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Openwares LiveUpdate"="c:\program files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"AliceSAV"="c:\program files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 81408]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
c:\documents and settings\Thomas\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2007-11-14 880730]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Jeux\\Battlefield Vietnam\\bfvietnam.exe"=
"c:\\Jeux\\Age Of Empires II\\empires2.exe"=
"c:\\Documents and Settings\\Thomas\\Mes documents\\Utilitaires\\3dsmax\\3dsmax.exe"=
"c:\\Program Files\\backburner 2\\monitor.exe"=
"c:\\Program Files\\backburner 2\\manager.exe"=
"c:\\Program Files\\backburner 2\\server.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Jeux\\Age Of Empires II\\EMPIRES2.ICD"=
"c:\\Jeux\\hrm\\GAMEHR.EXE"=
"c:\\Jeux\\Dofus\\Dofus.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Jeux\\Et\\ET.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Jeux\\starwars\\GameData\\jamp.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\Thomas\\Mes documents\\Utilitaires\\Maguma Open Studio\\tools\\DbgListener.exe"=
"c:\\Documents and Settings\\Thomas\\Mes documents\\Utilitaires\\mathematica\\Mathematica.exe"=
"c:\\Documents and Settings\\Thomas\\Mes documents\\Utilitaires\\mathematica\\MathKernel.exe"=
"c:\\Documents and Settings\\Thomas\\Mes documents\\Utilitaires\\mathematica\\math.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\system32\\svchost.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\Thomas\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\StubInstaller.exe"=
"c:\\Documents and Settings\\Thomas\\Mes documents\\Utilitaires\\FileZilla\\FileZilla.exe"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Jeux\\Swat\\Content\\System\\Swat4.exe"=
"c:\\Jeux\\RavenShield\\system\\ravenshield.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Documents and Settings\\Thomas\\Mes documents\\Utilitaires\\Bluesoleil\\BlueSoleil.exe"=
"c:\\Jeux\\BF2\\BF2.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\MusicBrainz Picard\\picard.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Jeux\\Blood Bowl\\BB.exe"=
"c:\\Jeux\\Blood Bowl\\Autorun\\Exe\\Autorun.exe"=
"c:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"=
"c:\\Jeux\\Pro Cycling Manager - Season 2009\\PCM.exe"=
"c:\\Jeux\\Pro Cycling Manager - Season 2009\\Autorun\\Exe\\Autorun.exe"=
"c:\\Program Files\\Empire of Sports\\NetworkDiagnostic.exe"=
"c:\\Program Files\\Empire of Sports\\EmpireOfSports.exe"=
"c:\\Documents and Settings\\Thomas\\Local Settings\\Application Data\\F4\\ClientUpdater\\ClientUpdater.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4662:TCP"= 4662:TCP:emule
"4672:UDP"= 4672:UDP:emule
"27663:TCP"= 27663:TCP:BitComet 27663 TCP
"27663:UDP"= 27663:UDP:BitComet 27663 UDP
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [17/08/2009 03:24 3033712]
R2 Devx;Devx;c:\windows\system32\drivers\Devx.sys [17/09/2006 21:38 4448]
R2 VtPr;VtPr;c:\windows\system32\drivers\VtPr.sys [17/09/2006 21:38 3328]
S0 FVDSCSI;FVDSCSI;c:\windows\system32\DRIVERS\fvdscsi.sys --> c:\windows\system32\DRIVERS\fvdscsi.sys [?]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [01/10/2007 17:57 17149]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [14/11/2007 21:02 362944]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2005-09-11 c:\windows\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-20 02:34]
2009-08-18 c:\windows\Tasks\Winamp.job
- c:\docume~1\Thomas\MESDOC~1\UTILIT~1\winamp\winamp.exe [2009-07-01 16:38]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-sys32_nov - c:\documents and settings\Thomas\sys32_nov.exe
HKLM-Run-sys32_nov - c:\windows\system32\sys32_nov.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan8/oscan8.cab
DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} - hxxp://dl.uc.sina.com/cab/downloader.cab
FF - ProfilePath - c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\x68pkyc0.default\
FF - component: c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\x68pkyc0.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\documents and settings\Thomas\Application Data\Mozilla\Firefox\Profiles\x68pkyc0.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJPI150_09.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPOJI610.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-03 21:10
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AliceSAV = c:\program files\TechCity Solutions\AliceSAV\AliceAgent.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1502684365-1334776804-603962076-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:42,0f,9f,4a,67,34,09,65,d5,5d,d7,77,00,41,0a,c8,c8,53,46,0c,00,eb,e7,
16,bc,dc,5c,6e,fc,92,6e,08,cc,7a,b6,4a,ac,ef,a9,4d,6d,41,e9,bb,d3,4c,f0,6e,\
"??"=hex:69,3e,43,58,9f,64,ba,75,fe,6b,77,07,2a,78,dd,74
[HKEY_USERS\S-1-5-21-1502684365-1334776804-603962076-1006\Software\SecuROM\License information*]
"datasecu"=hex:74,84,d1,68,47,bc,1b,f4,02,cf,23,f5,21,23,94,6c,b1,38,4f,a3,5e,
94,2c,b3,7b,dd,98,fe,80,7a,0d,ed,a1,22,9e,52,5a,67,10,5f,92,5c,d9,3b,c9,b3,\
"rkeysecu"=hex:73,c4,22,47,88,65,e3,5c,82,0b,74,5d,a2,84,be,a2
[HKEY_LOCAL_MACHINE\software\NETGEAR\NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\NETGEAR\WPN111]
@DACL=(02 0000)
@="\"\""
"Domain"="<DomainKey>"
"Version"="1.0.0"
[HKEY_LOCAL_MACHINE\software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:11,37,23,5e,b4,bc,ef,69,0b,20,17,7c,5b,bc,e5,ca,81,08,8a,20,b6,f7,26,
bd,cd,6f,c2,a4,aa,09,e0,25,e1,86,ff,59,68,ae,1b,5d,26,fc,49,78,f5,a2,a5,0e,\
"??"=hex:18,a8,5d,c0,02,2d,46,dc,68,0b,be,82,93,78,f2,b4
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2296)
c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll
c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\documents and settings\Thomas\Mes documents\Utilitaires\Bluesoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-09-03 21:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-03 19:21
ComboFix2.txt 2009-09-02 06:49
Pre-Run: 24 142 163 968 octets libres
Post-Run: 24 108 523 520 octets libres
377 --- E O F --- 2009-09-03 05:41
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
3 sept. 2009 à 21:38
3 sept. 2009 à 21:38
analyse ces deux fichiers sur virus total et colle les rapports: https://www.virustotal.com/gui/
c:\windows\system32\sys32_nov.exe
c:\documents and settings\Thomas\sys32_nov.exe
c:\windows\system32\sys32_nov.exe
c:\documents and settings\Thomas\sys32_nov.exe
