Is not a valid Win32 application - Page 9
Solved
Précédent
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
no problem, no worries
See you later for confirmation
--
To discover: Estopa, Rosario Flores, La Oreja De Van Gogh
Enjoy listening
See you later TChiki.
See you later for confirmation
--
To discover: Estopa, Rosario Flores, La Oreja De Van Gogh
Enjoy listening
See you later TChiki.
Hi, I tried ComboFix, it didn't work, and it gave me the following; Please help me.
ComboFix 11-03-19.04 - DELL 2011-03-20 22:40:46.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1036.18.1022.718 [GMT -4:00]
Started from: c:\documents and settings\DELL\Desktop\nonabagle.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
(((((((((((((((((((((((((((((((((((( Other deletions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\config\S-1-5-21-1482476501-1644491937-682003330-1013
c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\documents and settings\DELL\Application Data\inst.exe
c:\program files\Search Settings
c:\program files\Search Settings\SeARchsettings.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Search Settings\SearchSettingsRes409.dll
.
.
((((((((((((((((((((((((((((( Files created from 2011-02-21 to 2011-03-21 ))))))))))))))))))))))))))))))))))))
.
.
2011-03-19 15:44 . 2011-03-19 15:44 -------- d-----w- c:\program files\CCleaner
2011-03-19 05:55 . 2011-03-19 05:55 -------- d-----w- c:\documents and settings\DELL\Local Settings\Application Data\Identities
2011-03-15 05:25 . 2011-03-15 05:25 137728 ----a-w- c:\windows\Ysuxya.exe
2011-03-14 13:21 . 2011-03-14 13:21 -------- d-----w- c:\documents and settings\DELL\Local Settings\Application Data\PCHealth
2011-02-26 17:44 . 2011-02-26 17:44 -------- d-----w- c:\program files\Common Files\Adobe
.
.
(((((((((((((((((((((((((((((((((( Find3M report ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-26 14:40 . 2010-07-15 20:26 47360 ----a-w- c:\documents and settings\DELL\Application Data\pcouffin.sys
2011-02-09 13:54 . 2004-08-05 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:54 . 2004-08-05 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:59 . 2007-12-21 17:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2007-12-21 17:00 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-05 12:00 441344 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-05 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2004-08-05 12:00 1855104 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-05 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
.
.
((((((((((((((((((((((((((((((((( Registry load points ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty items & legit initial items are not listed
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"KCSCPW1HKH"="c:\windows\Ysuxya.exe" [2011-03-15 137728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]
"nwiz"="nwiz.exe" [2007-11-17 1626112]
"NVHotkey"="nvHotkey.dll" [2007-11-17 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"<no name="">"= 00 00 00 00
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2005-10-18 61440]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 EL3C574;PC Card Network Device Driver FE574B-3Com 10/100;c:\windows\system32\drivers\el574nd4.sys [2007-12-21 24653]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-20 c:\windows\Tasks\User_Feed_Synchronization-{9677DAB8-D601-4C89-A486-87DADEF7B928}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 23:36]
.
2011-03-21 c:\windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
- c:\windows\Ysuxya.exe [2011-03-15 05:25]
.
.
------- Additional examination -------
.
uStart Page = hxxp://www.google.ca/
uSearchURL,(Default) = hxxp://ca.search.yahoo.com/search?fr=mcafee&p=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\DELL\Application Data\Mozilla\Firefox\Profiles\v4cytyzm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-20 22:44
Windows 5.1.2600 Service Pack 3 NTFS
.
Searching for hidden processes...
.
Searching for hidden auto start items...
.
Searching for hidden files...
.
Scan completed successfully
Hidden files: 0
.
**************************************************************************
.
--------------------- BLOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€-€|ÿÿÿÿÀ*€|ù*9~*]
"C040111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
End time: 2011-03-20 22:46:44
ComboFix-quarantined-files.txt 2011-03-21 02:46
.
Before-CF: 26 574 393 344 bytes free
After-CF: 42 495 885 312 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - B3492B9C61823DDBE8BC2B9905868BE2</no>
ComboFix 11-03-19.04 - DELL 2011-03-20 22:40:46.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1036.18.1022.718 [GMT -4:00]
Started from: c:\documents and settings\DELL\Desktop\nonabagle.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
(((((((((((((((((((((((((((((((((((( Other deletions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\config\S-1-5-21-1482476501-1644491937-682003330-1013
c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\documents and settings\DELL\Application Data\inst.exe
c:\program files\Search Settings
c:\program files\Search Settings\SeARchsettings.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Search Settings\SearchSettingsRes409.dll
.
.
((((((((((((((((((((((((((((( Files created from 2011-02-21 to 2011-03-21 ))))))))))))))))))))))))))))))))))))
.
.
2011-03-19 15:44 . 2011-03-19 15:44 -------- d-----w- c:\program files\CCleaner
2011-03-19 05:55 . 2011-03-19 05:55 -------- d-----w- c:\documents and settings\DELL\Local Settings\Application Data\Identities
2011-03-15 05:25 . 2011-03-15 05:25 137728 ----a-w- c:\windows\Ysuxya.exe
2011-03-14 13:21 . 2011-03-14 13:21 -------- d-----w- c:\documents and settings\DELL\Local Settings\Application Data\PCHealth
2011-02-26 17:44 . 2011-02-26 17:44 -------- d-----w- c:\program files\Common Files\Adobe
.
.
(((((((((((((((((((((((((((((((((( Find3M report ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-26 14:40 . 2010-07-15 20:26 47360 ----a-w- c:\documents and settings\DELL\Application Data\pcouffin.sys
2011-02-09 13:54 . 2004-08-05 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:54 . 2004-08-05 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:59 . 2007-12-21 17:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2007-12-21 17:00 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-05 12:00 441344 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-05 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2004-08-05 12:00 1855104 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-05 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
.
.
((((((((((((((((((((((((((((((((( Registry load points ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty items & legit initial items are not listed
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"KCSCPW1HKH"="c:\windows\Ysuxya.exe" [2011-03-15 137728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]
"nwiz"="nwiz.exe" [2007-11-17 1626112]
"NVHotkey"="nvHotkey.dll" [2007-11-17 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"<no name="">"= 00 00 00 00
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2005-10-18 61440]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 EL3C574;PC Card Network Device Driver FE574B-3Com 10/100;c:\windows\system32\drivers\el574nd4.sys [2007-12-21 24653]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-20 c:\windows\Tasks\User_Feed_Synchronization-{9677DAB8-D601-4C89-A486-87DADEF7B928}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 23:36]
.
2011-03-21 c:\windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
- c:\windows\Ysuxya.exe [2011-03-15 05:25]
.
.
------- Additional examination -------
.
uStart Page = hxxp://www.google.ca/
uSearchURL,(Default) = hxxp://ca.search.yahoo.com/search?fr=mcafee&p=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\DELL\Application Data\Mozilla\Firefox\Profiles\v4cytyzm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-20 22:44
Windows 5.1.2600 Service Pack 3 NTFS
.
Searching for hidden processes...
.
Searching for hidden auto start items...
.
Searching for hidden files...
.
Scan completed successfully
Hidden files: 0
.
**************************************************************************
.
--------------------- BLOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€-€|ÿÿÿÿÀ*€|ù*9~*]
"C040111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
End time: 2011-03-20 22:46:44
ComboFix-quarantined-files.txt 2011-03-21 02:46
.
Before-CF: 26 574 393 344 bytes free
After-CF: 42 495 885 312 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - B3492B9C61823DDBE8BC2B9905868BE2</no>
Précédent
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9