Virus Actif depuis hier
Pearly
-
Pearly -
Pearly -
Atlhon DualCore 4200+
Mémoire : 3go DDR2
MSI Geforce DualCore 8600 GTS
Windows XP Pro
Service Pack SP3
Firefox3
IExplorer 8 b2
Connexion 20 méga
-----------------------------------------------------------
Bonjour à tous,
Voila hier je suis venue demander votre aide car pour rappel j'avais ces problèmes :
Écrit en Gros à coté de l'heure "VIRUS ALERT !"
2 disques dur complètement invisible disparu !
Tous les programmes du menu démarrer complément Disparu !
Après avoir fait plusieurs rapport et désinfection comme vous me l'avez indiquer avec :
SDFIX.exe
SmitfraudFix.exe
HijackThis.exe
Tout semblait etre résolut mais aujourd'hui je m'apercoie que c'est au niveau de Firefox3 que ca va pas ,
Connexion très lent , quand je souhaite me connecter à une page on voix le navigateur actualisé la page /Stopper/ actualisé / Stopper/ enfin bref les pages sont longue à arriver . Après quand j'éteins le pc normalement le pc redemarre et se bloque "se Fige" , il faut que je redémarre avec le bouton rapide sur le boitier pour que le pc n'enregistre pas les parametre lors de la sortie car le pc se bloquera au démarrage . C'est étrange .
Je viens de faire un netoyage et un rapport avec SDFIX que je mets à la suite de ce topic
Si quelqu'un peut me dire si je suis toujours infecter
Mémoire : 3go DDR2
MSI Geforce DualCore 8600 GTS
Windows XP Pro
Service Pack SP3
Firefox3
IExplorer 8 b2
Connexion 20 méga
-----------------------------------------------------------
Bonjour à tous,
Voila hier je suis venue demander votre aide car pour rappel j'avais ces problèmes :
Écrit en Gros à coté de l'heure "VIRUS ALERT !"
2 disques dur complètement invisible disparu !
Tous les programmes du menu démarrer complément Disparu !
Après avoir fait plusieurs rapport et désinfection comme vous me l'avez indiquer avec :
SDFIX.exe
SmitfraudFix.exe
HijackThis.exe
Tout semblait etre résolut mais aujourd'hui je m'apercoie que c'est au niveau de Firefox3 que ca va pas ,
Connexion très lent , quand je souhaite me connecter à une page on voix le navigateur actualisé la page /Stopper/ actualisé / Stopper/ enfin bref les pages sont longue à arriver . Après quand j'éteins le pc normalement le pc redemarre et se bloque "se Fige" , il faut que je redémarre avec le bouton rapide sur le boitier pour que le pc n'enregistre pas les parametre lors de la sortie car le pc se bloquera au démarrage . C'est étrange .
Je viens de faire un netoyage et un rapport avec SDFIX que je mets à la suite de ce topic
Si quelqu'un peut me dire si je suis toujours infecter
A voir également:
- Virus Actif depuis hier
- Virus mcafee - Accueil - Piratage
- Mode de signal actif - Forum Carte graphique
- Actif il y a messenger disparu ✓ - Forum Facebook Messenger
- Service audio non actif ✓ - Forum Enceintes / HiFi
- Softonic virus ✓ - Forum Virus
1 réponse
SDFix: Version 1.114
Run by Christophe on 21/09/2008 at 15:49
Microsoft Windows XP [version 5.1.2600]
Running From: D:\DOCUME~1\CHRIST~1\Bureau\NOUVEA~1\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
D:\WINDOWS\SYSTEM32\WINDOW~1.EXE - Deleted
Removing Temp Files...
ADS Check:
D:\WINDOWS
No streams found.
D:\WINDOWS\system32
No streams found.
D:\WINDOWS\system32\svchost.exe
No streams found.
D:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1253 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 15:57:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:08,2e,83,1b,33,67,56,f0,8b,4c,f8,4c,5d,c4,60,69,f7,43,c5,ff,d8,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,fe,dd,23,2f,76,69,a4,42,22,92,8f,dd,7e,24,5e,de,70,..
"khjeh"=hex:c7,58,52,75,cd,12,0a,8c,0f,14,52,eb,07,1f,93,f2,c7,2a,1d,23,48,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:77,42,fa,2d,c4,80,79,4d,88,0a,2f,0e,45,b2,a1,d4,4f,f0,f8,f5,69,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:11,4d,68,1f,05,b9,df,92,b9,37,b4,5d,83,ef,8c,5e,08,50,79,74,47,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:bb,bd,ca,6f,16,fd,12,f0,18,3e,f3,12,dd,56,26,ef,99,e7,70,93,22,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:41,49,be,ab,ab,b1,04,aa,11,b2,a7,02,6a,30,37,cd,e0,cc,32,26,d7,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv\modules]
"TDSSserv"="\systemroot\system32\drivers\TDSSjcxe.sys"
"TDSSl"="\systemroot\system32\TDSSjjsm.dll"
"tdssmain"="\systemroot\system32\TDSSevri.dll"
"tdsslog"="\systemroot\system32\TDSShpue.dll"
"tdssadw"="\systemroot\system32\TDSSdqoi.dll"
"tdssserf"="\systemroot\system32\TDSShpbn.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:08,2e,83,1b,33,67,56,f0,8b,4c,f8,4c,5d,c4,60,69,f7,43,c5,ff,d8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,fe,dd,23,2f,76,69,a4,42,22,92,8f,dd,7e,24,5e,de,70,..
"khjeh"=hex:c7,58,52,75,cd,12,0a,8c,0f,14,52,eb,07,1f,93,f2,c7,2a,1d,23,48,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:77,42,fa,2d,c4,80,79,4d,88,0a,2f,0e,45,b2,a1,d4,4f,f0,f8,f5,69,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:11,4d,68,1f,05,b9,df,92,b9,37,b4,5d,83,ef,8c,5e,08,50,79,74,47,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:bb,bd,ca,6f,16,fd,12,f0,18,3e,f3,12,dd,56,26,ef,99,e7,70,93,22,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:41,49,be,ab,ab,b1,04,aa,11,b2,a7,02,6a,30,37,cd,e0,cc,32,26,d7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv\modules]
"TDSSserv"="\systemroot\system32\drivers\TDSSjcxe.sys"
"TDSSl"="\systemroot\system32\TDSSjjsm.dll"
"tdssmain"="\systemroot\system32\TDSSevri.dll"
"tdsslog"="\systemroot\system32\TDSShpue.dll"
"tdssadw"="\systemroot\system32\TDSSdqoi.dll"
"tdssserf"="\systemroot\system32\TDSShpbn.dll"
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"OfflineDetectionPending"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Download]
"LastSuccessTime"="2008-09-21 02:35:17"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\Messenger\\msmsgs.exe"="D:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="D:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"D:\\Program Files\\SopCast\\adv\\SopAdver.exe"="D:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"D:\\Program Files\\SopCast\\SopCast.exe"="D:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"X:\\Program Files\\TrackMania Sunrise\\TmSunrise.exe"="X:\\Program Files\\TrackMania Sunrise\\TmSunrise.exe:*:Enabled:TmSunrise.exe"
"D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"X:\\Program Files\\Eidos\\Hitman Blood Money\\HitmanBloodMoney.exe"="X:\\Program Files\\Eidos\\Hitman Blood Money\\HitmanBloodMoney.exe:*:Enabled:HitmanBloodMoney.exe"
"D:\\Program Files\\uTorrent\\uTorrent.exe"="D:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"G:\\Program Files (x86)\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="G:\\Program Files (x86)\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:iw3mp"
"G:\\Program Files (x86)\\Activision\\Call of Duty 4 - Modern Warfare1.6\\iw3mp.exe"="G:\\Program Files (x86)\\Activision\\Call of Duty 4 - Modern Warfare1.6\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"D:\\WINDOWS\\system32\\PnkBstrA.exe"="D:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"D:\\WINDOWS\\system32\\PnkBstrB.exe"="D:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"G:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="G:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"G:\\Program Files (x86)\\Activision\\Call of Duty 4 - Modern Warfare1.4\\iw3mp.exe"="G:\\Program Files (x86)\\Activision\\Call of Duty 4 - Modern Warfare1.4\\iw3mp.exe:*:Enabled:iw3mp"
"D:\\Program Files\\Internet Explorer\\iexplore.exe"="D:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"G:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"="G:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2"
"G:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"="G:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2 Update"
"G:\\Program Files\\Codemasters\\GRID\\GRID.exe"="G:\\Program Files\\Codemasters\\GRID\\GRID.exe:*:Enabled:GRID"
"D:\\Program Files\\Autodesk\\backburner\\monitor.exe"="D:\\Program Files\\Autodesk\\backburner\\monitor.exe:*:Enabled:backburner 2.3 monitor"
"D:\\Program Files\\Autodesk\\backburner\\manager.exe"="D:\\Program Files\\Autodesk\\backburner\\manager.exe:*:Enabled:backburner 2.3 manager"
"D:\\Program Files\\Autodesk\\backburner\\server.exe"="D:\\Program Files\\Autodesk\\backburner\\server.exe:*:Enabled:backburner 2.3 server"
"D:\\Program Files\\Autodesk\\3ds Max 2008\\3dsmax.exe"="D:\\Program Files\\Autodesk\\3ds Max 2008\\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2008 32-bit"
"D:\\Program Files\\Bonjour\\mDNSResponder.exe"="D:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Softimage\\XSI_7.0\\Application\\bin\\XSI.exe"="C:\\Softimage\\XSI_7.0\\Application\\bin\\XSI.exe:*:Enabled:XSI"
"C:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"="C:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2009 32-bit"
"C:\\Softimage\\XSI_7.0\\Application\\bin\\XSIBATCH.exe"="C:\\Softimage\\XSI_7.0\\Application\\bin\\XSIBATCH.exe:*:Enabled:XSIBATCH"
"D:\\Softimage\\XSI_7.0\\Application\\bin\\XSI.exe"="D:\\Softimage\\XSI_7.0\\Application\\bin\\XSI.exe:*:Enabled:XSI"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"D:\\Program Files\\Crazybump Beta Test\\CrazyBump.exe"="D:\\Program Files\\Crazybump Beta Test\\CrazyBump.exe:*:Enabled:CrazyBump"
"C:\\Program Files\\alienbrain\\Apache\\bin\\Apache.exe"="C:\\Program Files\\alienbrain\\Apache\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\alienbrain\\Server\\NxNServer.exe"="C:\\Program Files\\alienbrain\\Server\\NxNServer.exe:*:Enabled:NXN alienbrain"
"G:\\Softimage\\XSI_7.0\\Application\\bin\\XSI.exe"="G:\\Softimage\\XSI_7.0\\Application\\bin\\XSI.exe:*:Enabled:XSI"
"D:\\Softimage\\XSI_6.0\\Application\\bin\\XSI.exe"="D:\\Softimage\\XSI_6.0\\Application\\bin\\XSI.exe:*:Enabled:XSI"
"C:\\Program Files\\Next Limit\\RealFlow4\\realflow.exe"="C:\\Program Files\\Next Limit\\RealFlow4\\realflow.exe:*:Enabled:realflow"
"G:\\Program Files\\Next Limit\\RealFlow4\\realflow.exe"="G:\\Program Files\\Next Limit\\RealFlow4\\realflow.exe:*:Enabled:realflow"
"D:\\Program Files\\WoozTalk\\WoozTalk.exe"="D:\\Program Files\\WoozTalk\\WoozTalk.exe:*:Enabled:WoozTalk Instant Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
File Backups: - D:\DOCUME~1\CHRIST~1\Bureau\NOUVEA~1\SDFix\backups\backups.zip
Files with Hidden Attributes:
Sun 31 Aug 2008 14,121 A..H. --- "D:\spm\spm-kf.bak"
Sun 13 Apr 2008 1,695,232 ..SH. --- "D:\Program Files\Messenger\msmsgs.exe"
Wed 2 Jul 2008 8 ..SHR --- "D:\WINDOWS\system32\819E9074B8.sys"
Mon 7 Jul 2008 952 A.SH. --- "D:\WINDOWS\system32\KGyGaAvL.sys"
Thu 24 Jul 2008 0 A.SH. --- "D:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Finished!
Run by Christophe on 21/09/2008 at 15:49
Microsoft Windows XP [version 5.1.2600]
Running From: D:\DOCUME~1\CHRIST~1\Bureau\NOUVEA~1\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
D:\WINDOWS\SYSTEM32\WINDOW~1.EXE - Deleted
Removing Temp Files...
ADS Check:
D:\WINDOWS
No streams found.
D:\WINDOWS\system32
No streams found.
D:\WINDOWS\system32\svchost.exe
No streams found.
D:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1253 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 15:57:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:08,2e,83,1b,33,67,56,f0,8b,4c,f8,4c,5d,c4,60,69,f7,43,c5,ff,d8,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,fe,dd,23,2f,76,69,a4,42,22,92,8f,dd,7e,24,5e,de,70,..
"khjeh"=hex:c7,58,52,75,cd,12,0a,8c,0f,14,52,eb,07,1f,93,f2,c7,2a,1d,23,48,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:77,42,fa,2d,c4,80,79,4d,88,0a,2f,0e,45,b2,a1,d4,4f,f0,f8,f5,69,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:11,4d,68,1f,05,b9,df,92,b9,37,b4,5d,83,ef,8c,5e,08,50,79,74,47,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:bb,bd,ca,6f,16,fd,12,f0,18,3e,f3,12,dd,56,26,ef,99,e7,70,93,22,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:41,49,be,ab,ab,b1,04,aa,11,b2,a7,02,6a,30,37,cd,e0,cc,32,26,d7,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv\modules]
"TDSSserv"="\systemroot\system32\drivers\TDSSjcxe.sys"
"TDSSl"="\systemroot\system32\TDSSjjsm.dll"
"tdssmain"="\systemroot\system32\TDSSevri.dll"
"tdsslog"="\systemroot\system32\TDSShpue.dll"
"tdssadw"="\systemroot\system32\TDSSdqoi.dll"
"tdssserf"="\systemroot\system32\TDSShpbn.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:08,2e,83,1b,33,67,56,f0,8b,4c,f8,4c,5d,c4,60,69,f7,43,c5,ff,d8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,fe,dd,23,2f,76,69,a4,42,22,92,8f,dd,7e,24,5e,de,70,..
"khjeh"=hex:c7,58,52,75,cd,12,0a,8c,0f,14,52,eb,07,1f,93,f2,c7,2a,1d,23,48,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:77,42,fa,2d,c4,80,79,4d,88,0a,2f,0e,45,b2,a1,d4,4f,f0,f8,f5,69,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:11,4d,68,1f,05,b9,df,92,b9,37,b4,5d,83,ef,8c,5e,08,50,79,74,47,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:bb,bd,ca,6f,16,fd,12,f0,18,3e,f3,12,dd,56,26,ef,99,e7,70,93,22,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:41,49,be,ab,ab,b1,04,aa,11,b2,a7,02,6a,30,37,cd,e0,cc,32,26,d7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv\modules]
"TDSSserv"="\systemroot\system32\drivers\TDSSjcxe.sys"
"TDSSl"="\systemroot\system32\TDSSjjsm.dll"
"tdssmain"="\systemroot\system32\TDSSevri.dll"
"tdsslog"="\systemroot\system32\TDSShpue.dll"
"tdssadw"="\systemroot\system32\TDSSdqoi.dll"
"tdssserf"="\systemroot\system32\TDSShpbn.dll"
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"OfflineDetectionPending"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Download]
"LastSuccessTime"="2008-09-21 02:35:17"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\Messenger\\msmsgs.exe"="D:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="D:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"D:\\Program Files\\SopCast\\adv\\SopAdver.exe"="D:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"D:\\Program Files\\SopCast\\SopCast.exe"="D:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"X:\\Program Files\\TrackMania Sunrise\\TmSunrise.exe"="X:\\Program Files\\TrackMania Sunrise\\TmSunrise.exe:*:Enabled:TmSunrise.exe"
"D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"X:\\Program Files\\Eidos\\Hitman Blood Money\\HitmanBloodMoney.exe"="X:\\Program Files\\Eidos\\Hitman Blood Money\\HitmanBloodMoney.exe:*:Enabled:HitmanBloodMoney.exe"
"D:\\Program Files\\uTorrent\\uTorrent.exe"="D:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"G:\\Program Files (x86)\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="G:\\Program Files (x86)\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:iw3mp"
"G:\\Program Files (x86)\\Activision\\Call of Duty 4 - Modern Warfare1.6\\iw3mp.exe"="G:\\Program Files (x86)\\Activision\\Call of Duty 4 - Modern Warfare1.6\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"D:\\WINDOWS\\system32\\PnkBstrA.exe"="D:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"D:\\WINDOWS\\system32\\PnkBstrB.exe"="D:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"G:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="G:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"G:\\Program Files (x86)\\Activision\\Call of Duty 4 - Modern Warfare1.4\\iw3mp.exe"="G:\\Program Files (x86)\\Activision\\Call of Duty 4 - Modern Warfare1.4\\iw3mp.exe:*:Enabled:iw3mp"
"D:\\Program Files\\Internet Explorer\\iexplore.exe"="D:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"G:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"="G:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2"
"G:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"="G:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2 Update"
"G:\\Program Files\\Codemasters\\GRID\\GRID.exe"="G:\\Program Files\\Codemasters\\GRID\\GRID.exe:*:Enabled:GRID"
"D:\\Program Files\\Autodesk\\backburner\\monitor.exe"="D:\\Program Files\\Autodesk\\backburner\\monitor.exe:*:Enabled:backburner 2.3 monitor"
"D:\\Program Files\\Autodesk\\backburner\\manager.exe"="D:\\Program Files\\Autodesk\\backburner\\manager.exe:*:Enabled:backburner 2.3 manager"
"D:\\Program Files\\Autodesk\\backburner\\server.exe"="D:\\Program Files\\Autodesk\\backburner\\server.exe:*:Enabled:backburner 2.3 server"
"D:\\Program Files\\Autodesk\\3ds Max 2008\\3dsmax.exe"="D:\\Program Files\\Autodesk\\3ds Max 2008\\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2008 32-bit"
"D:\\Program Files\\Bonjour\\mDNSResponder.exe"="D:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Softimage\\XSI_7.0\\Application\\bin\\XSI.exe"="C:\\Softimage\\XSI_7.0\\Application\\bin\\XSI.exe:*:Enabled:XSI"
"C:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"="C:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2009 32-bit"
"C:\\Softimage\\XSI_7.0\\Application\\bin\\XSIBATCH.exe"="C:\\Softimage\\XSI_7.0\\Application\\bin\\XSIBATCH.exe:*:Enabled:XSIBATCH"
"D:\\Softimage\\XSI_7.0\\Application\\bin\\XSI.exe"="D:\\Softimage\\XSI_7.0\\Application\\bin\\XSI.exe:*:Enabled:XSI"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"D:\\Program Files\\Crazybump Beta Test\\CrazyBump.exe"="D:\\Program Files\\Crazybump Beta Test\\CrazyBump.exe:*:Enabled:CrazyBump"
"C:\\Program Files\\alienbrain\\Apache\\bin\\Apache.exe"="C:\\Program Files\\alienbrain\\Apache\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\alienbrain\\Server\\NxNServer.exe"="C:\\Program Files\\alienbrain\\Server\\NxNServer.exe:*:Enabled:NXN alienbrain"
"G:\\Softimage\\XSI_7.0\\Application\\bin\\XSI.exe"="G:\\Softimage\\XSI_7.0\\Application\\bin\\XSI.exe:*:Enabled:XSI"
"D:\\Softimage\\XSI_6.0\\Application\\bin\\XSI.exe"="D:\\Softimage\\XSI_6.0\\Application\\bin\\XSI.exe:*:Enabled:XSI"
"C:\\Program Files\\Next Limit\\RealFlow4\\realflow.exe"="C:\\Program Files\\Next Limit\\RealFlow4\\realflow.exe:*:Enabled:realflow"
"G:\\Program Files\\Next Limit\\RealFlow4\\realflow.exe"="G:\\Program Files\\Next Limit\\RealFlow4\\realflow.exe:*:Enabled:realflow"
"D:\\Program Files\\WoozTalk\\WoozTalk.exe"="D:\\Program Files\\WoozTalk\\WoozTalk.exe:*:Enabled:WoozTalk Instant Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
File Backups: - D:\DOCUME~1\CHRIST~1\Bureau\NOUVEA~1\SDFix\backups\backups.zip
Files with Hidden Attributes:
Sun 31 Aug 2008 14,121 A..H. --- "D:\spm\spm-kf.bak"
Sun 13 Apr 2008 1,695,232 ..SH. --- "D:\Program Files\Messenger\msmsgs.exe"
Wed 2 Jul 2008 8 ..SHR --- "D:\WINDOWS\system32\819E9074B8.sys"
Mon 7 Jul 2008 952 A.SH. --- "D:\WINDOWS\system32\KGyGaAvL.sys"
Thu 24 Jul 2008 0 A.SH. --- "D:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Finished!
