Sujet Précédent Sujet Suivant

Impossible d'enlever un "trojan.agent"

DavidSevilla -  
 DavidSevilla -
Bonjour,

Cela fait maintenant 1 semaine que j'ai decouvert un peu par hasard que mon ordinateur est infecté. Je me suis balladé sur les forums et j'ai dl certains logiciels que vous conseillez dans vos differents messages.
La plupart ne trouvent rien,mais Prevx CSI me dit que j'ai 2 saloperies sur le PC (meme si les noms qu il me donne sont bizarre pour moi inculte total du monde des PC)

Je suis dans l'impossibilité des les enlever et je précise que l'infection est confirmée par la page d'autentification d'un celebre mmorpg.

s'il vous plait aidez-moi

Comme je ne m y connais pas bcp, je poste le "log info" de Prevx CSI

Prevx CSI Log - Version v1.9.112.135
Log Generated: 8/6/2008 14:17, Type: 0
Some non-malicious files are not included in this log.
C:\WINDOWS\System32\smss.exe InMem: 1 Det [G] PX5: EAEF384300B86E2BC60900AD18ED0300A724F492
C:\WINDOWS\system32\ntdll.dll InMem: 1 Det [G] PX5: 98EF83350066C70130B20B444BEBEA0060C0C133
C:\WINDOWS\system32\csrss.exe InMem: 1 Det [G] PX5: 8825E4BB003E58EC18B200665DD0AE001981B6B0
C:\WINDOWS\system32\CSRSRV.dll InMem: 1 Det [G] PX5: 11A99F05003AA34D8069002798FE1300C04FDDC9
C:\WINDOWS\system32\basesrv.dll InMem: 1 Det [G] PX5: 9B749DED0097D155CE6D007C0DFCD2006BC3E46B
C:\WINDOWS\system32\winsrv.dll InMem: 1 Det [G] PX5: 58FC4F8F00FF13C87AA504364EB05E0050B00C62
C:\WINDOWS\system32\GDI32.dll InMem: 1 Det [G] PX5: A46E4C0000C123F550CE04C6C5E034005973E0F6
C:\WINDOWS\system32\KERNEL32.dll InMem: 1 Det [G] PX5: 0AD652AA00FC1D0C0493105593CD84009312E4D5
C:\WINDOWS\system32\USER32.dll InMem: 1 Det [G] PX5: D423C40D007DC87CD48F089CF302B8002A851A2B
C:\WINDOWS\system32\LPK.DLL InMem: 1 Det [G] PX5: 69AACCFD0062DF0956B600B6F72735007FC8CFEF
C:\WINDOWS\system32\USP10.dll InMem: 1 Det [G] PX5: 69C6087D003C8A2234B6068F54DA2C00470F48E0
C:\WINDOWS\system32\msvcrt.dll InMem: 1 Det [G] PX5: EAD3CF360087D2AD3C120509FE506F00051FAD01
C:\WINDOWS\system32\ADVAPI32.dll InMem: 1 Det [G] PX5: 92B7F38700BB58A974CD0A00ECE7FD00CC4139C0
C:\WINDOWS\system32\RPCRT4.dll InMem: 1 Det [G] PX5: B94B9B48001AE653EAB808B51D4BF60051961049
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols - ncacn_np [rpcrt4.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols - ncacn_ip_tcp [rpcrt4.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols - ncadg_ip_udp [rpcrt4.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols - ncacn_http [rpcrt4.dll]
C:\WINDOWS\system32\Secur32.dll InMem: 1 Det [G] PX5: D47AEB0E00BFF984DA8900537F517700DF131CD4
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 9 [secur32.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 10 [secur32.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 16 [secur32.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 18 [secur32.dll]
C:\WINDOWS\system32\sxs.dll InMem: 1 Det [G] PX5: 982A959400E83365F0D10A170A238E00D06EFE1F
C:\WINDOWS\system32\Apphelp.dll InMem: 1 Det [G] PX5: 2EEB1EEE0097E5E8F02301B9AF906D004978C398
C:\WINDOWS\system32\VERSION.dll InMem: 1 Det [G] PX5: 17E09890009DDCC84AAD00E153CBBA001ACEF73E
C:\Program Files\Spyware Doctor\smumhook.dll InMem: 1 Det [G] PX5: C0FB615988547D663570024E13788C00DE2A84F8
C:\WINDOWS\system32\oleaut32.dll InMem: 1 Det [G] PX5: 51A2C58C00CB9FC6684B086B25549100ECA0118F
C:\WINDOWS\system32\ole32.dll InMem: 1 Det [G] PX5: 69DD2A690029AFBD9A6F130EFC8D44006C38CB25
C:\Program Files\Spyware Doctor\klg.dat InMem: 1 Det [G] PX5: 5E3D350E00E36BBA88A90129252D2200CD2AB5DD
C:\WINDOWS\system32\winlogon.exe InMem: 1 Det [G] PX5: D840331100E89575BACC07CFE43BE400A19C6C89
C:\WINDOWS\system32\AUTHZ.dll InMem: 1 Det [G] PX5: 01C9665700B17620DEE60070609C5500BAFBCDE9
C:\WINDOWS\system32\CRYPT32.dll InMem: 1 Det [G] PX5: 2EF23AC10075181C3A1F09B41CEF040084716BA9
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain - DllName [crypt32.dll]
C:\WINDOWS\system32\MSASN1.dll InMem: 1 Det [G] PX5: 6BF1FB2B004AB5C9E09E004AC66CE80063D9E25B
C:\WINDOWS\system32\NDdeApi.dll InMem: 1 Det [G] PX5: 9BC2445000866FE84830000A144DE1001666E124
C:\WINDOWS\system32\PROFMAP.dll InMem: 1 Det [G] PX5: 644E4F65006FF34D6C8300CC0CDD0800A72EED25
C:\WINDOWS\system32\NETAPI32.dll InMem: 1 Det [G] PX5: 0919F943001E8983126505DFE88C1F008A305777
C:\WINDOWS\system32\USERENV.dll InMem: 1 Det [G] PX5: 5F5A4AC70082A56E283B0BACDA1B3B00EBB91B4A
C:\WINDOWS\system32\PSAPI.DLL InMem: 1 Det [G] PX5: 8B04E87500CF53245A640096C8348300D21BF5AE
C:\WINDOWS\system32\REGAPI.dll InMem: 1 Det [G] PX5: 6279AD6A00FB23DDC2D3007ACE5D3200CB248344
C:\WINDOWS\system32\SETUPAPI.dll InMem: 1 Det [G] PX5: 4812EB90008CCF6050400F165E3AEF00FC15A47C
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{407408d4-94ed-4d86-ab69-a7f649d112ee} - StubPath [%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection Q]
C:\WINDOWS\system32\WINSTA.dll InMem: 1 Det [G] PX5: C96442520050336DD2EE00A481B98E008FF2E736
C:\WINDOWS\system32\WINTRUST.dll InMem: 1 Det [G] PX5: AE875C790058C3ADB2F40253D90A6700B757348B
C:\WINDOWS\system32\IMAGEHLP.dll InMem: 1 Det [G] PX5: F6E4C09D003FB2D434EB021C11FD42006B96EA27
C:\WINDOWS\system32\WS2_32.dll InMem: 1 Det [G] PX5: DA0B0D1F0032D74A44E80144E1B2960023E80FCB
C:\WINDOWS\system32\WS2HELP.dll InMem: 1 Det [G] PX5: 069791F000FEF2B84EC100578D5C0B00979505AA
C:\WINDOWS\system32\IMM32.DLL InMem: 1 Det [G] PX5: 0F59DDC3009057C9AEA501954DD19100C98EE318
C:\WINDOWS\system32\MSGINA.dll InMem: 1 Det [G] PX5: AB13935200C48B2B529B0F7F5DFB960000A7FC29
C:\WINDOWS\system32\SHELL32.dll InMem: 1 Det [G] PX5: C74DB9F400A749A9F4D181C3816D1800C189ABFF
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon - VmApplet [rundll32 shell32,Control_RunDLL "sysdm.cpl"]
REGSHLEXHOOK - \REGISTRY\Machine\Software\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 - {AEB6717E-7E19-11d0-97EE-00C04FD91972} [shell32.dll]
REGDELAY - \REGISTRY\Machine\Software\Classes\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 - PostBootReminder [%SystemRoot%\system32\SHELL32.dll]
REGDELAY - \REGISTRY\Machine\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 - CDBurn [%SystemRoot%\system32\SHELL32.dll]
REGTOOLBAR - \REGISTRY\Machine\Software\Classes\CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383}\InprocServer32 - {0E5CBF21-D15F-11D0-8301-00AA005B4383} [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{24F14F01-7B1C-11d1-838f-0000F80461CF}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{24F14F02-7B1C-11d1-838f-0000F80461CF}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{09799AFB-AD67-11d1-ABCD-00C04FC30936}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{A470F8CF-A1E8-4f65-8335-227475AA5C46}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{ef43ecfe-2ab9-4632-bf21-58909dd177f0}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InprocServer32 - [shell32.dll]
C:\WINDOWS\system32\SHLWAPI.dll InMem: 1 Det [GP] PX5: CB9A1C52008EC10A3E1007B996851600525FB07B
C:\WINDOWS\system32\COMCTL32.dll InMem: 1 Det [G] PX5: 58711F2E0069835E6CE109A3C33D7C00D449BB7C
C:\WINDOWS\system32\ODBC32.dll InMem: 1 Det [G] PX5: EE1C007E001816FBD03503141531D0006256CCA0
C:\WINDOWS\system32\comdlg32.dll InMem: 1 Det [G] PX5: 97CDF6EE00A466D14A4C04524432900097EBC48F
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll InMem: 1 Det [G] PX5: 1E4F26FF00C0DC17163B105C770B840003FA50AB
C:\WINDOWS\system32\odbcint.dll InMem: 1 Det [G] PX5: 1CA0D73400A804C080B201FD569E1E0058E88EBE
C:\WINDOWS\system32\SHSVCS.dll InMem: 1 Det [G] PX5: ABF9CE95003663E1100802F437A7F900B2779509
C:\WINDOWS\system32\sfc.dll InMem: 1 Det [G] PX5: 71CFE5C500BDCD3B14DD002B882F7D00B682F7D4
C:\WINDOWS\system32\sfc_os.dll InMem: 1 Det [G] PX5: A4EC9745003F6D322C270270194B94009BBCCF61
C:\WINDOWS\system32\msctfime.ime InMem: 1 Det [G] PX5: 412FD0A40080BC10B49402002025D70015AB9688
C:\WINDOWS\system32\WINSCARD.DLL InMem: 1 Det [G] PX5: 9FFEB59C0073BA0E880F016BB08D05002FB552CB
C:\WINDOWS\system32\WTSAPI32.dll InMem: 1 Det [G] PX5: 48FCC46200FA9B8548AE00D4BA4CAA002355CDE4
C:\WINDOWS\system32\WINMM.dll InMem: 1 Det [G] PX5: 0468DD7F004B8F4EC2BC0254681B3E005D4D0B6B
C:\WINDOWS\system32\wininet.dll InMem: 1 Det [G] PX5: E4FB66070074E2573A0F0A2CA4E497003C6E860A
C:\WINDOWS\system32\urlmon.dll InMem: 1 Det [G] PX5: 063F888600686F0D78300992945C99006AB0BCC9
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll InMem: 1 Det [G] PX5: BAD2300C0067AFE220CA1A058522A200DCC786B6
C:\WINDOWS\system32\uxtheme.dll InMem: 1 Det [G] PX5: FACA0E4F002BE5A85A2B0392BFA5B200F292459B
C:\WINDOWS\system32\cscdll.dll InMem: 1 Det [G] PX5: B15AFB08002DD31292E001D7BD123C00AC64C0A3
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll - DLLName [cscdll.dll]
C:\WINDOWS\system32\WlNotify.dll InMem: 1 Det [G] PX5: 8DE992E50052042070FB012611BFF200851B96F3
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp - DLLName [wlnotify.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule - DllName [wlnotify.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn - DLLName [WlNotify.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv - DllName [wlnotify.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon - DLLName [wlnotify.dll]
C:\WINDOWS\system32\WINSPOOL.DRV InMem: 1 Det [G] PX5: A665A106004B68B13E4F02C9AADC3A002094FBC8
C:\WINDOWS\system32\MPR.dll InMem: 1 Det [G] PX5: C230EE63000C7A0DEA110007664BEB00CE500A3B
C:\WINDOWS\system32\rsaenh.dll InMem: 1 Det [G] PX5: 19B797A900BB112F5426027FDD39EC001D5760F1
C:\WINDOWS\system32\WgaLogon.dll InMem: 1 Det [G] PX5: 89BDBABD808784849D2F0353EC0346002952711E
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon - DllName [WgaLogon.dll]
C:\WINDOWS\system32\NTMARTA.DLL InMem: 1 Det [G] PX5: D07981D9004C97E4D4F3013411873900FCBA62C0
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider - ProviderPath [%SystemRoot%\system32\ntmarta.dll]
C:\WINDOWS\system32\WLDAP32.dll InMem: 1 Det [G] PX5: 0E8C5ECE00B6B84FA2110223B29CBF008BD68E22
C:\WINDOWS\system32\SAMLIB.dll InMem: 1 Det [G] PX5: BD33A092008131C4FABE007AC3B7FF0079F14C99
C:\WINDOWS\system32\CLBCATQ.DLL InMem: 1 Det [G] PX5: D2C36A3000C8D9279CBF075CE09B1C00C1F21F68
C:\WINDOWS\system32\COMRes.dll InMem: 1 Det [G] PX5: CC1A4F5A008C9800009A0D7CE8FD7800C981109B
C:\WINDOWS\system32\msv1_0.dll InMem: 1 Det [G] PX5: C04CE46100F27A20FA0D01B81C65BB008B2F3331
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Authentication Packages [msv1_0]
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Security Packages [kerberos]
C:\WINDOWS\system32\iphlpapi.dll InMem: 1 Det [G] PX5: 352A2D92003D702B76C401809C694B0052E43AAD
C:\WINDOWS\system32\cscui.dll InMem: 1 Det [G] PX5: 6FB49A990050F48728E605D3AA82080029DD1CA3
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8} - DllName [%SystemRoot%\System32\cscui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{750fdf0e-2a26-11d1-a3ea-080036587f03}\InprocServer32 - {750fdf0e-2a26-11d1-a3ea-080036587f03} [%SystemRoot%\System32\cscui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{10CFC467-4392-11d2-8DB4-00C04FA31A66}\InprocServer32 - {10CFC467-4392-11d2-8DB4-00C04FA31A66} [%SystemRoot%\System32\cscui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}\InprocServer32 - {AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} [%SystemRoot%\System32\cscui.dll]
C:\WINDOWS\system32\xpsp2res.dll InMem: 1 Det [G] PX5: 0EDDF24500B75AA9928D2D611871040035A391A8
C:\WINDOWS\system32\wdmaud.drv InMem: 1 Det [G] PX5: EE39EDDD009C0CD15C4C006E1D14F50094B0BD53
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - wave [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - midi [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - mixer [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - aux [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - wave [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - wave1 [wdmaud.drv]
C:\WINDOWS\system32\msacm32.drv InMem: 1 Det [G] PX5: 5F15240F00A67735521000B3A695C100C0EEBDC9
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP - wavemapper [msacm32.drv]
C:\WINDOWS\system32\MSACM32.dll InMem: 1 Det [G] PX5: 128030AA00D4DB3A1A3401A597817D0058EFF42F
C:\WINDOWS\system32\midimap.dll InMem: 1 Det [G] PX5: 595565F8002D88084A0000F598A5100016408133
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP - midimapper [midimap.dll]
C:\WINDOWS\system32\services.exe InMem: 1 Det [G] PX5: 8D31E9D20083E585A8B8011373392400B8A6FCBB
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Eventlog - ImagePath [C:\WINDOWS\system32\services.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PlugPlay - ImagePath [C:\WINDOWS\system32\services.exe]
C:\WINDOWS\system32\SCESRV.dll InMem: 1 Det [G] PX5: 72B3AB7900872E3A04F505C5B122CF00725DDB1F
C:\WINDOWS\system32\umpnpmgr.dll InMem: 1 Det [G] PX5: E17E7171004EB062E8920135B4ACE600006ECF5E
C:\WINDOWS\system32\NCObjAPI.DLL InMem: 1 Det [G] PX5: D45D8F1A005370698EC40076F1182300EF968395
C:\WINDOWS\system32\MSVCP60.dll InMem: 1 Det [G] PX5: E17AB7C300FBEE8B50D8066ABE390600D4B369D1
C:\WINDOWS\system32\ShimEng.dll InMem: 1 Det [G] PX5: 279F162200D1B52A008F010925672A00777AED3F
C:\WINDOWS\AppPatch\AcGenral.DLL InMem: 1 Det [G] PX5: B56636FB00FEF05644E41C8275CD8100E022668F
C:\WINDOWS\system32\OLEACC.dll InMem: 1 Det [G] PX5: B22489CC00F836607EE3026BC4467600D2CEDD8B
C:\WINDOWS\system32\RASAPI32.dll InMem: 1 Det [G] PX5: 182D9892000556B09E4F03BB98EAFC000BD1A1B3
C:\WINDOWS\system32\rasman.dll InMem: 1 Det [G] PX5: 9B79EF9B00BF4728F020008BC3858D00D914C147
C:\WINDOWS\system32\TAPI32.dll InMem: 1 Det [G] PX5: 17536ADF00CF9005C68102ED9115D700F4C52784
C:\WINDOWS\system32\rtutils.dll InMem: 1 Det [G] PX5: BD3199F900ED4B60AC0500E6313D640054752DA1
C:\WINDOWS\system32\eventlog.dll InMem: 1 Det [G] PX5: 3B9A3168000F9241DA51009E25CDA300D483AACD
C:\WINDOWS\system32\lsass.exe InMem: 1 Det [G] PX5: 2802951000AF6D2D3445003B3C2E070012FA4941
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Netlogon - ImagePath [C:\WINDOWS\system32\lsass.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NtLmSsp - ImagePath [C:\WINDOWS\system32\lsass.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PolicyAgent - ImagePath [C:\WINDOWS\system32\lsass.exe]
C:\WINDOWS\system32\LSASRV.dll InMem: 1 Det [G] PX5: 5BF85CE700C063A11EFA0B0393BA2B00F9882714
C:\WINDOWS\system32\NTDSAPI.dll InMem: 1 Det [G] PX5: 4A14226C007AF8DC061E01E4E30B8D0049B954E6
C:\WINDOWS\system32\DNSAPI.dll InMem: 1 Det [G] PX5: 11CECDE2004D2D9C466B027785B4250032AF505B
C:\WINDOWS\system32\SAMSRV.dll InMem: 1 Det [G] PX5: F721E42D009249DD948406ED4DA09000698C84E1
C:\WINDOWS\system32\cryptdll.dll InMem: 1 Det [G] PX5: 0CB641000025EEFB82D6003F65688E0063E0CCE0
C:\WINDOWS\system32\msprivs.dll InMem: 1 Det [G] PX5: 1F59B8A000D092F5BCAA0065E2B278006F8E089A
C:\WINDOWS\system32\kerberos.dll InMem: 1 Det [G] PX5: 86AF559D00FEE0A98447042C4AEE3500B9A53659
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Security Packages [kerberos]
C:\WINDOWS\system32\netlogon.dll InMem: 1 Det [G] PX5: 046502A200999EBC362B0653EF389B00EC58F70A
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 68 [netlogon.dll]
C:\WINDOWS\system32\w32time.dll InMem: 1 Det [G] PX5: B371450B0098CFF3B65E02DD2FE53E006ACADCF8
C:\WINDOWS\system32\schannel.dll InMem: 1 Det [G] PX5: B1324D7A0021FC1336F902C67B6D260095A1128E
REGRUNGEN - \REGISTRY\Machine\System\CurrentControlSet\Control\SecurityProviders - SecurityProviders [msapsspc.dll]
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Security Packages [kerberos]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 14 [schannel.dll]
C:\WINDOWS\system32\wdigest.dll InMem: 1 Det [G] PX5: 5183CA9A005B1589C07800AB3E57B100F487BFED
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Security Packages [kerberos]
C:\WINDOWS\system32\scecli.dll InMem: 1 Det [G] PX5: E8BBE43B004ABA2FD8FD026ED6BFBE00C95315DD
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A} - DllName [scecli.dll]
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A} - DllName [scecli.dll]
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Notification Packages [scecli]
C:\WINDOWS\system32\ipsecsvc.dll InMem: 1 Det [G] PX5: 1CEB82540078160CD052026E47341B007D0C4260
C:\WINDOWS\system32\oakley.DLL InMem: 1 Det [G] PX5: DD1A9798008F267A166F04354D81CE00973975B7
C:\WINDOWS\system32\WINIPSEC.DLL InMem: 1 Det [G] PX5: DEAF4DE80080FA1C80950095AFD11C00B22B9280
C:\WINDOWS\system32\pstorsvc.dll InMem: 1 Det [G] PX5: DC4F2F0500A0A54D866A00CF55F9A10047CA674F
C:\WINDOWS\system32\mswsock.dll InMem: 1 Det [G] PX5: EFF858EA001D836BC8B40397D44DB70045CCA860
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 - LibraryPath [%SystemRoot%\System32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 - LibraryPath [%SystemRoot%\System32\mswsock.dll]
C:\WINDOWS\system32\hnetcfg.dll InMem: 1 Det [G] PX5: E9BDBE6300E9674F4EAD0528C59C0900BBCD6B93
C:\WINDOWS\system32\psbase.dll InMem: 1 Det [G] PX5: BE66C28B00BC1A4E822C0169EFC29100978F96ED
C:\WINDOWS\System32\wshtcpip.dll InMem: 1 Det [G] PX5: 5A3F648600F532D54E6400E6707A27008127F653
C:\WINDOWS\system32\dssenh.dll InMem: 1 Det [G] PX5: 31E843BE00E2A81C18FA0265E10B6500232880A4
C:\WINDOWS\system32\svchost.exe InMem: 1 Det [G] PX5: F40E2DC500616549387D0095555BE30052AE71AD
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Alerter - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AppMgmt - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AudioSrv - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\BITS - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Browser - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\CryptSvc - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\DcomLaunch - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Dhcp - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmserver - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Dnscache - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ERSvc - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\EventSystem - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\helpsvc - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\HidServ - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\HTTPFilter - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\lanmanserver - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\lanmanworkstation - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\LmHosts - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Messenger - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\MHN - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Netman - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Nla - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NtmsSvc - ImagePath [C:\WINDOWS\system32\svchost.exe]
c:\windows\system32\rpcss.dll InMem: 1 Det [G] PX5: D871C10B00EAA5E3126A06933C746200665F77B0
C:\WINDOWS\system32\msi.dll InMem: 1 Det [G] PX5: 3259DB6300E6C7718E822B2266AE2400790D9142
c:\windows\system32\termsrv.dll InMem: 1 Det [G] PX5: DFF9989900B8D4B88CDF0430F59FF100D86462B7
c:\windows\system32\ICAAPI.dll InMem: 1 Det [G] PX5: 9A0CE61F00D382612C920044E2AB0700873BF792
c:\windows\system32\mstlsapi.dll InMem: 1 Det [G] PX5: EDCDF380001295B5C42B01A9DDFA4A0035AC9F98
c:\windows\system32\ACTIVEDS.dll InMem: 1 Det [G] PX5: BBB8F4B0002647C8F6250205FD961200E156A88F
c:\windows\system32\adsldpc.dll InMem: 1 Det [G] PX5: BD9B9C480029F65530DD02725A006600A1AD4B81
c:\windows\system32\ATL.DLL InMem: 1 Det [G] PX5: 7B62579E002E6C3EE6E000BF48CB9A0076B673B0
C:\WINDOWS\System32\winrnr.dll InMem: 1 Det [G] PX5: 6527FC730063EA7842CB007E553066000903CCBF
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 - LibraryPath [%SystemRoot%\System32\winrnr.dll]
C:\WINDOWS\system32\rasadhlp.dll InMem: 1 Det [G] PX5: 57464EA500BD805F2027003B3C2E0700E87E3F12
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll InMem: 1 Det [G] PX5: 4B6AF860005E2DB6B4260971351F230010BD1760
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCP80.dll InMem: 1 Det [G] PX5: 5705CBCE00CDFB7384FA08D41193B300A8C4800C
C:\WINDOWS\system32\DBGHELP.DLL InMem: 1 Det [G] PX5: 135DAE64001EB9D6C4D309C862841400BFE2B428
c:\windows\system32\dhcpcsvc.dll InMem: 1 Det [G] PX5: 2A8B6A8C00A73A52B6B70148C2883E00FE64D6A8
c:\windows\system32\wzcsvc.dll InMem: 1 Det [G] PX5: 77424EEF00D9452A3E2E07AA32776600CE7088C3
c:\windows\system32\WMI.dll InMem: 1 Det [G] PX5: 3713293500ADB92A16F0006A26ACBD0009A02966
c:\windows\system32\ESENT.dll InMem: 1 Det [G] PX5: AAFE6E7800365389C0B3106E9B15A80031A8649C
C:\WINDOWS\System32\rastls.dll InMem: 1 Det [G] PX5: C43258EC00D403D9BA8C010C32391300507BC8C6
C:\WINDOWS\system32\CRYPTUI.dll InMem: 1 Det [G] PX5: 2815737400AE4A3D184A08D11C3A2000DD5B27AA
C:\WINDOWS\System32\MPRAPI.dll InMem: 1 Det [G] PX5: 784C08ED00C8D1AD542501D1AF74380090D76FC5
C:\WINDOWS\System32\WZCSAPI.DLL InMem: 1 Det [G] PX5: 407B652E00C34A0FCE650097CA44B5003AADB23D
C:\WINDOWS\System32\raschap.dll InMem: 1 Det [G] PX5: 2DBEB4990036DB5110AD0101366D2200076C88E4
c:\windows\system32\schedsvc.dll InMem: 1 Det [G] PX5: 2E00EC0700DD8AFBF2520231E32CC200A2B0BCBE
C:\WINDOWS\System32\MSIDLE.DLL InMem: 1 Det [G] PX5: F37031A100AC40621AA700A1A1AB360092D69C21
c:\windows\system32\audiosrv.dll InMem: 1 Det [G] PX5: BF4F15DD00BE12ACA6F7002C95BB7D00A63578DA
c:\windows\system32\wkssvc.dll InMem: 1 Det [G] PX5: 177F22300046F11A043302A7E36C6A007EC917EC
c:\windows\system32\SHFOLDER.dll InMem: 1 Det [G] PX5: 51F36BEE00C3DEBE629100C7225E12008038A62D
c:\windows\system32\WINHTTP.dll InMem: 1 Det [G] PX5: CD3CC2110020E7505C5E0541AC098F0020B93F9D
c:\windows\system32\cryptsvc.dll InMem: 1 Det [G] PX5: 0F6C7D1100D3B6C2EC3A0054BD920A004658D25C
c:\windows\system32\certcli.dll InMem: 1 Det [G] PX5: 4B6879A10093DDFE0EB503D241D22A00011BA967
c:\windows\system32\dmserver.dll InMem: 1 Det [G] PX5: 2FE35203005DF86160D100169935A800336F94B1
c:\windows\system32\ersvc.dll InMem: 1 Det [G] PX5: EE932D8F004E94EF5AF1004F7A941E0027A15BB1
c:\windows\system32\es.dll InMem: 1 Det [G] PX5: 145179BB005365DFB69A038CB5F30F003250662A
c:\windows\pchealth\helpctr\binaries\pchsvc.dll InMem: 1 Det [G] PX5: 0980322500AE62C298D30091BAF1FF00C0CAC844
c:\windows\system32\hidserv.dll InMem: 1 Det [G] PX5: EC0D9F4E0062C14C548000A454262C0051E8E666
c:\windows\system32\HID.DLL InMem: 1 Det [G] PX5: 1D6BAA4F004F12875256008FA9589E00FFB7946E
c:\windows\system32\srvsvc.dll InMem: 1 Det [G] PX5: D56A49480006049C7A0401CCDC9ED40059842649
c:\windows\system32\netman.dll InMem: 1 Det [G] PX5: 65612A5600E1886F042503516394BA008F33C035
c:\windows\system32\netshell.dll InMem: 1 Det [G] PX5: 619B823A00CEC2F644E11AB3A08E1B00C0C639A3
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\InprocServer32 - {7007ACC7-3202-11D1-AAD2-00805FC1270E} [C:\WINDOWS\system32\NETSHELL.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{992CFFA0-F557-101A-88EC-00DD010CCC48}\InprocServer32 - {992CFFA0-F557-101A-88EC-00DD010CCC48} [C:\WINDOWS\system32\NETSHELL.dll]
c:\windows\system32\credui.dll InMem: 1 Det [G] PX5: C4D76D63003D3A0B882302AD57C49400D347C957
C:\WINDOWS\system32\wbem\wbemcomn.dll InMem: 1 Det [G] PX5: BFCB67950031C9DF464103314787120047EA58BC
C:\WINDOWS\system32\netcfgx.dll InMem: 1 Det [G] PX5: 1860ABA9006614E4ACF20983D0160A0075CF1A43
C:\WINDOWS\system32\CLUSAPI.dll InMem: 1 Det [G] PX5: CCE8F13200227478E29F0094B2ED5200FE41CCAD
C:\WINDOWS\System32\rasmans.dll InMem: 1 Det [G] PX5: 6AC5343500B63A4FC49802B36302950017ED0971
C:\WINDOWS\System32\Sens.dll InMem: 1 Det [G] PX5: 3E1917E600F70CEF98C700E804E22800288CF677
c:\windows\system32\seclogon.dll InMem: 1 Det [G] PX5: DD337BC4000655CF4AC00095E088660006448C66
c:\windows\system32\srsvc.dll InMem: 1 Det [G] PX5: A32C6531003A0D949C21026453D85E00EE4D7ADB
c:\windows\system32\POWRPROF.dll InMem: 1 Det [G] PX5: 97968A2D0069C349447300384AF4970020B258B4
c:\windows\system32\trkwks.dll InMem: 1 Det [G] PX5: 209712CF002D1BB4627C01E05E7F6900CA14F0A8
c:\windows\system32\wbem\wmisvc.dll InMem: 1 Det [G] PX5: 8F1598160022B10938A0024B1D52BF00029B0F16
C:\WINDOWS\system32\VSSAPI.DLL InMem: 1 Det [G] PX5: 96C70570005C9AFF922B0614A4965300681212FE
c:\windows\system32\wuauserv.dll InMem: 1 Det [G] PX5: 24FDCE1B00695A911ADC00068A66AC00BF883BB1
C:\WINDOWS\system32\wuaueng.dll InMem: 1 Det [G] PX5: 26C07DF358FF2BE623151A8BD3FD64005FC70733
C:\WINDOWS\System32\Cabinet.dll InMem: 1 Det [G] PX5: A124A77E0063AC54EA3900FB614F460093212A12
C:\WINDOWS\System32\mspatcha.dll InMem: 1 Det [G] PX5: F4E4CDB100BC3E3776C500C6E3160600151B18E8
c:\windows\system32\browser.dll InMem: 1 Det [G] PX5: BD36676B00388A072E1B014E59026900F3A95058
c:\windows\system32\ipnathlp.dll InMem: 1 Det [G] PX5: B0D93CC5003DA95E142205C6A5B0EA001F3C166F
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\AUTODHCP - DllName [ipnathlp.dll]
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\DNSPROXY - DllName [ipnathlp.dll]
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\FTP - DllName [ipnathlp.dll]
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\H323 - DllName [ipnathlp.dll]
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\IPNAT - DllName [ipnathlp.dll]
c:\windows\system32\wscsvc.dll InMem: 1 Det [G] PX5: B3ABA0C400D7157D3E74014F780C130071309CC1
C:\WINDOWS\system32\comsvcs.dll InMem: 1 Det [G] PX5: 6AAF8E5A0014C6E4564113F649CD620004CEC644
C:\WINDOWS\system32\colbact.DLL InMem: 1 Det [G] PX5: 8C9B4BA0001327DFEC290017888860002F915174
C:\WINDOWS\system32\MTXCLU.DLL InMem: 1 Det [G] PX5: 309CC65E0002B67104C6013AAAD8C500D9A81996
C:\WINDOWS\system32\WSOCK32.dll InMem: 1 Det [G] PX5: 3B6A55C0007169C962BA0016E7C89B007392F5D5
C:\WINDOWS\System32\RESUTILS.DLL InMem: 1 Det [G] PX5: 4322C377003461ABE67C0041ABC6A3000B572825
C:\WINDOWS\System32\Wbem\wbemcore.dll InMem: 1 Det [G] PX5: 04182E6900B6E6FE1A7208BB5C5BBB00F8BE4242
C:\WINDOWS\System32\Wbem\esscli.dll InMem: 1 Det [G] PX5: CEC33FA1009C0B2FC86903619F45EE00C83647B1
C:\WINDOWS\System32\Wbem\FastProx.dll InMem: 1 Det [G] PX5: 7EC9DA0800DD57C934E907E866742C000A7CA0D1
C:\WINDOWS\system32\wbem\wmiutils.dll InMem: 1 Det [G] PX5: F3064E020059F91D840401173C8A0200D2D96DD6
C:\WINDOWS\system32\wbem\repdrvfs.dll InMem: 1 Det [G] PX5: 158EE4C000CC1B48B489027C6774AC00B759C453
C:\WINDOWS\system32\wbem\wmiprvsd.dll InMem: 1 Det [G] PX5: 3D1CC7030063CA75AC4306BE6A9276004BBD29C8
C:\WINDOWS\system32\wbem\wbemess.dll InMem: 1 Det [G] PX5: F3E6A3E400CCC6EB2E5C047266EB8F002E547FD7
c:\windows\system32\tapisrv.dll InMem: 1 Det [G] PX5: A89BE4F3004B369ECE8A037A5B82F800DA5C09A5
C:\WINDOWS\System32\rastapi.dll InMem: 1 Det [G] PX5: 0020436F0070D10EE69000CD687DD9009F59AC43
C:\WINDOWS\System32\unimdm.tsp InMem: 1 Det [G] PX5: 1DE9628000065E2B2C8E03E476327F00418CC93C
C:\WINDOWS\System32\uniplat.dll InMem: 1 Det [G] PX5: 5942125800CB6391368C00FC8F08220068264DA5
C:\WINDOWS\System32\unimdmat.dll InMem: 1 Det [G] PX5: C1DB2F4500797F2234F1014F37FD96002FB73F14
C:\WINDOWS\system32\modemui.dll InMem: 1 Det [G] PX5: 3D6E7D8D007BC010625A0206BCFF4200D95047F6
C:\WINDOWS\System32\kmddsp.tsp InMem: 1 Det [G] PX5: 5F2B8014004399D482D000302580DE00D83185D7
C:\WINDOWS\System32\ndptsp.tsp InMem: 1 Det [G] PX5: A641251E00A69BA8E00D006452546A000F52AE97
C:\WINDOWS\system32\wbem\ncprov.dll InMem: 1 Det [G] PX5: AF1EE54000C7488BB80700329BDAD700434C107F
C:\WINDOWS\System32\ipconf.tsp InMem: 1 Det [G] PX5: 1E42C30C007114304462003503137600A7253B2D
C:\WINDOWS\System32\h323.tsp InMem: 1 Det [G] PX5: AB6A8C1300321DA712AE0472C6A9AB0034012393
C:\WINDOWS\System32\hidphone.tsp InMem: 1 Det [G] PX5: E81862EF006F43C276370029475D7A0054947785
C:\WINDOWS\System32\rasppp.dll InMem: 1 Det [G] PX5: 4E2767C400D2DD76266D03639E9D2B00ABEA7790
C:\WINDOWS\System32\ntlsapi.dll InMem: 1 Det [G] PX5: 8D3A8A14006C52E520B8003B3C2E0700CDD544BE
C:\WINDOWS\System32\RASDLG.dll InMem: 1 Det [G] PX5: 060F13C6004DBB2C742E0A1E73531B0069D08AE8
C:\WINDOWS\system32\msxml3.dll InMem: 1 Det [G] PX5: 5C15904A003766BDDCAF1097FC8015005F4D14CE
C:\WINDOWS\system32\advpack.dll InMem: 1 Det [G] PX5: 7F43C3AC005E36038E0E0118890138004D937617
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\KB910393 - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDB]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B} - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmt]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be} - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6} - StubPath [rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf]
C:\WINDOWS\system32\wbem\wbemsvc.dll InMem: 1 Det [G] PX5: 2B413F550098A86DAABF007A127B43006B7BD6A9
C:\WINDOWS\system32\mlang.dll InMem: 1 Det [G] PX5: 30A6214A000B6B99F2B7089F3D2D030014DE2849
C:\WINDOWS\System32\xmlprovi.dll InMem: 1 Det [G] PX5: 974E1F85009E1164C47B00D3EF8E3A009840C859
c:\windows\system32\dnsrslvr.dll InMem: 1 Det [G] PX5: A8E873DB00C5BB52B23F00F069BBE400C72E564B
c:\windows\system32\lmhsvc.dll InMem: 1 Det [G] PX5: E3F52F6500CE6C74361800C0FD277E00F48E7FF0
c:\windows\system32\webclnt.dll InMem: 1 Det [G] PX5: 979EC6FF00CF02480A2201325A4A3B00A8233532
c:\windows\system32\regsvc.dll InMem: 1 Det [G] PX5: 78F250650060145DEAA100718A63A80086B8673A
C:\WINDOWS\system32\spoolsv.exe InMem: 1 Det [G] PX5: 1DCDB07A00179F65E28700A02CD4BA00B29C7A8B
C:\WINDOWS\system32\SPOOLSS.DLL InMem: 1 Det [G] PX5: E1B4D42800D10FB5240C01663DF3E5000C7F1C45
C:\WINDOWS\system32\localspl.dll InMem: 1 Det [G] PX5: 511D4EC0008B2BC942DB0527C7D341002B181B24
C:\WINDOWS\system32\cnbjmon.dll InMem: 1 Det [G] PX5: 8D49B2E50036D3D9C6DA00E9477A2100F62AB109
C:\WINDOWS\system32\pjlmon.dll InMem: 1 Det [G] PX5: 9F147832009068C83C750071BD75CE006061FAAD
C:\WINDOWS\system32\tcpmon.dll InMem: 1 Det [G] PX5: 7F439672007E4976B6E100CC4981FC0011F02799
C:\WINDOWS\system32\tbtmon.dll InMem: 1 Det [G] PX5: E6B4958E00DC0ADD90C2028FB48F4900B36409D5
C:\WINDOWS\system32\TosBtHcrpAPI.dll InMem: 1 Det [G] PX5: 1BB4865000F54F9D70BE017CD1459700C6C1DA86
C:\WINDOWS\system32\TosBtAPI.dll InMem: 1 Det [G] PX5: 05FBB44E00F19815500D025D50945E008C4D429E
C:\WINDOWS\system32\TosBdAPI.dll InMem: 1 Det [G] PX5: C18933A400A5315590D601BB568C5A00F72B619B
C:\WINDOWS\system32\tbtmon98Language.dll InMem: 1 Det [G] PX5: AA3C93BE003C15EEC0C100E8E4997D00C3D943A1
C:\WINDOWS\system32\usbmon.dll InMem: 1 Det [G] PX5: B7B1657B00CD474D42A700F2900F3A00767ECFF3
C:\WINDOWS\system32\win32spl.dll InMem: 1 Det [G] PX5: A7C1ED3F000879BF905201A9C31C26008CF540D7
C:\WINDOWS\system32\NETRAP.dll InMem: 1 Det [G] PX5: 1710934000931208302A0038A8AAAE005D558E34
C:\WINDOWS\system32\inetpp.dll InMem: 1 Det [G] PX5: C2536506008459A7265D016E2F551C0067113C93
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe InMem: 1 Det [G] PX5: 3FF6EEE82897D6CC445703A6B7BCA3009C2ED870
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AntiVirService - ImagePath [C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.e]
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.dll InMem: 1 Det [G] PX5: 6C9C371428B65A3B60DC0160962BE4007DF32FD8
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avevtlog.dll InMem: 1 Det [G] PX5: 6C69B2232898B1DB502001E74E98D40006DE7750
C:\Program Files\Avira\AntiVir PersonalEdition Classic\guardmsg.dll InMem: 1 Det [G] PX5: 1A6FC20128B4EC0DA4AB00BCE017B100F03F76C0
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sqlite3.dll InMem: 1 Det [G] PX5: C028A8800040DCC9302C050FDBBC7600AB5D37C6
C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll InMem: 1 Det [G] PX5: 3FEE1145002F2EB8504E05ED76DA9100776D97E7
C:\Program Files\Avira\AntiVir PersonalEdition Classic\AVPREF.DLL InMem: 1 Det [G] PX5: 4F710E68282E13FB6468000CBA8BCF00305EFCC6
C:\Program Files\Avira\AntiVir PersonalEdition Classic\SMTPLIB.DLL InMem: 1 Det [G] PX5: 0CDACD0928EB47F570470078239EC300BAF65ED7
C:\Program Files\Avira\AntiVir PersonalEdition Classic\AVPACK32.DLL InMem: 1 Det [G] PX5: B885E68F28415E8C80CC0572FE16A0005EF982CF
C:\Program Files\Avira\AntiVir PersonalEdition Classic\unacev2.dll InMem: 1 Det [G] PX5: 39713B85000FE97F2E430131F74A9D001029A567
C:\Program Files\Avira\AntiVir PersonalEdition Classic\AVEWIN32.DLL InMem: 1 Det [G] PX5: DF52475000285AB9D24E2AAAB39CF40010A793EC
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avipc.dll InMem: 1 Det [G] PX5: 9DF4EB73280E779520AB013F5A09370023B11150
C:\WINDOWS\system32\FLTLIB.DLL InMem: 1 Det [G] PX5: EF2B8E780047C07A428300E6B9CFB400FD960A8B
C:\WINDOWS\Explorer.EXE InMem: 1 Det [G] PX5: 5F224AD100F73BC6D4BA0FDC56B8E4005F26894E
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon - Shell [Explorer.exe]
C:\WINDOWS\system32\BROWSEUI.dll InMem: 1 Det [G] PX5: 2295292E006A652CA2F10FAAA720C000B5AD6FBA
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{5E6AB780-7743-11CF-A12B-00AA004AE837}\InprocServer32 - {5E6AB780-7743-11CF-A12B-00AA004AE837} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{22BF0C20-6DA7-11D0-B373-00A0C9034938}\InprocServer32 - {22BF0C20-6DA7-11D0-B373-00A0C9034938} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{91EA3F8B-C99B-11d0-9815-00C04FD91972}\InprocServer32 - {91EA3F8B-C99B-11d0-9815-00C04FD91972} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{6413BA2C-B461-11d1-A18A-080036B11A03}\InprocServer32 - {6413BA2C-B461-11d1-A18A-080036B11A03} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{F61FFEC1-754F-11d0-80CA-00AA005B4383}\InprocServer32 - {F61FFEC1-754F-11d0-80CA-00AA005B4383} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7BA4C742-9E81-11CF-99D3-00AA004AE837}\InprocServer32 - {7BA4C742-9E81-11CF-99D3-00AA004AE837} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{30D02401-6A81-11d0-8274-00C04FD5AE38}\InprocServer32 - {30D02401-6A81-11d0-8274-00C04FD5AE38} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{169A0691-8DF9-11d1-A1C4-00C04FD75D13}\InprocServer32 - {169A0691-8DF9-11d1-A1C4-00C04FD75D13} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{07798131-AF23-11d1-9111-00A0C98BA67D}\InprocServer32 - {07798131-AF23-11d1-9111-00A0C98BA67D} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{AF4F6510-F982-11d0-8595-00AA004CD6D8}\InprocServer32 - {AF4F6510-F982-11d0-8595-00AA004CD6D8} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{01E04581-4EEE-11d0-BFE9-00AA005B4383}\InprocServer32 - {01E04581-4EEE-11d0-BFE9-00AA005B4383} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{A08C11D2-A228-11d0-825B-00AA005B4383}\InprocServer32 - {A08C11D2-A228-11d0-825B-00AA005B4383} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 - {00BB2763-6A77-11D0-A535-00C04FD7D062} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7376D660-C583-11d0-A3A5-00C04FD706EC}\InprocServer32 - {7376D660-C583-11d0-A3A5-00C04FD706EC} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{6756A641-DE71-11d0-831B-00AA005B4383}\InprocServer32 - {6756A641-DE71-11d0-831B-00AA005B4383} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}\InprocServer32 - {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7e653215-fa25-46bd-a339-34a2790f3cb7}\InprocServer32 - {7e653215-fa25-46bd-a339-34a2790f3cb7} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{acf35015-526e-4230-9596-becbe19f0ac9}\InprocServer32 - {acf35015-526e-4230-9596-becbe19f0ac9} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{00BB2764-6A77-11D0-A535-00C04FD7D062}\InprocServer32 - {00BB2764-6A77-11D0-A535-00C04FD7D062} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 - {03C036F1-A186-11D0-824A-00AA005B4383} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InprocServer32 - {00BB2765-6A77-11D0-A535-00C04FD7D062} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{ECD4FC4E-521C-11D0-B792-00A0C90312E1}\InprocServer32 - {ECD4FC4E-521C-11D0-B792-00A0C90312E1} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}\InprocServer32 - {3CCF8A41-5C85-11d0-9796-00AA00B90ADF} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{ECD4FC4C-521C-11D0-B792-00A0C90312E1}\InprocServer32 - {ECD4FC4C-521C-11D0-B792-00A0C90312E1} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{ECD4FC4D-521C-11D0-B792-00A0C90312E1}\InprocServer32 - {ECD4FC4D-521C-11D0-B792-00A0C90312E1} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{DD313E04-FEFF-11d1-8ECD-0000F87A470C}\InprocServer32 - {DD313E04-FEFF-11d1-8ECD-0000F87A470C} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}\InprocServer32 - {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{21569614-B795-46b1-85F4-E737A8DC09AD}\InprocServer32 - {21569614-B795-46b1-85F4-E737A8DC09AD} [%SystemRoot%\system32\browseui.dll]
REGTASKSCHED - \REGISTRY\Machine\Software\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 - {438755C2-A8BA-11D1-B96B-00A0C90312E1} [%SystemRoot%\system32\browseui.dll]
REGTASKSCHED - \REGISTRY\Machine\Software\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 - {8C7461EF-2B13-11d2-BE35-3078302C2030} [%SystemRoot%\system32\browseui.dll]
REGTOOLBAR - \REGISTRY\Machine\Software\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\InprocServer32 - {01E04581-4EEE-11D0-BFE9-00AA005B4383} [%SystemRoot%\system32\browseui.dll]
C:\WINDOWS\system32\SHDOCVW.dll InMem: 1 Det [G] PX5: 33206E8E009B5A5BE27A16B622FAD200391EA94B
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}\InprocServer32 - {2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}\InprocServer32 - {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}\InprocServer32 - {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}\InprocServer32 - {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}\InprocServer32 - {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}\InprocServer32 - {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}\InprocServer32 - {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{D20EA4E1-3957-11d2-A40B-0C5020524152}\InprocServer32 - {D20EA4E1-3957-11d2-A40B-0C5020524152} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{D20EA4E1-3957-11d2-A40B-0C5020524153}\InprocServer32 - {D20EA4E1-3957-11d2-A40B-0C5020524153} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{EFA24E61-B078-11d0-89E4-00C04FC9E26E}\InprocServer32 - {EFA24E61-B078-11d0-89E4-00C04FC9E26E} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{0A89A860-D7B1-11CE-8350-444553540000}\InprocServer32 - {0A89A860-D7B1-11CE-8350-444553540000} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}\InprocServer32 - {E7E4BC40-E76A-11CE-A9BB-00AA004AE837} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}\InprocServer32 - {A5E46E3A-8849-11D1-9D8C-00C04FC99D61} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\InprocServer32 - {FBF23B40-E3F0-101B-8488-00AA003E56F8} [shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InprocServer32 - {3C374A40-BAE4-11CF-BF7D-00AA006946EE} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\InprocServer32 - {FF393560-C2A7-11CF-BFF4-444553540000} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7BD29E00-76C1-11CF-9DD0-00A0C9034933}\InprocServer32 - {7BD29E00-76C1-11CF-9DD0-00A0C9034933} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7BD29E01-76C1-11CF-9DD0-00A0C9034933}\InprocServer32 - {7BD29E01-76C1-11CF-9DD0-00A0C9034933} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}\InprocServer32 - {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{67EA19A0-CCEF-11d0-8024-00C04FD75D13}\InprocServer32 - {67EA19A0-CCEF-11d0-8024-00C04FD75D13} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{131A6951-7F78-11D0-A979-00C04FD705A2}\InprocServer32 - {131A6951-7F78-11D0-A979-00C04FD705A2} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{9461b922-3c5a-11d2-bf8b-00c04fb93661}\InprocServer32 - {9461b922-3c5a-11d2-bf8b-00c04fb93661} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}\InprocServer32 - {3DC7A020-0ACD-11CF-A9BB-00AA004AE837} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32 - {871C5380-42A0-1069-A2EA-08002B30309D} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{EFA24E64-B078-11d0-89E4-00C04FC9E26E}\InprocServer32 - {EFA24E64-B078-11d0-89E4-00C04FC9E26E} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{EFA24E62-B078-11d0-89E4-00C04FC9E26E}\InprocServer32 - {EFA24E62-B078-11d0-89E4-00C04FC9E26E} [%SystemRoot%\system32\shdocvw.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{4D5C8C25-D075-11d0-B416-00C04FB90376}\InprocServer32 - BarSize [%SystemRoot%\system32\shdocvw.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}\InprocServer32 - CLSID [%SystemRoot%\system32\shdocvw.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}\InprocServer32 - CLSID [%SystemRoot%\system32\shdocvw.dll]
C:\WINDOWS\system32\themeui.dll InMem: 1 Det [G] PX5: AC8B4986002AA8A0F85B058128A16B00BDA9D88A
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{41E300E0-78B6-11ce-849B-444553540000}\InprocServer32 - {41E300E0-78B6-11ce-849B-444553540000} [%SystemRoot%\system32\themeui.dll]
C:\WINDOWS\system32\MSIMG32.dll InMem: 1 Det [G] PX5: BCC96A19008D7D2F120000D0C427CA00EF57755D
C:\WINDOWS\system32\actxprxy.dll InMem: 1 Det [G] PX5: FCFAB5FA005D9E988EC401D43037600001BC1C59
C:\WINDOWS\system32\msutb.dll InMem: 1 Det [G] PX5: 6EB9B143009C04A8FC2502300FE9A600792A0076
C:\WINDOWS\system32\MSCTF.dll InMem: 1 Det [G] PX5: 058153A9001AAB6B7EE204DFBBC87D00B3A43BCD
C:\WINDOWS\system32\LINKINFO.dll InMem: 1 Det [G] PX5: 5799884F00DC69E34E2E00FF387FAF002AFC84BA
C:\WINDOWS\system32\ntshrui.dll InMem: 1 Det [G] PX5: 7037708C006FCB503A9202BE8433EC0056E2C877
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{40dd6e20-7c17-11ce-a804-00aa003ca9f6}\InprocServer32 - {40dd6e20-7c17-11ce-a804-00aa003ca9f6} [ntshrui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}\InprocServer32 - {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} [ntshrui.dll]
C:\WINDOWS\system32\webcheck.dll InMem: 1 Det [G] PX5: 8150FF0B00FF16204C9C0488BF9DDF0075F542DE
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [%SystemRoot%\system32\webcheck.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}\InprocServer32 - {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} [%SystemRoot%\system32\webcheck.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{F5175861-2688-11d0-9C5E-00AA00A45957}\InprocServer32 - {F5175861-2688-11d0-9C5E-00AA00A45957} [%SystemRoot%\system32\webcheck.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{08165EA0-E946-11CF-9C87-00AA005127ED}\InprocServer32 - {08165EA0-E946-11CF-9C87-00AA005127ED} [%SystemRoot%\system32\webcheck.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}\InprocServer32 - {E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} [%SystemRoot%\system32\webcheck.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}\InprocServer32 - {E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} [%SystemRoot%\system32\webcheck.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7D559C10-9FE9-11d0-93F7-00AA0059CE02}\InprocServer32 - {7D559C10-9FE9-11d0-93F7-00AA0059CE02} [%SystemRoot%\system32\webcheck.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}\InprocServer32 - {E6CC6978-6B6E-11D0-BECA-00C04FD940BE} [%SystemRoot%\system32\webcheck.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{D8BD2030-6FC9-11D0-864F-00AA006809D9}\InprocServer32 - {D8BD2030-6FC9-11D0-864F-00AA006809D9} [%SystemRoot%\system32\webcheck.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}\InprocServer32 - {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} [%SystemRoot%\system32\webcheck.dll]
REGDELAY - \REGISTRY\Machine\Software\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 - WebCheck [%SystemRoot%\system32\webcheck.dll]
C:\WINDOWS\system32\stobject.dll InMem: 1 Det [G] PX5: 639230550083C24BDEB301160E1BE200EDE90A15
REGDELAY - \REGISTRY\Machine\Software\Classes\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 - SysTray [C:\WINDOWS\system32\stobject.dll]
C:\WINDOWS\system32\BatMeter.dll InMem: 1 Det [G] PX5: 1491758D00F5BCD370D900025848CE008C1244D3
C:\WINDOWS\System32\drprov.dll InMem: 1 Det [G] PX5: 08D57A0B00435B1B38380090C2A67D004254039D
C:\WINDOWS\System32\ntlanman.dll InMem: 1 Det [G] PX5: 22018A9E005DB9B1AAFA00098F53210086943102
C:\WINDOWS\System32\NETUI0.dll InMem: 1 Det [G] PX5: B7E05E3300FC7E7F46CF01BF1828F600A4A85630
C:\WINDOWS\System32\NETUI1.dll InMem: 1 Det [G] PX5: DE1AFB320071B83FC0D603C3078460005C5E6C52
C:\WINDOWS\System32\davclnt.dll InMem: 1 Det [G] PX5: 9C8A39360059C708623D0013BB4BC000BBD4D003
C:\WINDOWS\system32\fxsst.dll InMem: 1 Det [G] PX5: F4CA5AC100EE9AFC9AEC08F2EB7625008A7CB777
C:\WINDOWS\system32\FXSAPI.dll InMem: 1 Det [G] PX5: DE10840400CB7563E67406DB57CDF900B94F4A40
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll InMem: 1 Det [G] PX5: 066EC4DE00858605B060015F10D3790055C4D630
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{F9DB5320-233E-11D1-9F84-707F02C10627}\InprocServer32 - [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]
C:\WINDOWS\system32\shdoclc.dll InMem: 1 Det [G] PX5: 2D42C4BF00B66D22BCF2084B755D0B0099086E60
C:\WINDOWS\system32\browselc.dll InMem: 1 Det [G] PX5: 79A2A7F6005A223C12F201F4C9764C00F193D7E3
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll InMem: 1 Det [G] PX5: 419AFD08503A86B0B74D170DC07D2B00426765F1
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\InprocServer32 - ClsidExtension [C:\Program Files\Spybot - Search & Destroy\SDHelper.dll]
C:\WINDOWS\system32\faultrep.dll InMem: 1 Det [G] PX5: CE80BA77004F2C923C7601E4D444EB007385930B
C:\WINDOWS\system32\olepro32.dll InMem: 1 Det [G] PX5: 37313C3D00A28AEA460601942BD1A1005DDE16FC
C:\WINDOWS\system32\jsproxy.dll InMem: 1 Det [G] PX5: BE4E77DF004AED9B40580018DF60B5004C01E66C
C:\WINDOWS\system32\DUSER.dll InMem: 1 Det [G] PX5: 2AE915CB00E06255A40604597F42F4004BA9FC3C
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe InMem: 1 Det [G] PX5: 6CAA4D9428FF4181F652007A83AB0A00DA55705B
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AntiVirScheduler - ImagePath [C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe]
C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCP71.dll InMem: 1 Det [G] PX5: F133D4F000B92F08A0E107FD67B66E0015498C05
C:\Program Files\Avira\AntiVir PersonalEdition Classic\schedr.dll InMem: 1 Det [G] PX5: 3EED313928836D741CBC00D8F972DA00C8B9EAE0
C:\WINDOWS\eHome\ehRecvr.exe InMem: 1 Det [G] PX5: 8281BBD600FF423CA0230301CC6D6F00751DA949
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ehRecvr - ImagePath [C:\WINDOWS\eHome\ehRecvr.exe]
C:\WINDOWS\eHome\ehTrace.dll InMem: 1 Det [G] PX5: 4D1A6FA6002C17602E3500C392BE0F00FDD0D299
C:\WINDOWS\system32\sbe.dll InMem: 1 Det [G] PX5: 23E4256D008FA2447476049FE70833004344DD88
C:\WINDOWS\system32\msvidctl.dll InMem: 1 Det [G] PX5: 3CAA21AE00CCF4097AB3193EEB9F9E0083C700DE
C:\WINDOWS\system32\quartz.dll InMem: 1 Det [G] PX5: 0781D5B300DFA3B5BE6C1328236D1F003C94F111
C:\WINDOWS\system32\devenum.dll InMem: 1 Det [G] PX5: 023A9E2B00B13882EAB200832B22D9006CBAAF12
C:\WINDOWS\system32\msdmo.dll InMem: 1 Det [G] PX5: 0554AFED00C4D051384000BB45A73D00FBC6DC60
C:\WINDOWS\eHome\ehSched.exe InMem: 1 Det [G] PX5: F8DBABEF0007C1FF94830183F7EE6F00BBB52B8D
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ehSched - ImagePath [C:\WINDOWS\eHome\ehSched.exe]
C:\WINDOWS\eHome\ehProxy.dll InMem: 1 Det [G] PX5: 5C63FFDE00106D157CDC01D5139B2D005F207A24
C:\WINDOWS\system32\nvsvc32.exe InMem: 1 Det [G] PX5: 1D488C89427577A430DE0286797CBA009FCD40AF
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NVSvc - ImagePath [C:\WINDOWS\system32\nvsvc32.exe]
C:\WINDOWS\ehome\ehtray.exe InMem: 1 Det [G] PX5: 2777614E008FF9F70843013A8EDBF2006EC0EB8C
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - ehTray [C:\WINDOWS\ehome\ehtray.exe]
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe InMem: 1 Det [G] PX5: ADCC36F10089B9C5C07E08CBBED2690063C178F1
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - SMSERIAL [C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe]
C:\WINDOWS\system32\oledlg.dll InMem: 1 Det [G] PX5: 0B349EEF008794C4E808012EA6CE1B0082B08B95
C:\Program Files\Motorola\SMSERIAL\sm56eng.dll InMem: 1 Det [G] PX5: 9FF24E09009CC22A10510181A1F7080083B09CF9
C:\Program Files\Motorola\SMSERIAL\sm56fra.dll InMem: 1 Det [G] PX5: 59E5395C003AB7F0006B01AE72B2E300A9A3FC30
C:\Program Files\Motorola\SMSERIAL\sm56brz.dll InMem: 1 Det [G] PX5: C6A1FCEB0033395700A2014EE4948400A5E79588
C:\Program Files\Motorola\SMSERIAL\sm56chs.dll InMem: 1 Det [G] PX5: BEDAC6D500438DA2D06D00CF0A79A400CE9C01E1
C:\Program Files\Motorola\SMSERIAL\sm56cht.dll InMem: 1 Det [G] PX5: 8CCE1D9B001F8B5ED04700EFB4C48200EC8B0801
C:\Program Files\Motorola\SMSERIAL\sm56ger.dll InMem: 1 Det [G] PX5: E7EA0FE200C50CDD0034016D129D450057AC1635
C:\Program Files\Motorola\SMSERIAL\sm56ita.dll InMem: 1 Det [G] PX5: 1F3E2FF700756A8D00390149937D68009678731E
C:\Program Files\Motorola\SMSERIAL\sm56jpn.dll InMem: 1 Det [G] PX5: 1BB7E244002010A0D05000F7A503B700A9F1827C
C:\Program Files\Motorola\SMSERIAL\sm56esp.dll InMem: 1 Det [G] PX5: CE1371C60005902A002B013F637F1200D955E958
C:\Program Files\Motorola\SMSERIAL\sm56kor.dll InMem: 1 Det [G] PX5: 5DDD8D3A000F7694D08F0081DD7FDB00119B1500
C:\Program Files\Motorola\SMSERIAL\sm56dnk.dll InMem: 1 Det [G] PX5: 06822E8A00EC8DE2F08200108EBB3600B2CA5FBF
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe InMem: 1 Det [G] PX5: 4D749F8C5926F79CD0660BD7315D3D00EBA169D3
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - SynTPEnh [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe]
C:\WINDOWS\system32\SynCOM.dll InMem: 1 Det [G] PX5: C90C920F5C7B3A21408C01D4D8AE0100D5B90E89
C:\WINDOWS\system32\SynTPAPI.dll InMem: 1 Det [G] PX5: D0C4A67D592AA153701E01708E366B0092BA5CA7
C:\Program Files\Spyware Doctor\pctsAuxs.exe InMem: 1 Det [G] PX5: 1DA4B13788FE2F0C2716056DCD8C93002228D3FF
C:\WINDOWS\system32\RUNDLL32.EXE InMem: 1 Det [G] PX5: 30F71D99007174E38409003396ABA60026B7A213
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - NvCplDaemon [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup]
REGRUNKEY - \REGISTRY\Machine\Software\Microsoft\Windows\CurrentVersion\Run - NvMediaCenter [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon - VmA
A voir également:

28 réponses

Précédent
  • 1
  • 2
Réponse 21 / 28
jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 618
 
bonjour, perso je ne l'ai jamais utiliser comme d'ailleur tout les anti-rootkit car il y a bien longtemps que je n'ai pas eu d'infection il la peut être supprimé vériffie avec le trucs qui te le trouvait sinon essais de passer sdfix en mode sans echec il détecte certain rootkit et tu me colle le rapport si je trouves ou il se planque on le supprimera avec otmovelt SDfix: https://www.malekal.com/slenfbot-still-an-other-irc-bot/
http://site-naheulbeuk.com/
0
DavidSevilla
 
[b]SDFix: Version 1.190 [/b]
Run by on 10.06.2008 at 21:45

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midi2"="wdmaud.drv"

Restoring .midi2 driver registry value to wdmaud.drv

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\system32\127911241612.CPX - Deleted
C:\WINDOWS\system32\127911241631.CPX - Deleted

[color=red]Note - Files associated with the MBR Rootkit have been found on this system, to check the PC use [url=http://www2.gmer.net/gmer.zip]Gmer[/url] or [url=https://free.drweb.com/cureit]Dr.Web CureIt[/url][/color]

Could Not Remove C:\WINDOWS\Temp\bca4e2da.$$$
Could Not Remove C:\WINDOWS\Temp\fa56d7ec.$$$



Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 21:53:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000059
"TracesSuccessful"=dword:00000009

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\APPS\\skype\\phone\\Skype.exe"="C:\\APPS\\skype\\phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\Launcher.exe"="C:\\Program Files\\World of Warcraft\\Launcher.exe:*:Enabled:World of Warcraft"
"C:\\Program Files\\World of Warcraft\\Repair.exe"="C:\\Program Files\\World of Warcraft\\Repair.exe:*:Enabled:World of Warcraft - R‚paration"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[b]Remaining Files [/b]:

C:\WINDOWS\Temp\bca4e2da.$$$ Found
C:\WINDOWS\Temp\fa56d7ec.$$$ Found

File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Mon 6 Nov 2006 208 A.SHR --- "C:\BOOT.BAK"
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Tue 10 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Mon 27 Jun 2005 616,448 A.SHR --- "C:\Program Files\Replay Converter\cygwin1.dll"
Wed 22 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll"
Tue 10 Dec 2002 102,437 A..HR --- "C:\Program Files\Replay Converter\drv13260.dll"
Tue 10 Dec 2002 176,165 A..HR --- "C:\Program Files\Replay Converter\drv23260.dll"
Tue 10 Dec 2002 208,935 A..HR --- "C:\Program Files\Replay Converter\drv33260.dll"
Tue 10 Dec 2002 217,127 A..HR --- "C:\Program Files\Replay Converter\drv43260.dll"
Sun 9 Jun 2002 40,448 A..HR --- "C:\Program Files\Replay Converter\dspr3260.dll"
Sun 4 Nov 2001 225,280 A..HR --- "C:\Program Files\Replay Converter\ivvideo.dll"
Tue 10 Apr 2001 225,280 A..HR --- "C:\Program Files\Replay Converter\qtmlClient.dll"
Fri 20 Feb 2004 232,960 A..HR --- "C:\Program Files\Replay Converter\raac.dll"
Sun 9 Jun 2002 525,824 A..HR --- "C:\Program Files\Replay Converter\rnco3260.dll"
Tue 10 Dec 2002 245,805 A..HR --- "C:\Program Files\Replay Converter\rnlt3260.dll"
Tue 10 Dec 2002 45,093 A..HR --- "C:\Program Files\Replay Converter\rv103260.dll"
Tue 10 Dec 2002 98,341 A..HR --- "C:\Program Files\Replay Converter\rv203260.dll"
Tue 10 Dec 2002 94,247 A..HR --- "C:\Program Files\Replay Converter\rv303260.dll"
Tue 10 Dec 2002 90,151 A..HR --- "C:\Program Files\Replay Converter\rv403260.dll"
Sun 9 Jun 2002 49,152 A..HR --- "C:\Program Files\Replay Converter\tokr3260.dll"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Fri 9 Mar 2007 27,648 A.SH. --- "C:\WINDOWS\system32\AVSredirect.dll"
Tue 27 May 2008 22,016 ...H. --- "C:\Documents and Settings\David Rossello\Bureau\Elisa\~WRL2755.tmp"
Thu 22 May 2008 7,437,943 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a61b612a902d2a831303e51d8beb5fc6\download\BITC.tmp"
Tue 10 Jun 2008 1,567,668 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bb9184244753ae479937ea402d2cbb70\download\BITD.tmp"

[b]Finished![/b]
0
Réponse 22 / 28
jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 618
 
bon il n'y a rien sur sdfix essais avec avg anti-rootkit http://www.commentcamarche.net/telecharger/telecharger 34055015 avg anti rootkit comme il n'y a pas d'explication j'ai trouver ça si ça peut t'aider j'ai trouvé ça
ici: http://forum.malekal.com/ftopic2546.php sinon tu as antivir comme anti-virus normalement ils ont sorti un anti-rootkit que tu doisavoir avec ton anti-virus il faut je crois le valider je vais rechercher il me semble avoir lu ça quelque par

double clique sur le fichier telecharger.
accepte la licence.
puis sur next puis install
redemare ton ordinateur.

lance le programme
clique sur /search for rootkit
s'il trouve qu'elle que chose clique sur save result to file.
puis sur /Perform in-deph searchavg anti-rootkit
et poste les rapports.

avg anti-rootkit
lance le programme
clique sur /search for rootkit
s'il trouve qu'elle que chose selectionne, se qu'il a trouver.
puis clique sur remove selected items

Tentative de suppression du rootkit détecté
-- Sélection du « rootkit » » détecté puis utilisation de [remove selected items]
-- Affichage d'un message d'alerte « Warning ! » ... l'action est dangereuse => [O.K]
Affichage d'un deuxième message qui demande un reboot pour terminer l'opération de nettoyage.

pour voir si l'operation a marcher.
avg anti-rootkit
clique sur /search for rootkit
s'il trouve qu'elle que chose clique sur save result to file.
et post le rapport si il y en a un.
0
DavidSevilla
 
Alors AVG anti-rootkit n a rien trouvé et n a pas laissé de rapport :(
0
Réponse 23 / 28
jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 618
 
donc normalement tous est bon si pas de rootkit normal pas de rapport
0
DavidSevilla
 
le seul soucis c que j ai d autres trucs qui le repere

Summary:
ROOTKIT-\\.\PhysicalDrive0\MBR - [512] >> Hidden Disk Sectors
0
Réponse 24 / 28
jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 618
 
bonjour, regarde ça http://www.secuser.com/alertes/2008/mebroot.htm ça correspond à ça MBR ://PHYSICALDRIVE0 ils conseillent fixmebroot
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 28
DavidSevilla
 
Salut, le lien que tu as mis ne fonctionne pas. La page de fixmebroot de symanthec n'existe plus :(
0
Réponse 26 / 28
jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 618
 
bonjour désoler pour le lien mais je n'ai rien d'autre ce qui est bizare c'est que tu es des outil qui le détecte et pas les autres si tu avais le chemin complet de ou ils le trouvent tu pourrais faire une suppression manuel , je viensde reprendre depuis le début as tu désinstallé tes trucs en trop comme je te le faisais remarquer dans le message 10
(tu as plusieurs anti-virus il faut en garder qu'un seul sinon tu risques de planter ton pc tu as antivir, norton et kaspersky si veux les désinstaller convenablement regarde ici tu as tout ce qu'il te faut https://www.commentcamarche.net/list 7367 desinstaller proprement liens et astuces
pour les anti-spyware il ne faut en avoir qu'un seul en mode résident sinon risque de conflis et de plus ça ralenti ton pc car la tu as spybot, a-Squared, AVG, spyware Doctor) car il est possible que à cause d'un conflit que certain le détecte et pas d'autres
0
DavidSevilla
 
Alors j'ai tout enlevé. Me reste Avast comme antivirus, et malawarebyte,prevx csi et easy cleaner comme autres trucs

Mais y a tjs que prevx csi qui me trouve le virus. J'ai un peu chercher et semblerait que comme le fixmembroot ne marche pas, il faut rentrer dans la console au demarrage et taper fixmbr....le soucis c que j arrive pas a y acceder...je rentre dedans et l ecran reste noir :(

Bref, je continue un peu a ramer.
0
Réponse 27 / 28
jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 618
 
bonjour, perso j'aurrais gardé antivir plutot qu'avast consernant prevx csi je ne le connais pas donc difficile de savoir si c'est pas lui qui te fais un faut positif désoler de ne pouvoir d'aider plus
0
Réponse 28 / 28
DavidSevilla
 
Oki, c pas grave. Merci pour tous tes excellents conseils en tout cas :)
0

Discussions similaires

Comment désactiver le mode sécurisé de la Freebox POP.
Cycy -
bazfile -

18 réponses
Retirer le mode sécurisé sur l'écran de la TV connectée Free
beatrice -
baladur13 -

1 réponse
libellé page1 excel
imazi -
Raymond PENTIER -

7 réponses