lesandre
-
Compteur de contenus
22 -
Inscription
-
Dernière visite
lesandre's Achievements
Member (4/12)
0
Réputation sur la communauté
-
Warning! potential spyware operation
lesandre a répondu à un(e) sujet de lesandre dans Analyses et éradication malwares
Bonsoir Charles, As-tu une solution par rapport à ce pb qui parait insoluble? Merci à toi, Le sandre -
Warning! potential spyware operation
lesandre a répondu à un(e) sujet de lesandre dans Analyses et éradication malwares
Bonsoir Charles, J'ai suivi les instructions. - Durant SmitFraudFix: plusieurs fois le message "acces a la base de registre non autorisee par votre administrateur" apres avoir presse sur o Toujours la meme fenetre qui apparait regulierement (voir post precedent STP) Ci-apres, les rapports. A bientot et merci encore, Le sandre SmitFraudFix v2.232 Rapport fait à 21:25:48,76, 28/09/2007 Executé à partir de C:\Documents and Settings\Jean-Christophe\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est FAT32 Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 192.168.200.3 ad.doubleclick.net 192.168.200.3 ad.fastclick.net 192.168.200.3 ads.fastclick.net 192.168.200.3 ar.atwola.com 192.168.200.3 atdmt.com 192.168.200.3 avp.ch 192.168.200.3 avp.com 192.168.200.3 avp.ru 192.168.200.3 awaps.net 192.168.200.3 banner.fastclick.net 192.168.200.3 banners.fastclick.net 192.168.200.3 ca.com 192.168.200.3 click.atdmt.com 192.168.200.3 clicks.atdmt.com 192.168.200.3 customer.symantec.com 192.168.200.3 dispatch.mcafee.com 192.168.200.3 download.mcafee.com 192.168.200.3 downloads-us1.kaspersky-labs.com 192.168.200.3 downloads-us2.kaspersky-labs.com 192.168.200.3 downloads-us3.kaspersky-labs.com 192.168.200.3 downloads1.kaspersky-labs.com 192.168.200.3 downloads2.kaspersky-labs.com 192.168.200.3 downloads3.kaspersky-labs.com 192.168.200.3 downloads4.kaspersky-labs.com 192.168.200.3 engine.awaps.net 192.168.200.3 f-secure.com 192.168.200.3 fastclick.net 192.168.200.3 ftp.avp.ch 192.168.200.3 ftp.downloads1.kaspersky-labs.com 192.168.200.3 ftp.downloads2.kaspersky-labs.com 192.168.200.3 ftp.downloads3.kaspersky-labs.com 192.168.200.3 ftp.f-secure.com 192.168.200.3 ftp.kasperskylab.ru 192.168.200.3 ftp.sophos.com 192.168.200.3 ids.kaspersky-labs.com 192.168.200.3 kaspersky-labs.com 192.168.200.3 kaspersky.com 192.168.200.3 liveupdate.symantec.com 192.168.200.3 liveupdate.symantecliveupdate.com 192.168.200.3 mast.mcafee.com 192.168.200.3 mcafee.com 192.168.200.3 media.fastclick.net 192.168.200.3 my-etrust.com 192.168.200.3 nai.com 192.168.200.3 networkassociates.com 192.168.200.3 norton.com 192.168.200.3 phx.corporate-ir.net 192.168.200.3 rads.mcafee.com 192.168.200.3 secure.nai.com 192.168.200.3 securityresponse.symantec.com 192.168.200.3 service1.symantec.com 192.168.200.3 sophos.com 192.168.200.3 spd.atdmt.com 192.168.200.3 symantec.com 192.168.200.3 trendmicro.com 192.168.200.3 update.symantec.com 192.168.200.3 updates.symantec.com 192.168.200.3 updates1.kaspersky-labs.com 192.168.200.3 updates2.kaspersky-labs.com 192.168.200.3 updates3.kaspersky-labs.com 192.168.200.3 updates4.kaspersky-labs.com 192.168.200.3 updates5.kaspersky-labs.com 192.168.200.3 us.mcafee.com 192.168.200.3 vil.nai.com 192.168.200.3 viruslist.com 192.168.200.3 viruslist.ru 192.168.200.3 virusscan.jotti.org 192.168.200.3 virustotal.com 192.168.200.3 www.avp.ch 192.168.200.3 www.avp.com 192.168.200.3 www.avp.ru 192.168.200.3 www.awaps.net 192.168.200.3 www.ca.com 192.168.200.3 www.f-secure.com 192.168.200.3 www.fastclick.net 192.168.200.3 www.grisoft.com 192.168.200.3 www.kaspersky-labs.com 192.168.200.3 www.kaspersky.com 192.168.200.3 www.kaspersky.ru 192.168.200.3 www.mcafee.com 192.168.200.3 www.my-etrust.com 192.168.200.3 www.nai.com 192.168.200.3 www.networkassociates.com 192.168.200.3 www.sophos.com 192.168.200.3 www.symantec.com 192.168.200.3 www.symantec.com 192.168.200.3 www.trendmicro.com 192.168.200.3 www.viruslist.com 192.168.200.3 www.viruslist.ru 192.168.200.3 www.virustotal.com 192.168.200.3 www3.ca.com »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\WINDOWS\system32\printer.exe supprimé C:\WINDOWS\system32\WinAvXX.exe supprimé »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{81260026-7663-40F1-88CE-7C27A0FBAA76}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\..\{81260026-7663-40F1-88CE-7C27A0FBAA76}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS2\Services\Tcpip\..\{81260026-7663-40F1-88CE-7C27A0FBAA76}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS3\Services\Tcpip\..\{81260026-7663-40F1-88CE-7C27A0FBAA76}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Combofix ComboFix 07-09-18.4 - "Jean-Christophe" 2007-09-28 21:36:01.9 - FAT32x86 Microsoft Windows XP ?dition familiale 5.1.2600.2.1252.1.1036.18.48 [GMT 2:00] * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\printer.exe C:\WINDOWS\system32\WinAvXX.exe . ((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-28 ))))))))))))))))))))))))))))))) . 2007-09-22 19:20 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-09-22 19:20 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier 2007-09-22 19:17 <REP> d-------- C:\WINDOWS\Internet Logs 2007-09-20 21:19 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-19 13:02 <REP> d-------- C:\Program Files\CCleaner 2007-09-19 12:46 <REP> d-------- C:\Program Files\a-squared Free 2007-09-19 10:56 <REP> d-------- C:\Program Files\RegCleaner 2007-09-19 07:26 <REP> d-------- C:\WINDOWS\report 2007-09-19 07:25 86,094 --a------ C:\WINDOWS\BPMNT.dll 2007-09-19 07:25 71,749 --a------ C:\WINDOWS\hcextoutput.dll 2007-09-19 07:25 267,845 --a------ C:\WINDOWS\tsc.exe 2007-09-19 07:25 1,163,344 --a------ C:\WINDOWS\vsapi32.dll 2007-09-19 07:25 <REP> d-------- C:\WINDOWS\AU_Backup 2007-09-19 07:23 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2007-09-19 07:23 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2007-09-19 07:23 286,720 --a------ C:\WINDOWS\PATCH.EXE 2007-09-19 07:23 <REP> d-------- C:\WINDOWS\AU_Temp 2007-09-19 07:23 <REP> d-------- C:\WINDOWS\AU_Log 2007-09-18 22:39 3,398 --a------ C:\WINDOWS\system32\tmp.reg 2007-09-18 21:10 <REP> d-------- C:\Program Files\Navilog1 2007-09-18 20:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-09-17 21:10 <REP> dr------- C:\DOCUME~1\Elyan\Mes documents 2007-09-17 21:10 <REP> dr------- C:\DOCUME~1\Elyan\Favoris 2007-09-14 21:08 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-09-14 14:05 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-09-14 12:59 <REP> dr------- C:\DOCUME~1\ADMINI~1\Mes documents 2007-09-14 12:59 <REP> dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer 2007-09-14 12:59 <REP> dr------- C:\DOCUME~1\ADMINI~1\Favoris 2007-09-14 12:59 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau 2007-09-14 12:59 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression 2007-09-14 12:59 <REP> d--h----- C:\DOCUME~1\ADMINI~1\ModŠles 2007-09-14 12:59 <REP> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS 2007-09-14 12:59 <REP> d-------- C:\DOCUME~1\ADMINI~1\Bureau 2007-09-14 12:59 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\InterTrust 2007-09-01 15:57 1,268 --a------ C:\WINDOWS\mozver.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-28 19:36 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2007-09-28 19:36 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-09-22 19:19 75932 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-09-22 19:19 74396 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-09-14 21:11 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2007-09-14 21:11 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-09-06 12:09 801144 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-09-06 12:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-06 12:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-06 12:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-09-06 12:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-09-06 12:00 95608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-09-06 12:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll 2007-07-29 17:57 --------- d-------- C:\Program Files\Alwil Software 2007-07-29 17:07 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-07-29 16:24 --------- d-------- C:\Program Files\Realtek Sound Manager 2007-07-29 16:24 --------- d-------- C:\Program Files\AvRack 2007-07-29 16:24 --------- d-------- C:\DOCUME~1\ELYAN\APPLIC~1\Real 2007-07-29 16:24 --------- d-------- C:\DOCUME~1\ELYAN\APPLIC~1\InterTrust 2007-07-29 16:24 --------- d-------- C:\DOCUME~1\ELYAN\APPLIC~1\ICQ 2007-07-29 16:24 --------- d-------- C:\DOCUME~1\ELYAN\APPLIC~1\FUJIFILM 2007-07-19 08:58 3583488 --------- C:\WINDOWS\system32\dllcache\mshtml.dll 2007-07-13 01:30 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll 2005-07-21 15:12 457 --a------ C:\Program Files\INSTALL.LOG . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2003-09-23 09:09 C:\WINDOWS\SOUNDMAN.EXE] "Disk Monitor"="C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe" [2003-06-18 11:57] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 22:05] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-10-11 22:02] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-06-24 15:16] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-06 21:12] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32] "ExtraFilmHemmaAgent"="C:\Program Files\Extrafilm FotoFacil\Agent.exe" [2006-10-03 09:40] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24] "NetAppel"="C:\program files\netappel\netappel.exe" [2007-09-15 13:19] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] PCANotify.dll 2003-05-29 11:00 8704 C:\WINDOWS\system32\PCANotify.dll R3 C4C_BSC2;C4C_BSC2;C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS S2 vdo_326d-6b44;vdo_326d-6b44;\??\C:\WINDOWS\system32\vdo_326d-6b44.sys S3 PIXMC10;JVC Communication PIX-MC10 Driver;C:\WINDOWS\system32\Drivers\pixmc10c.sys S3 PIXMC10A;JVC PIX-MC10 Audio Capture;C:\WINDOWS\system32\Drivers\pixmc10a.sys S3 PIXMC10V;JVC PIX-MC10 Video Capture;C:\WINDOWS\system32\Drivers\pixmc10v.sys S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-28 21:39:42 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-28 21:41:42 C:\ComboFix-quarantined-files.txt ... 2007-09-28 21:41 C:\ComboFix2.txt ... 2007-09-23 09:04 C:\ComboFix3.txt ... 2007-09-22 19:51 . --- E O F --- -
Warning! potential spyware operation
lesandre a répondu à un(e) sujet de lesandre dans Analyses et éradication malwares
Re, OK pour l'acces sur site Antivirus maintenant MAIS je ne trouve pas le fichier: j'ai meme fait une recherche sur tout le PC et aucune trace de ce fichier vdo_etc... (j'ai bien sur fait apparaitre tous les fichiers en suivant ta procedure) Voici le rapport demande: Merci, Lesandre Rapport WinPFind3: WinPFind3 logfile created on: 23/09/2007 20:51:30 WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\Jean-Christophe\Bureau\WinPFind3u\ Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) Internet Explorer (Version = 7.0.5730.11) 255,48 Mb Total Physical Memory | 46,42 Mb Available Physical Memory | 18,17% Memory free 620,44 Mb Paging File | 219,09 Mb Available in Paging File | 35,31% Paging File free Paging file location(s): C:\pagefile.sys 384 768; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111,76 Gb Total Space | 20,68 Gb Free Space | 18,50% Space Free D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded Computer Name: JCV46 Current User Name: Jean-Christophe Logged in as Administrator. Current Boot Mode: Normal [Processes - Non-Microsoft Only] a2service.exe -> %ProgramFiles%\a-squared Free\a2service.exe -> Emsi Software GmbH [Ver = 3.0.0.345 | Size = 217208 bytes | Modified Date = 19/09/2007 12:48:20 | Attr = ] aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 2 | Size = 566616 bytes | Modified Date = 14/09/2007 21:11:40 | Attr = ] agent.exe -> %ProgramFiles%\Extrafilm FotoFacil\Agent.exe -> [Ver = 1, 0, 0, 1 | Size = 323584 bytes | Modified Date = 03/10/2006 09:40:34 | Attr = ] apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.2.0.77764 | Size = 63712 bytes | Modified Date = 09/03/2007 11:09:58 | Attr = ] ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 79224 bytes | Modified Date = 06/09/2007 12:06:10 | Attr = ] ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 243064 bytes | Modified Date = 06/09/2007 12:05:42 | Attr = ] ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 132472 bytes | Modified Date = 06/09/2007 12:06:04 | Attr = ] ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 345464 bytes | Modified Date = 06/09/2007 12:04:44 | Attr = ] aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 16248 bytes | Modified Date = 06/09/2007 11:54:58 | Attr = ] ati2evxx.exe -> %System32%\ati2evxx.exe -> [Ver = | Size = 303104 bytes | Modified Date = 20/07/2003 10:17:50 | Attr = ] avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 11/06/2007 11:25:42 | Attr = ] cdac11ba.exe -> %System32%\drivers\CDAC11BA.EXE -> C-Dilla Ltd [Ver = 4.11.050 | Size = 39936 bytes | Modified Date = 02/10/2004 22:11:36 | Attr = ] ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 13/12/1999 03:01:00 | Attr = ] disk_monitor.exe -> %ProgramFiles%\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe -> Neodio Corp. [Ver = 1.7.5.617 | Size = 466944 bytes | Modified Date = 18/06/2003 11:57:40 | Attr = ] dragdiag.exe -> %ProgramFiles%\Thomson\SpeedTouch USB\dragdiag.exe -> THOMSON Telecom Belgium [Ver = 301.0.0.12 | Size = 866816 bytes | Modified Date = 26/01/2004 11:38:38 | Attr = ] ftrtsvc.exe -> %System32%\FTRTSVC.exe -> France Telecom [Ver = 11.0 (4) | Size = 40960 bytes | Modified Date = 23/08/2004 14:49:56 | Attr = ] guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 14:31:10 | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 4.9.0.17 | Size = 331776 bytes | Modified Date = 24/06/2005 15:16:26 | Attr = ] ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 4.9.0.17 | Size = 278528 bytes | Modified Date = 24/06/2005 15:16:42 | Attr = ] jusched.exe -> %ProgramFiles%\Java\j2re1.4.2_05\bin\jusched.exe -> [Ver = | Size = 32881 bytes | Modified Date = 03/06/2004 22:05:08 | Attr = ] netappel.exe -> %ProgramFiles%\NetAppel\NetAppel.exe -> NetAppel [Ver = 3, 2, 437, 0 | Size = 7145008 bytes | Modified Date = 15/09/2007 13:19:32 | Attr = ] nsl.exe -> %ProgramFiles%\lotus\notes\nsl.exe -> IBM Corp [Ver = 7.0.00.5226 | Size = 17408 bytes | Modified Date = 15/08/2005 05:40:14 | Attr = ] nslsvice.exe -> %ProgramFiles%\lotus\notes\nslsvice.exe -> IBM Corp [Ver = 7.0.00.5226 | Size = 7680 bytes | Modified Date = 15/08/2005 05:40:14 | Attr = ] printer.exe -> %System32%\printer.exe -> [Ver = | Size = 7680 bytes | Modified Date = 13/09/2007 11:06:42 | Attr = ] qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 06/08/2005 21:12:02 | Attr = ] quickdcf.exe -> %ProgramFiles%\FinePixViewer\QuickDCF.exe -> FUJI PHOTO FILM CO., LTD. [Ver = 5, 0, 0, 2 | Size = 282624 bytes | Modified Date = 05/04/2005 18:01:36 | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 11/10/2004 22:02:38 | Attr = ] soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.10 | Size = 57344 bytes | Modified Date = 23/09/2003 09:09:00 | Attr = ] vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 75304 bytes | Modified Date = 21/06/2007 21:54:46 | Attr = ] winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 04/09/2007 10:47:26 | Attr = ] zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 919016 bytes | Modified Date = 21/06/2007 21:54:46 | Attr = ] [Win32 Services - Non-Microsoft Only] (a2free) a-squared Free Service [Win32_Own | Auto | Running] -> %ProgramFiles%\a-squared Free\a2service.exe -> Emsi Software GmbH [Ver = 3.0.0.345 | Size = 217208 bytes | Modified Date = 19/09/2007 12:48:20 | Attr = ] (aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 2 | Size = 566616 bytes | Modified Date = 14/09/2007 21:11:40 | Attr = ] (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 16248 bytes | Modified Date = 06/09/2007 11:54:58 | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> [Ver = | Size = 303104 bytes | Modified Date = 20/07/2003 10:17:50 | Attr = ] (avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 132472 bytes | Modified Date = 06/09/2007 12:06:04 | Attr = ] (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 243064 bytes | Modified Date = 06/09/2007 12:05:42 | Attr = ] (avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 345464 bytes | Modified Date = 06/09/2007 12:04:44 | Attr = ] (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 14:31:10 | Attr = ] (awhost32) Service Elève pcAnywhere [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\pcAnywhere\awhost32.exe -> Symantec Corporation [Ver = 11.0.0.730 | Size = 106496 bytes | Modified Date = 29/05/2003 11:00:00 | Attr = ] (C-DillaCdaC11BA) C-DillaCdaC11BA [Win32_Own | Auto | Running] -> %System32%\drivers\CDAC11BA.EXE -> C-Dilla Ltd [Ver = 4.11.050 | Size = 39936 bytes | Modified Date = 02/10/2004 22:11:36 | Attr = ] (Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 13/12/1999 03:01:00 | Attr = ] (dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 20/08/2004 01:09:52 | Attr = ] (FTRTSVC) France Telecom Routing Table Service [Win32_Own | Auto | Running] -> %System32%\FTRTSVC.exe -> France Telecom [Ver = 11.0 (4) | Size = 40960 bytes | Modified Date = 23/08/2004 14:49:56 | Attr = ] (iPodService) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 4.9.0.17 | Size = 331776 bytes | Modified Date = 24/06/2005 15:16:26 | Attr = ] (Lotus Notes Single Logon) Lotus Notes Single Logon [Win32_Own | Auto | Running] -> %ProgramFiles%\lotus\notes\nslsvice.exe -> IBM Corp [Ver = 7.0.00.5226 | Size = 7680 bytes | Modified Date = 15/08/2005 05:40:14 | Attr = ] (vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 75304 bytes | Modified Date = 21/06/2007 21:54:46 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> !AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 11/06/2007 11:25:42 | Attr = ] Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.2.0.77764 | Size = 63712 bytes | Modified Date = 09/03/2007 11:09:58 | Attr = ] Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 11/05/2007 03:06:32 | Attr = ] avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 79224 bytes | Modified Date = 06/09/2007 12:06:10 | Attr = ] Disk Monitor -> %ProgramFiles%\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe -> Neodio Corp. [Ver = 1.7.5.617 | Size = 466944 bytes | Modified Date = 18/06/2003 11:57:40 | Attr = ] ExtraFilmHemmaAgent -> %ProgramFiles%\Extrafilm FotoFacil\Agent.exe -> [Ver = 1, 0, 0, 1 | Size = 323584 bytes | Modified Date = 03/10/2006 09:40:34 | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 4.9.0.17 | Size = 278528 bytes | Modified Date = 24/06/2005 15:16:42 | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 06/08/2005 21:12:02 | Attr = ] REGSHAVE -> %ProgramFiles%\REGSHAVE\REGSHAVE.EXE -> FUJI PHOTO FILM CO., LTD. [Ver = 3.0.0.4 | Size = 53248 bytes | Modified Date = 04/02/2002 22:32:10 | Attr = ] SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.10 | Size = 57344 bytes | Modified Date = 23/09/2003 09:09:00 | Attr = ] SpeedTouch USB Diagnostics -> %ProgramFiles%\Thomson\SpeedTouch USB\dragdiag.exe -> THOMSON Telecom Belgium [Ver = 301.0.0.12 | Size = 866816 bytes | Modified Date = 26/01/2004 11:38:38 | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\j2re1.4.2_05\bin\jusched.exe -> [Ver = | Size = 32881 bytes | Modified Date = 03/06/2004 22:05:08 | Attr = ] TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 11/10/2004 22:02:38 | Attr = ] WinAVX -> %System32%\WinAvXX.exe -> [Ver = | Size = 7680 bytes | Modified Date = 13/09/2007 11:06:42 | Attr = ] ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 919016 bytes | Modified Date = 21/06/2007 21:54:46 | Attr = ] < OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL -> Installed = 1 -> MAPI -> Installed = 1 -> MSFS -> Installed = 1 -> < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> NetAppel -> %ProgramFiles%\NetAppel\NetAppel.exe -> NetAppel [Ver = 3, 2, 437, 0 | Size = 7145008 bytes | Modified Date = 15/09/2007 13:19:32 | Attr = ] WinAVX -> %System32%\WinAvXX.exe -> [Ver = | Size = 7680 bytes | Modified Date = 13/09/2007 11:06:42 | Attr = ] < Common Startup > -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage -> -> %AllUsersStartup%\autorun.exe -> [Ver = | Size = 7680 bytes | Modified Date = 13/09/2007 11:06:42 | Attr = ] %AllUsersStartup%\Exif Launcher.lnk -> %ProgramFiles%\FinePixViewer\QuickDCF.exe -> FUJI PHOTO FILM CO., LTD. [Ver = 5, 0, 0, 2 | Size = 282624 bytes | Modified Date = 05/04/2005 18:01:36 | Attr = ] < User Startup > -> C:\Documents and Settings\Jean-Christophe\Menu Démarrer\Programmes\Démarrage -> -> %UserStartup%\system.exe -> [Ver = | Size = 7680 bytes | Modified Date = 13/09/2007 11:06:42 | Attr = ] < AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> < ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 30/05/2007 14:29:58 | Attr = ] < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> C:\WINDOWS\system32\printer.exe -> %System32%\printer.exe -> [Ver = | Size = 7680 bytes | Modified Date = 13/09/2007 11:06:42 | Attr = ] < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> PCANotify -> %System32%\PCANotify.dll -> Symantec Corporation [Ver = 11.0.0.730 | Size = 8704 bytes | Modified Date = 29/05/2003 11:00:00 | Attr = ] < CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoControlPanel -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\RUN\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\UNINSTALL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WINDOWSUPDATE\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp\ -> -> < CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoControlPanel -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoWindowsUpdate -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\DISALLOWCPL\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\DISALLOWRUN\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\RESTRICTCPL\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\RESTRICTRUN\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\RUN\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\UNINSTALL\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WINDOWSUPDATE\ -> -> < HOSTS File > (698 bytes) -> C:\WINDOWS\SYSTEM32\Drivers\etc\hosts -> 127.0.0.1 localhost -> -> < Internet Explorer Settings > -> -> HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome -> HKLM: Main\\Default_Search_URL -> http://www.google.com/ie -> HKLM: Local Page -> C:\windows\system32\blank.htm -> HKLM: Search Page -> http://www.google.com -> HKLM: Start Page -> http://www.google.com -> HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKCU: Local Page -> C:\windows\system32\blank.htm -> HKCU: Search Bar -> http://www.google.com/ie -> HKCU: Search Page -> http://www.google.com -> HKCU: Start Page -> http://www.google.com -> HKCU: ProxyEnable -> 0 -> < Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> msn.com [ - ] -> -> < Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found < Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Data - Key not found [MenuText: Console Java (Sun)] -> File not found {e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found < Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xporter vers Microsoft Excel -> -> File not found < User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> Wanadoo 6.2 -> IEAKFT -> < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {73767719-2D51-49BC-A421-5C2F73651A61} -> (Carte réseau 1394) -> {81260026-7663-40F1-88CE-7C27A0FBAA76} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) -> {8D0D86C8-075B-488D-A3C0-F7CA1E023D02} -> () -> < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp -> Reg Data - Key not found -> File not found msdaipp -> Reg Data - Key not found -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {09C21411-B9A2-4DE6-8416-4E3B58577BE0} -> France Telecom MDM ActiveX Control - CodeBase = http://minitelweb.minitel.com/imin_data/ocx/MDM.cab -> {166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwa...director/sw.cab -> {193C772A-87BE-4B19-A7BB-445B226FE9A1} -> ewidoOnlineScan Control - CodeBase = http://downloads.ewido.net/ewidoOnlineScan.cab -> {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} -> Contrôleur de DownloadManager - CodeBase = http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.0.8.cab -> {6E5E167B-1566-4316-B27F-0DDAB3484CF7} -> Image Uploader Control - CodeBase = http://webalbum.foto.com/NewUploader/ImageUploader4.cab -> {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -> HouseCall Control - CodeBase = http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab -> {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.4.2_05 - CodeBase = http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -> - CodeBase = http://fpdownload.macromedia.com/get/shock...h/ultrashim.cab -> {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} -> - CodeBase = http://www.extrafilm.fr/net/import/ImageUploader3.cab -> {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} -> IPSUploader4 Control - CodeBase = http://photoservice.fujicolor.de/ips-opdat...PSUploader4.cab -> {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_05 - CodeBase = http://java.sun.com/products/plugin/autodl...indows-i586.cab -> {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> get_atlcom Class - CodeBase = http://www.adobe.com/products/acrobat/nos/gp.cab -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -> {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} -> Creative Product Registration ActiveX Control Module - CodeBase = http://www.creative.com/register/OCXs/CtORWebClientNoMFC.cab -> {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} -> - CodeBase = http://webalbum.foto.com/FUploader/SpeedUploader.cab -> [Registry - Additional Scans - Non-Microsoft Only] < Security Settings > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Service de transfert intelligent en arrière-plan -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> Rpcss; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfère des fichiers en tâche de fond en utilisant la bande passante du réseau lors de ses périodes d'inactivité. Si le service est arrêté, des fonctionnalités telles que Windows Update et MSN Explorer ne pourront plus télécharger automatiquement des programmes et d'autres informations. Si ce service est désactivé, tous les services qui en dépendent explicitement peuvent présenter des problèmes de transfert de fichiers s'ils ne disposent pas d'un mécanisme sûr de remplacement pour transférer les fichier -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> Root\LEGACY_BITS00 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Pare-feu Windows / Partage de connexion Internet -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 900 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\i\ -> -> Key not found -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{5D80C184-559B-435E-B9DF-EA7D94A5FEAF} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{24806EA2-17C2-4B00-AE47-907EE1F089D9} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{73767719-2D51-49BC-A421-5C2F73651A61} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{81260026-7663-40F1-88CE-7C27A0FBAA76} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{75B9B6C6-B242-4771-972D-530855D339B1} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{CF3CE4F0-8E80-461F-BEBB-EF6C76682295} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{3DEF0CBF-036D-4D0D-BC8D-AB892F547E4D} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{7D7500E7-A627-458E-B822-2CF005B4C626} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> Root\LEGACY_SHAREDACCESS00 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Mises à jour automatiques -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Active le téléchargement et l'installation de mises à jour Windows critiques. Si le service est désactivé, le système d'exploitation peut être mis à jour manuellement sur le site Web de Windows Update. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> Root\LEGACY_WUAUSERV00 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> < Software Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\\tWhiteList -> Close|GeneralInfo|Quit|FirstPage|PrevPage|NextPage|LastPage|ActualSize|FitPage|FitWidth|FitHeight|SinglePage|OneColumn|TwoPages|TwoColumns|ZoomViewIn|ZoomViewOut|ShowHideBookmarks|ShowHideThumbnails|Print|GoToPage|ZoomTo|GeneralPrefs|SaveAs|FullScreen|OpenOrganizer|Scan|Web2PDF:OpnURL|AcroSendMail:SendMail|Spelling:Check Spelling|PageSetup|Find|FindSearch|GoBack|GoForward|FitVisible|ShowHideToolbarEditing|ShowHideToolbarCommenting|ShowHideToolbarEdit|ShowHideToolbarFile|ShowHideToolbarFind|ShowHideToolbarForms|ShowHideToolbarMeasuring|ShowHideToolbarData|ShowHideToolbarPageDisplay|ShowHideToolbarNavigation|ShowHideToolbarPrintProduction|ShowHideToolbarRedaction|ShowHideToolbarBasicTools|ShowHideToolbarTasks|ShowHideToolbarTypewriter|PropertyToolbar|ShowHideArticles|ShowHideFileAttachment|ShowHideAnnotManager|ShowHideFields|ShowHideOptCont|ShowHideModelTree|ShowHideSignatures|InsertPages|ExtractPages|ReplacePages|DeletePages|CropPages|RotatePages|AddFileAttachment|FindCurrentBookmark|BookmarkShowLocation|GoBackDoc|GoForwardDoc|HelpUserGuide|HelpReader -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\\tBuiltInPermList -> version:1|.ade:3|.adp:3|.app:3|.asp:3|.bas:3|.bat:3|.bz:3|.bz2:3|.chm:3|.class:3|.cmd:3|.com:3|.command:3|.cpl:3|.crt:3|.csh:3|.desktop:3|.exe:3|.fxp:3|.gz:3|.hex:3|.hlp:3|.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|.js:3|.jse:3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|.mau:3|.mav:3|.maw:3|.mda:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|.mst:3|.ocx:3|.ops:3|.pcd:3|.pi:3|.pif:3|.prf:3|.prg:3|.pst:3|.rar:3|.reg:3|.scf:3|.scr:3|.sct:3|.sea:3|.shb:3|.shs:3|.sit:3|.tar:3|.tgz:3|.tmp:3|.url:3|.vb:3|.vbe:3|.vbs:3|.vsmacros:3|.vss:3|.vst:3|.vsw:3|.webloc:3|.ws:3|.wsc:3|.wsf:3|.wsh:3|.zip:3|.zlo:3|.zoo:3|.pdf:2|.fdf:2 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\\tSchemePerms -> version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> ADE;ADP;BAS;BAT;CHM;CMD;COM;CPL;CRT;EXE;HLP;HTA;INF;INS;ISP;LNK;MDB;MDE;MSC;MSI;MSP;MST;OCX;PCD;PIF;REG;SCR;SHS;URL;VB;WSC; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> ^«0O•zI‰j HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> ; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> g°Ô‹4:?Ó¼éÜdgó” -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> ; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> 2xÜþøÈ“ÜŠ°Ý„} -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> –; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> ½š*ÛBëØV%Mø/g -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> å; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> 8k_„ìöiÓk•j"À€ -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> r; -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> -> < Software Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ -> HKEY_CURRENT_USER\Software\Policies\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AppCompat\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\ -> -> [Files/Folders - Created Within 60 days] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 267964416 bytes | Created Date = 02/01/1601 23:00:00 | Attr = HS] FOUND.000 -> %SystemDrive%\FOUND.000 -> [Folder | Created Date = 29/07/2007 15:25:24 | Attr = HS] FOUND.001 -> %SystemDrive%\FOUND.001 -> [Folder | Created Date = 29/07/2007 15:25:24 | Attr = HS] FOUND.002 -> %SystemDrive%\FOUND.002 -> [Folder | Created Date = 29/07/2007 15:25:24 | Attr = HS] FOUND.003 -> %SystemDrive%\FOUND.003 -> [Folder | Created Date = 29/07/2007 16:38:38 | Attr = HS] FOUND.004 -> %SystemDrive%\FOUND.004 -> [Folder | Created Date = 29/07/2007 16:55:14 | Attr = HS] SmitfraudFix.exe -> %SystemDrive%\SmitfraudFix.exe -> [Ver = | Size = 883694 bytes | Created Date = 18/09/2007 22:31:19 | Attr = ] SmitfraudFix -> %SystemDrive%\SmitfraudFix -> [Folder | Created Date = 18/09/2007 22:08:11 | Attr = ] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 23/09/2007 07:54:33 | Attr = ] qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 20/09/2007 20:19:26 | Attr = ] catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 109056 bytes | Created Date = 20/09/2007 20:19:12 | Attr = ] PATCH.EXE -> %SystemRoot%\PATCH.EXE -> Trend Micro Inc. [Ver = 1,81,0,1011 | Size = 286720 bytes | Created Date = 19/09/2007 06:23:15 | Attr = ] UNZIP.DLL -> %SystemRoot%\UNZIP.DLL -> Trend Micro Inc. [Ver = 1.32.0.1000 | Size = 69689 bytes | Created Date = 19/09/2007 06:23:15 | Attr = ] EHome -> %SystemRoot%\EHome -> [Folder | Created Date = 30/07/2007 12:48:56 | Attr = ] NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 20/09/2007 20:19:12 | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 20/09/2007 20:20:45 | Attr = ] Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Created Date = 22/09/2007 18:17:54 | Attr = ] zllsputility.exe -> %SystemRoot%\zllsputility.exe -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 75248 bytes | Created Date = 22/09/2007 18:19:50 | Attr = ] zllsputility_loc040c.dll -> %SystemRoot%\zllsputility_loc040c.dll -> Zone Labs Inc. [Ver = 5.3.017.000 | Size = 42384 bytes | Created Date = 22/09/2007 18:19:58 | Attr = ] TMUPDATE.DLL -> %SystemRoot%\TMUPDATE.DLL -> Trend Micro Inc. [Ver = 1,81,0,1011 | Size = 507904 bytes | Created Date = 19/09/2007 06:23:16 | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1268 bytes | Created Date = 01/09/2007 14:57:36 | Attr = ] nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Created Date = 21/08/2007 19:28:54 | Attr = ] $NtUninstallKB914388_0$ -> %SystemRoot%\$NtUninstallKB914388_0$ -> [Folder | Created Date = 30/07/2007 12:15:48 | Attr = H ] $NtUninstallKB921883_0$ -> %SystemRoot%\$NtUninstallKB921883_0$ -> [Folder | Created Date = 30/07/2007 12:16:31 | Attr = H ] peernet -> %SystemRoot%\peernet -> [Folder | Created Date = 30/07/2007 12:58:22 | Attr = ] $NtUninstallKB917422_0$ -> %SystemRoot%\$NtUninstallKB917422_0$ -> [Folder | Created Date = 30/07/2007 12:17:21 | Attr = H ] $NtUninstallKB920670_0$ -> %SystemRoot%\$NtUninstallKB920670_0$ -> [Folder | Created Date = 30/07/2007 12:18:14 | Attr = H ] $NtUninstallKB920683_0$ -> %SystemRoot%\$NtUninstallKB920683_0$ -> [Folder | Created Date = 30/07/2007 12:19:03 | Attr = H ] $NtUninstallKB921398_0$ -> %SystemRoot%\$NtUninstallKB921398_0$ -> [Folder | Created Date = 30/07/2007 12:20:08 | Attr = H ] $NtUninstallKB922616_0$ -> %SystemRoot%\$NtUninstallKB922616_0$ -> [Folder | Created Date = 30/07/2007 12:21:20 | Attr = H ] $NtUninstallKB919007_0$ -> %SystemRoot%\$NtUninstallKB919007_0$ -> [Folder | Created Date = 30/07/2007 12:22:04 | Attr = H ] $NtUninstallKB920685_0$ -> %SystemRoot%\$NtUninstallKB920685_0$ -> [Folder | Created Date = 30/07/2007 12:22:57 | Attr = H ] $NtUninstallKB918899-IE6SP1-20060725.123917$ -> %SystemRoot%\$NtUninstallKB918899-IE6SP1-20060725.123917$ -> [Folder | Created Date = 30/07/2007 12:24:02 | Attr = H ] $NtUninstallKB925486-IE6SP1-20060918.120000$ -> %SystemRoot%\$NtUninstallKB925486-IE6SP1-20060918.120000$ -> [Folder | Created Date = 30/07/2007 12:24:59 | Attr = H ] $NtUninstallKB923414_0$ -> %SystemRoot%\$NtUninstallKB923414_0$ -> [Folder | Created Date = 30/07/2007 12:26:02 | Attr = H ] $NtUninstallKB924496_0$ -> %SystemRoot%\$NtUninstallKB924496_0$ -> [Folder | Created Date = 30/07/2007 12:27:03 | Attr = H ] $NtUninstallKB923191_0$ -> %SystemRoot%\$NtUninstallKB923191_0$ -> [Folder | Created Date = 30/07/2007 12:28:24 | Attr = H ] $NtUninstallKB924191_0$ -> %SystemRoot%\$NtUninstallKB924191_0$ -> [Folder | Created Date = 30/07/2007 12:29:42 | Attr = H ] $NtUninstallKB922819_0$ -> %SystemRoot%\$NtUninstallKB922819_0$ -> [Folder | Created Date = 30/07/2007 12:30:44 | Attr = H ] $NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Created Date = 30/07/2007 12:49:00 | Attr = H ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 30/07/2007 13:38:08 | Attr = ] ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Created Date = 30/07/2007 12:56:10 | Attr = ] provisioning -> %SystemRoot%\provisioning -> [Folder | Created Date = 30/07/2007 12:58:19 | Attr = ] $NtUninstallKB902400$ -> %SystemRoot%\$NtUninstallKB902400$ -> [Folder | Created Date = 30/07/2007 13:02:36 | Attr = H ] $NtUninstallKB896423$ -> %SystemRoot%\$NtUninstallKB896423$ -> [Folder | Created Date = 30/07/2007 13:03:34 | Attr = H ] $NtUninstallKB890859$ -> %SystemRoot%\$NtUninstallKB890859$ -> [Folder | Created Date = 30/07/2007 13:04:13 | Attr = H ] $NtUninstallKB908519$ -> %SystemRoot%\$NtUninstallKB908519$ -> [Folder | Created Date = 30/07/2007 13:04:58 | Attr = H ] $NtUninstallKB896428$ -> %SystemRoot%\$NtUninstallKB896428$ -> [Folder | Created Date = 30/07/2007 13:05:40 | Attr = H ] $NtUninstallKB905749$ -> %SystemRoot%\$NtUninstallKB905749$ -> [Folder | Created Date = 30/07/2007 13:06:18 | Attr = H ] $NtUninstallKB912919$ -> %SystemRoot%\$NtUninstallKB912919$ -> [Folder | Created Date = 30/07/2007 13:06:56 | Attr = H ] $NtUninstallKB900725$ -> %SystemRoot%\$NtUninstallKB900725$ -> [Folder | Created Date = 30/07/2007 13:07:34 | Attr = H ] $NtUninstallKB888302$ -> %SystemRoot%\$NtUninstallKB888302$ -> [Folder | Created Date = 30/07/2007 13:08:16 | Attr = H ] $NtUninstallKB901214$ -> %SystemRoot%\$NtUninstallKB901214$ -> [Folder | Created Date = 30/07/2007 13:08:53 | Attr = H ] $NtUninstallKB905414$ -> %SystemRoot%\$NtUninstallKB905414$ -> [Folder | Created Date = 30/07/2007 13:09:32 | Attr = H ] $NtUninstallKB890046$ -> %SystemRoot%\$NtUninstallKB890046$ -> [Folder | Created Date = 30/07/2007 13:10:09 | Attr = H ] $NtUninstallKB891781$ -> %SystemRoot%\$NtUninstallKB891781$ -> [Folder | Created Date = 30/07/2007 13:10:49 | Attr = H ] $NtUninstallKB896358$ -> %SystemRoot%\$NtUninstallKB896358$ -> [Folder | Created Date = 30/07/2007 13:11:28 | Attr = H ] $NtUninstallKB888113$ -> %SystemRoot%\$NtUninstallKB888113$ -> [Folder | Created Date = 30/07/2007 13:12:07 | Attr = H ] $NtUninstallKB873339$ -> %SystemRoot%\$NtUninstallKB873339$ -> [Folder | Created Date = 30/07/2007 13:12:53 | Attr = H ] $NtUninstallKB893756$ -> %SystemRoot%\$NtUninstallKB893756$ -> [Folder | Created Date = 30/07/2007 13:13:31 | Attr = H ] $NtUninstallKB896424$ -> %SystemRoot%\$NtUninstallKB896424$ -> [Folder | Created Date = 30/07/2007 13:14:10 | Attr = H ] $NtUninstallKB899591$ -> %SystemRoot%\$NtUninstallKB899591$ -> [Folder | Created Date = 30/07/2007 13:14:49 | Attr = H ] $NtUninstallKB901017$ -> %SystemRoot%\$NtUninstallKB901017$ -> [Folder | Created Date = 30/07/2007 13:15:27 | Attr = H ] $NtUninstallKB911927$ -> %SystemRoot%\$NtUninstallKB911927$ -> [Folder | Created Date = 30/07/2007 13:16:08 | Attr = H ] $NtUninstallKB885836$ -> %SystemRoot%\$NtUninstallKB885836$ -> [Folder | Created Date = 30/07/2007 13:16:49 | Attr = H ] $NtUninstallKB885835$ -> %SystemRoot%\$NtUninstallKB885835$ -> [Folder | Created Date = 30/07/2007 13:17:26 | Attr = H ] $NtUninstallKB896422$ -> %SystemRoot%\$NtUninstallKB896422$ -> [Folder | Created Date = 30/07/2007 13:18:05 | Attr = H ] $NtUninstallKB899587$ -> %SystemRoot%\$NtUninstallKB899587$ -> [Folder | Created Date = 30/07/2007 13:18:43 | Attr = H ] $NtUninstallKB911562$ -> %SystemRoot%\$NtUninstallKB911562$ -> [Folder | Created Date = 30/07/2007 13:19:22 | Attr = H ] $NtUninstallKB908531$ -> %SystemRoot%\$NtUninstallKB908531$ -> [Folder | Created Date = 30/07/2007 13:20:01 | Attr = H ] $NtUninstallKB913580$ -> %SystemRoot%\$NtUninstallKB913580$ -> [Folder | Created Date = 30/07/2007 13:20:45 | Attr = H ] $NtUninstallKB914389$ -> %SystemRoot%\$NtUninstallKB914389$ -> [Folder | Created Date = 30/07/2007 13:21:26 | Attr = H ] $NtUninstallKB917953$ -> %SystemRoot%\$NtUninstallKB917953$ -> [Folder | Created Date = 30/07/2007 13:22:08 | Attr = H ] $NtUninstallKB917344$ -> %SystemRoot%\$NtUninstallKB917344$ -> [Folder | Created Date = 30/07/2007 13:22:50 | Attr = H ] $NtUninstallKB911280$ -> %SystemRoot%\$NtUninstallKB911280$ -> [Folder | Created Date = 30/07/2007 13:23:34 | Attr = H ] $NtUninstallKB910437$ -> %SystemRoot%\$NtUninstallKB910437$ -> [Folder | Created Date = 30/07/2007 13:24:15 | Attr = H ] $NtUninstallKB914388$ -> %SystemRoot%\$NtUninstallKB914388$ -> [Folder | Created Date = 30/07/2007 13:24:55 | Attr = H ] $NtUninstallKB921883$ -> %SystemRoot%\$NtUninstallKB921883$ -> [Folder | Created Date = 30/07/2007 13:25:36 | Attr = H ] $NtUninstallKB920683$ -> %SystemRoot%\$NtUninstallKB920683$ -> [Folder | Created Date = 30/07/2007 13:26:19 | Attr = H ] $NtUninstallKB917422$ -> %SystemRoot%\$NtUninstallKB917422$ -> [Folder | Created Date = 30/07/2007 13:27:02 | Attr = H ] $NtUninstallKB920670$ -> %SystemRoot%\$NtUninstallKB920670$ -> [Folder | Created Date = 30/07/2007 13:27:43 | Attr = H ] $NtUninstallKB921398$ -> %SystemRoot%\$NtUninstallKB921398$ -> [Folder | Created Date = 30/07/2007 13:28:22 | Attr = H ] $NtUninstallKB922616$ -> %SystemRoot%\$NtUninstallKB922616$ -> [Folder | Created Date = 30/07/2007 13:29:05 | Attr = H ] $NtUninstallKB919007$ -> %SystemRoot%\$NtUninstallKB919007$ -> [Folder | Created Date = 30/07/2007 13:29:45 | Attr = H ] $NtUninstallKB920685$ -> %SystemRoot%\$NtUninstallKB920685$ -> [Folder | Created Date = 30/07/2007 13:30:27 | Attr = H ] $NtUninstallKB923191$ -> %SystemRoot%\$NtUninstallKB923191$ -> [Folder | Created Date = 30/07/2007 13:31:12 | Attr = H ] $NtUninstallKB924496$ -> %SystemRoot%\$NtUninstallKB924496$ -> [Folder | Created Date = 30/07/2007 13:31:53 | Attr = H ] $NtUninstallKB923414$ -> %SystemRoot%\$NtUninstallKB923414$ -> [Folder | Created Date = 30/07/2007 13:32:33 | Attr = H ] $NtUninstallKB922819$ -> %SystemRoot%\$NtUninstallKB922819$ -> [Folder | Created Date = 30/07/2007 13:33:14 | Attr = H ] $NtUninstallKB924191$ -> %SystemRoot%\$NtUninstallKB924191$ -> [Folder | Created Date = 30/07/2007 13:33:55 | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 31/07/2007 20:45:42 | Attr = ] $NtUninstallKB885884$ -> %SystemRoot%\$NtUninstallKB885884$ -> [Folder | Created Date = 30/07/2007 14:04:16 | Attr = H ] $NtUninstallKB886185$ -> %SystemRoot%\$NtUninstallKB886185$ -> [Folder | Created Date = 30/07/2007 14:04:23 | Attr = H ] $NtUninstallKB887472$ -> %SystemRoot%\$NtUninstallKB887472$ -> [Folder | Created Date = 30/07/2007 14:04:27 | Attr = H ] $NtUninstallKB900485$ -> %SystemRoot%\$NtUninstallKB900485$ -> [Folder | Created Date = 30/07/2007 14:04:42 | Attr = H ] $NtUninstallKB922582$ -> %SystemRoot%\$NtUninstallKB922582$ -> [Folder | Created Date = 30/07/2007 14:04:49 | Attr = H ] $NtUninstallKB916595$ -> %SystemRoot%\$NtUninstallKB916595$ -> [Folder | Created Date = 30/07/2007 14:04:53 | Attr = H ] $NtUninstallKB920872$ -> %SystemRoot%\$NtUninstallKB920872$ -> [Folder | Created Date = 30/07/2007 14:05:00 | Attr = H ] $NtUninstallKB924270$ -> %SystemRoot%\$NtUninstallKB924270$ -> [Folder | Created Date = 30/07/2007 14:05:05 | Attr = H ] $NtUninstallKB923980$ -> %SystemRoot%\$NtUninstallKB923980$ -> [Folder | Created Date = 30/07/2007 14:05:10 | Attr = H ] $NtUninstallKB926255$ -> %SystemRoot%\$NtUninstallKB926255$ -> [Folder | Created Date = 30/07/2007 14:05:14 | Attr = H ] $NtUninstallKB929969$ -> %SystemRoot%\$NtUninstallKB929969$ -> [Folder | Created Date = 30/07/2007 14:05:18 | Attr = H ] $NtUninstallKB928255$ -> %SystemRoot%\$NtUninstallKB928255$ -> [Folder | Created Date = 30/07/2007 14:05:23 | Attr = H ] $NtUninstallKB928843$ -> %SystemRoot%\$NtUninstallKB928843$ -> [Folder | Created Date = 30/07/2007 14:05:31 | Attr = H ] $NtUninstallKB927802$ -> %SystemRoot%\$NtUninstallKB927802$ -> [Folder | Created Date = 30/07/2007 14:05:36 | Attr = H ] $NtUninstallKB924667$ -> %SystemRoot%\$NtUninstallKB924667$ -> [Folder | Created Date = 30/07/2007 14:05:40 | Attr = H ] $NtUninstallKB927779$ -> %SystemRoot%\$NtUninstallKB927779$ -> [Folder | Created Date = 30/07/2007 14:05:45 | Attr = H ] $NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Created Date = 30/07/2007 14:05:50 | Attr = H ] $NtUninstallKB926436$ -> %SystemRoot%\$NtUninstallKB926436$ -> [Folder | Created Date = 30/07/2007 14:05:55 | Attr = H ] $NtUninstallKB931836$ -> %SystemRoot%\$NtUninstallKB931836$ -> [Folder | Created Date = 30/07/2007 14:06:00 | Attr = H ] $NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Created Date = 30/07/2007 14:06:05 | Attr = H ] $NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Created Date = 30/07/2007 14:06:11 | Attr = H ] $NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Created Date = 30/07/2007 14:06:19 | Attr = H ] $NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Created Date = 30/07/2007 14:06:23 | Attr = H ] $NtUninstallKB904942$ -> %SystemRoot%\$NtUninstallKB904942$ -> [Folder | Created Date = 30/07/2007 14:10:39 | Attr = H ] $NtUninstallKB914440$ -> %SystemRoot%\$NtUninstallKB914440$ -> [Folder | Created Date = 30/07/2007 14:10:46 | Attr = H ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 30/07/2007 14:10:48 | Attr = ] $NtUninstallKB915865$ -> %SystemRoot%\$NtUninstallKB915865$ -> [Folder | Created Date = 30/07/2007 14:11:49 | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 30/07/2007 14:12:16 | Attr = H ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 30/07/2007 14:12:39 | Attr = H ] ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 30/07/2007 14:12:55 | Attr = H ] WBEM -> %SystemRoot%\WBEM -> [Folder | Created Date = 30/07/2007 14:14:12 | Attr = ] $NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Created Date = 30/07/2007 14:14:47 | Attr = H ] $NtUninstallKB920213$ -> %SystemRoot%\$NtUninstallKB920213$ -> [Folder | Created Date = 30/07/2007 14:14:51 | Attr = H ] $NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Created Date = 30/07/2007 14:14:56 | Attr = H ] $NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Created Date = 30/07/2007 14:15:01 | Attr = H ] $NtUninstallKB933566$ -> %SystemRoot%\$NtUninstallKB933566$ -> [Folder | Created Date = 30/07/2007 14:15:09 | Attr = H ] $NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Created Date = 30/07/2007 14:15:17 | Attr = H ] $NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Created Date = 30/07/2007 14:15:22 | Attr = H ] $NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Created Date = 30/07/2007 14:15:27 | Attr = H ] $NtUninstallKB925398_WMP64$ -> %SystemRoot%\$NtUninstallKB925398_WMP64$ -> [Folder | Created Date = 30/07/2007 14:15:49 | Attr = H ] $NtUninstallKB923689$ -> %SystemRoot%\$NtUninstallKB923689$ -> [Folder | Created Date = 30/07/2007 14:16:03 | Attr = H ] $NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Created Date = 30/08/2007 21:47:55 | Attr = H ] $NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Created Date = 30/08/2007 21:49:09 | Attr = H ] $NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Created Date = 30/08/2007 21:49:13 | Attr = H ] $NtUninstallKB936782_WMP9$ -> %SystemRoot%\$NtUninstallKB936782_WMP9$ -> [Folder | Created Date = 30/08/2007 21:49:35 | Attr = H ] $NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Created Date = 30/08/2007 21:49:41 | Attr = H ] $NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Created Date = 30/08/2007 21:49:46 | Attr = H ] AU_Log -> %SystemRoot%\AU_Log -> [Folder | Created Date = 19/09/2007 06:23:22 | Attr = ] AU_Temp -> %SystemRoot%\AU_Temp -> [Folder | Created Date = 19/09/2007 06:23:23 | Attr = ] GetServer.ini -> %SystemRoot%\GetServer.ini -> [Ver = | Size = 170 bytes | Created Date = 19/09/2007 06:23:23 | Attr = ] VPTNFILE.725 -> %SystemRoot%\VPTNFILE.725 -> [Ver = | Size = 37727661 bytes | Created Date = 19/09/2007 06:25:25 | Attr = ] BPMNT.dll -> %SystemRoot%\BPMNT.dll -> Trend Micro Inc. [Ver = 8.000-1001 | Size = 86094 bytes | Created Date = 19/09/2007 06:25:31 | Attr = ] vsapi32.dll -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 8.500-1002 | Size = 1163344 bytes | Created Date = 19/09/2007 06:25:31 | Attr = ] hcextoutput.dll -> %SystemRoot%\hcextoutput.dll -> [Ver = | Size = 71749 bytes | Created Date = 19/09/2007 06:25:31 | Attr = ] tsc.exe -> %SystemRoot%\tsc.exe -> Trend Micro Inc. [Ver = 5.3.0.1103 | Size = 267845 bytes | Created Date = 19/09/2007 06:25:31 | Attr = ] tsc.ini -> %SystemRoot%\tsc.ini -> [Ver = | Size = 823 bytes | Created Date = 19/09/2007 06:25:31 | Attr = ] tsc.ptn -> %SystemRoot%\tsc.ptn -> [Ver = | Size = 1871245 bytes | Created Date = 19/09/2007 06:25:31 | Attr = ] AU_Backup -> %SystemRoot%\AU_Backup -> [Folder | Created Date = 19/09/2007 06:25:32 | Attr = ] LPT$VPN.725 -> %SystemRoot%\LPT$VPN.725 -> [Ver = | Size = 37727661 bytes | Created Date = 19/09/2007 06:25:51 | Attr = ] report -> %SystemRoot%\report -> [Folder | Created Date = 19/09/2007 06:26:08 | Attr = ] tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3398 bytes | Created Date = 18/09/2007 21:39:58 | Attr = ] printer.exe -> %System32%\printer.exe -> [Ver = | Size = 7680 bytes | Created Date = 23/09/2007 08:12:25 | Attr = ] vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 58727 bytes | Created Date = 22/09/2007 18:18:31 | Attr = ] moveex.exe -> %System32%\moveex.exe -> [Ver = | Size = 38400 bytes | Created Date = 20/09/2007 20:19:11 | Attr = ] vsdatant.sys -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 394984 bytes | Created Date = 22/09/2007 18:18:31 | Attr = ] vsdata.dll -> %System32%\vsdata.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 83432 bytes | Created Date = 22/09/2007 18:17:54 | Attr = ] vsutil.dll -> %System32%\vsutil.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 472552 bytes | Created Date = 22/09/2007 18:17:53 | Attr = ] vsmonapi.dll -> %System32%\vsmonapi.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 103912 bytes | Created Date = 22/09/2007 18:18:33 | Attr = ] vspubapi.dll -> %System32%\vspubapi.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 275944 bytes | Created Date = 22/09/2007 18:18:33 | Attr = ] vsinit.dll -> %System32%\vsinit.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 157160 bytes | Created Date = 22/09/2007 18:17:54 | Attr = ] vswmi.dll -> %System32%\vswmi.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 46568 bytes | Created Date = 22/09/2007 18:18:37 | Attr = ] vsxml.dll -> %System32%\vsxml.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 99816 bytes | Created Date = 22/09/2007 18:18:34 | Attr = ] aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 801144 bytes | Created Date = 29/07/2007 16:57:50 | Attr = ] fr-fr -> %System32%\fr-fr -> [Folder | Created Date = 30/07/2007 14:14:12 | Attr = ] WinAvXX.exe -> %System32%\WinAvXX.exe -> [Ver = | Size = 7680 bytes | Created Date = 23/09/2007 08:12:25 | Attr = ] zpeng24.dll -> %System32%\zpeng24.dll -> Python Software Foundation [Ver = 2.4.2 | Size = 1086952 bytes | Created Date = 22/09/2007 18:18:34 | Attr = ] ZoneLabs -> %System32%\ZoneLabs -> [Folder | Created Date = 22/09/2007 18:18:33 | Attr = ] zlcommdb.dll -> %System32%\zlcommdb.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 71144 bytes | Created Date = 22/09/2007 18:18:52 | Attr = ] zlcomm.dll -> %System32%\zlcomm.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 83432 bytes | Created Date = 22/09/2007 18:18:51 | Attr = ] vsregexp.dll -> %System32%\vsregexp.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 71144 bytes | Created Date = 22/09/2007 18:18:54 | Attr = ] zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Created Date = 22/09/2007 18:20:09 | Attr = H ] VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 20/09/2007 20:19:11 | Attr = ] libeay32_0.9.6l.dll -> %System32%\libeay32_0.9.6l.dll -> [Ver = | Size = 796048 bytes | Created Date = 22/09/2007 18:18:54 | Attr = ] vsutil_loc040c.dll -> %System32%\vsutil_loc040c.dll -> Zone Labs Inc. [Ver = 5.3.017.000 | Size = 54672 bytes | Created Date = 22/09/2007 18:19:57 | Attr = ] imsinstall_loc040c.dll -> %System32%\imsinstall_loc040c.dll -> [Ver = | Size = 21904 bytes | Created Date = 22/09/2007 18:19:58 | Attr = ] imslsp_install_loc040c.dll -> %System32%\imslsp_install_loc040c.dll -> [Ver = | Size = 17808 bytes | Created Date = 22/09/2007 18:19:58 | Attr = ] actskin4.ocx -> %System32%\actskin4.ocx -> [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 29/07/2007 16:57:50 | Attr = ] AvastSS.scr -> %System32%\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 95608 bytes | Created Date = 29/07/2007 16:57:57 | Attr = ] AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 14/09/2007 13:05:17 | Attr = ] klif.sys -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 7.0.0.90 | Size = 119576 bytes | Created Date = 22/09/2007 18:19:03 | Attr = ] kl1.sys -> %System32%\drivers\kl1.sys -> Kaspersky Lab [Ver = 6.1.18.0 | Size = 110360 bytes | Created Date = 22/09/2007 18:19:03 | Attr = ] fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 32 bytes | Created Date = 22/09/2007 18:19:32 | Attr = HS] fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 32 bytes | Created Date = 22/09/2007 18:19:33 | Attr = HS] klick.dat -> %System32%\drivers\klick.dat -> [Ver = | Size = 75932 bytes | Created Date = 22/09/2007 18:19:42 | Attr = ] klin.dat -> %System32%\drivers\klin.dat -> [Ver = | Size = 74396 bytes | Created Date = 22/09/2007 18:19:42 | Attr = ] aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 92848 bytes | Created Date = 29/07/2007 16:57:55 | Attr = ] aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 94416 bytes | Created Date = 29/07/2007 16:57:55 | Attr = ] aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 26624 bytes | Created Date = 29/07/2007 16:57:59 | Attr = ] aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 42912 bytes | Created Date = 29/07/2007 16:57:59 | Attr = ] aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 23152 bytes | Created Date = 29/07/2007 16:58:00 | Attr = ] hosts.20070919-112423.backup -> %System32%\drivers\etc\hosts.20070919-112423.backup -> [Ver = | Size = 3541 bytes | Created Date = 19/09/2007 10:24:23 | Attr = R ] hosts.20070919-113959.backup -> %System32%\drivers\etc\hosts.20070919-113959.backup -> [Ver = | Size = 659 bytes | Created Date = 19/09/2007 10:39:59 | Attr = R ] hosts.20070919-132252.backup -> %System32%\drivers\etc\hosts.20070919-132252.backup -> [Ver = | Size = 627 bytes | Created Date = 19/09/2007 12:22:52 | Attr = R ] Lavasoft -> %AllUsersAppData%\Lavasoft -> [Folder | Created Date = 29/07/2007 16:07:12 | Attr = ] Windows Genuine Advantage -> %AllUsersAppData%\Windows Genuine Advantage -> [Folder | Created Date = 30/07/2007 12:14:56 | Attr = ] Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Created Date = 14/09/2007 13:05:13 | Attr = ] Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Created Date = 18/09/2007 19:54:46 | Attr = ] MailFrontier -> %AllUsersAppData%\MailFrontier -> [Folder | Created Date = 22/09/2007 18:20:20 | Attr = ] Mozilla -> %UserAppData%\Mozilla -> [Folder | Created Date = 21/08/2007 19:28:51 | Attr = ] Grisoft -> %UserAppData%\Grisoft -> [Folder | Created Date = 14/09/2007 13:05:32 | Attr = ] Mozilla -> %LocalAppData%\Mozilla -> [Folder | Created Date = 21/08/2007 19:28:51 | Attr = ] Ma musique -> %AllUsersDocuments%\Ma musique -> [Folder | Created Date = 30/07/2007 13:00:01 | Attr = R ] a-squared -> %UserDocuments%\a-squared -> [Folder | Created Date = 19/09/2007 11:46:29 | Attr = ] avast! Antivirus.lnk -> %AllUsersDesktop%\avast! Antivirus.lnk -> [Ver = | Size = 1613 bytes | Created Date = 29/07/2007 16:58:00 | Attr = ] AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 753 bytes | Created Date = 14/09/2007 13:05:23 | Attr = ] Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk -> [Ver = | Size = 1694 bytes | Created Date = 14/09/2007 20:09:39 | Attr = ] Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk -> [Ver = | Size = 1694 bytes | Created Date = 14/09/2007 20:09:40 | Attr = ] Navilog1.lnk -> %AllUsersDesktop%\Navilog1.lnk -> [Ver = | Size = 534 bytes | Created Date = 18/09/2007 20:10:16 | Attr = ] a-squared Free.lnk -> %AllUsersDesktop%\a-squared Free.lnk -> [Ver = | Size = 552 bytes | Created Date = 19/09/2007 11:46:50 | Attr = ] Navilog1.exe -> %UserDesktop%\Navilog1.exe -> @IL-MAFIOSO [Ver = | Size = 544635 bytes | Created Date = 18/09/2007 20:08:31 | Attr = ] RegCleaner.lnk -> %UserDesktop%\RegCleaner.lnk -> [Ver = | Size = 549 bytes | Created Date = 19/09/2007 09:56:21 | Attr = ] Warning.mht -> %UserDesktop%\Warning.mht -> [Ver = | Size = 97695 bytes | Created Date = 19/09/2007 20:53:03 | Attr = ] [4]-Submit_2007-09-20@22.07.zip -> %UserDesktop%\[4]-Submit_2007-09-20@22.07.zip -> [Ver = | Size = 417 bytes | Created Date = 20/09/2007 21:07:37 | Attr = ] HostsXpert -> %UserDesktop%\HostsXpert -> [Folder | Created Date = 23/09/2007 19:43:33 | Attr = ] winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 356045 bytes | Created Date = 23/09/2007 19:48:03 | Attr = ] WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Created Date = 23/09/2007 19:48:49 | Attr = ] autorun.exe -> %AllUsersStartup%\autorun.exe -> [Ver = | Size = 7680 bytes | Created Date = 13/09/2007 10:06:48 | Attr = ] system.exe -> %UserStartup%\system.exe -> [Ver = | Size = 7680 bytes | Created Date = 14/09/2007 12:02:56 | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 14/09/2007 20:08:57 | Attr = ] [Files/Folders - Modified Within 60 days] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 267964416 bytes | Modified Date = 23/09/2007 20:36:46 | Attr = HS] FOUND.000 -> %SystemDrive%\FOUND.000 -> [Folder | Modified Date = 29/07/2007 16:25:26 | Attr = HS] FOUND.001 -> %SystemDrive%\FOUND.001 -> [Folder | Modified Date = 29/07/2007 16:25:26 | Attr = HS] FOUND.002 -> %SystemDrive%\FOUND.002 -> [Folder | Modified Date = 29/07/2007 16:25:26 | Attr = HS] NTDETECT.COM -> %SystemDrive%\NTDETECT.COM -> [Ver = | Size = 47564 bytes | Modified Date = 30/07/2007 13:53:20 | Attr = RHS] FOUND.003 -> %SystemDrive%\FOUND.003 -> [Folder | Modified Date = 29/07/2007 17:38:38 | Attr = HS] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 216 bytes | Modified Date = 30/07/2007 14:00:10 | Attr = RHS] FOUND.004 -> %SystemDrive%\FOUND.004 -> [Folder | Modified Date = 29/07/2007 17:55:14 | Attr = HS] SmitfraudFix.exe -> %SystemDrive%\SmitfraudFix.exe -> [Ver = | Size = 883694 bytes | Modified Date = 18/09/2007 23:31:22 | Attr = ] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 23/09/2007 08:54:34 | Attr = ] qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 20/09/2007 21:19:28 | Attr = ] PATCH.EXE -> %SystemRoot%\PATCH.EXE -> Trend Micro Inc. [Ver = 1,81,0,1011 | Size = 286720 bytes | Modified Date = 19/09/2007 07:23:16 | Attr = ] UNZIP.DLL -> %SystemRoot%\UNZIP.DLL -> Trend Micro Inc. [Ver = 1.32.0.1000 | Size = 69689 bytes | Modified Date = 19/09/2007 07:23:16 | Attr = ] EHome -> %SystemRoot%\EHome -> [Folder | Modified Date = 30/07/2007 13:48:58 | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 20/09/2007 21:20:46 | Attr = ] Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 22/09/2007 19:17:56 | Attr = ] TMUPDATE.DLL -> %SystemRoot%\TMUPDATE.DLL -> Trend Micro Inc. [Ver = 1,81,0,1011 | Size = 507904 bytes | Modified Date = 19/09/2007 07:23:18 | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1268 bytes | Modified Date = 01/09/2007 15:57:38 | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 23/09/2007 20:36:48 | Attr = S] nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Modified Date = 21/08/2007 20:28:56 | Attr = ] $NtUninstallKB914388_0$ -> %SystemRoot%\$NtUninstallKB914388_0$ -> [Folder | Modified Date = 30/07/2007 13:15:50 | Attr = H ] $NtUninstallKB921883_0$ -> %SystemRoot%\$NtUninstallKB921883_0$ -> [Folder | Modified Date = 30/07/2007 13:16:32 | Attr = H ] WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 30/07/2007 14:39:08 | Attr = ] peernet -> %SystemRoot%\peernet -> [Folder | Modified Date = 30/07/2007 13:58:24 | Attr = ] $NtUninstallKB917422_0$ -> %SystemRoot%\$NtUninstallKB917422_0$ -> [Folder | Modified Date = 30/07/2007 13:17:22 | Attr = H ] $NtUninstallKB920670_0$ -> %SystemRoot%\$NtUninstallKB920670_0$ -> [Folder | Modified Date = 30/07/2007 13:18:16 | Attr = H ] $NtUninstallKB920683_0$ -> %SystemRoot%\$NtUninstallKB920683_0$ -> [Folder | Modified Date = 30/07/2007 13:19:04 | Attr = H ] $NtUninstallKB921398_0$ -> %SystemRoot%\$NtUninstallKB921398_0$ -> [Folder | Modified Date = 30/07/2007 13:20:10 | Attr = H ] $NtUninstallKB922616_0$ -> %SystemRoot%\$NtUninstallKB922616_0$ -> [Folder | Modified Date = 30/07/2007 13:21:22 | Attr = H ] $NtUninstallKB919007_0$ -> %SystemRoot%\$NtUninstallKB919007_0$ -> [Folder | Modified Date = 30/07/2007 13:22:06 | Attr = H ] $NtUninstallKB920685_0$ -> %SystemRoot%\$NtUninstallKB920685_0$ -> [Folder | Modified Date = 30/07/2007 13:22:58 | Attr = H ] $NtUninstallKB918899-IE6SP1-20060725.123917$ -> %SystemRoot%\$NtUninstallKB918899-IE6SP1-20060725.123917$ -> [Folder | Modified Date = 30/07/2007 13:24:04 | Attr = H ] $NtUninstallKB925486-IE6SP1-20060918.120000$ -> %SystemRoot%\$NtUninstallKB925486-IE6SP1-20060918.120000$ -> [Folder | Modified Date = 30/07/2007 13:25:00 | Attr = H ] $NtUninstallKB923414_0$ -> %SystemRoot%\$NtUninstallKB923414_0$ -> [Folder | Modified Date = 30/07/2007 13:26:04 | Attr = H ] $NtUninstallKB924496_0$ -> %SystemRoot%\$NtUninstallKB924496_0$ -> [Folder | Modified Date = 30/07/2007 13:27:04 | Attr = H ] $NtUninstallKB923191_0$ -> %SystemRoot%\$NtUninstallKB923191_0$ -> [Folder | Modified Date = 30/07/2007 13:28:26 | Attr = H ] $NtUninstallKB924191_0$ -> %SystemRoot%\$NtUninstallKB924191_0$ -> [Folder | Modified Date = 30/07/2007 13:29:44 | Attr = H ] $NtUninstallKB922819_0$ -> %SystemRoot%\$NtUninstallKB922819_0$ -> [Folder | Modified Date = 30/07/2007 13:30:46 | Attr = H ] $NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Modified Date = 30/07/2007 13:49:02 | Attr = H ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 30/07/2007 14:38:10 | Attr = ] ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Modified Date = 30/07/2007 13:56:12 | Attr = ] provisioning -> %SystemRoot%\provisioning -> [Folder | Modified Date = 30/07/2007 13:58:20 | Attr = ] $NtUninstallKB902400$ -> %SystemRoot%\$NtUninstallKB902400$ -> [Folder | Modified Date = 30/07/2007 14:02:38 | Attr = H ] $NtUninstallKB896423$ -> %SystemRoot%\$NtUninstallKB896423$ -> [Folder | Modified Date = 30/07/2007 14:03:36 | Attr = H ] $NtUninstallKB890859$ -> %SystemRoot%\$NtUninstallKB890859$ -> [Folder | Modified Date = 30/07/2007 14:04:14 | Attr = H ] $NtUninstallKB908519$ -> %SystemRoot%\$NtUninstallKB908519$ -> [Folder | Modified Date = 30/07/2007 14:05:00 | Attr = H ] $NtUninstallKB896428$ -> %SystemRoot%\$NtUninstallKB896428$ -> [Folder | Modified Date = 30/07/2007 14:05:42 | Attr = H ] $NtUninstallKB905749$ -> %SystemRoot%\$NtUninstallKB905749$ -> [Folder | Modified Date = 30/07/2007 14:06:20 | Attr = H ] $NtUninstallKB912919$ -> %SystemRoot%\$NtUninstallKB912919$ -> [Folder | Modified Date = 30/07/2007 14:06:58 | Attr = H ] $NtUninstallKB900725$ -> %SystemRoot%\$NtUninstallKB900725$ -> [Folder | Modified Date = 30/07/2007 14:07:36 | Attr = H ] $NtUninstallKB888302$ -> %SystemRoot%\$NtUninstallKB888302$ -> [Folder | Modified Date = 30/07/2007 14:08:18 | Attr = H ] $NtUninstallKB901214$ -> %SystemRoot%\$NtUninstallKB901214$ -> [Folder | Modified Date = 30/07/2007 14:08:54 | Attr = H ] $NtUninstallKB905414$ -> %SystemRoot%\$NtUninstallKB905414$ -> [Folder | Modified Date = 30/07/2007 14:09:34 | Attr = H ] $NtUninstallKB890046$ -> %SystemRoot%\$NtUninstallKB890046$ -> [Folder | Modified Date = 30/07/2007 14:10:10 | Attr = H ] $NtUninstallKB891781$ -> %SystemRoot%\$NtUninstallKB891781$ -> [Folder | Modified Date = 30/07/2007 14:10:50 | Attr = H ] $NtUninstallKB896358$ -> %SystemRoot%\$NtUninstallKB896358$ -> [Folder | Modified Date = 30/07/2007 14:11:30 | Attr = H ] $NtUninstallKB888113$ -> %SystemRoot%\$NtUninstallKB888113$ -> [Folder | Modified Date = 30/07/2007 14:12:08 | Attr = H ] $NtUninstallKB873339$ -> %SystemRoot%\$NtUninstallKB873339$ -> [Folder | Modified Date = 30/07/2007 14:12:54 | Attr = H ] $NtUninstallKB893756$ -> %SystemRoot%\$NtUninstallKB893756$ -> [Folder | Modified Date = 30/07/2007 14:13:32 | Attr = H ] $NtUninstallKB896424$ -> %SystemRoot%\$NtUninstallKB896424$ -> [Folder | Modified Date = 30/07/2007 14:14:12 | Attr = H ] $NtUninstallKB899591$ -> %SystemRoot%\$NtUninstallKB899591$ -> [Folder | Modified Date = 30/07/2007 14:14:50 | Attr = H ] $NtUninstallKB901017$ -> %SystemRoot%\$NtUninstallKB901017$ -> [Folder | Modified Date = 30/07/2007 14:15:28 | Attr = H ] $NtUninstallKB911927$ -> %SystemRoot%\$NtUninstallKB911927$ -> [Folder | Modified Date = 30/07/2007 14:16:10 | Attr = H ] $NtUninstallKB885836$ -> %SystemRoot%\$NtUninstallKB885836$ -> [Folder | Modified Date = 30/07/2007 14:16:50 | Attr = H ] $NtUninstallKB885835$ -> %SystemRoot%\$NtUninstallKB885835$ -> [Folder | Modified Date = 30/07/2007 14:17:28 | Attr = H ] $NtUninstallKB896422$ -> %SystemRoot%\$NtUninstallKB896422$ -> [Folder | Modified Date = 30/07/2007 14:18:06 | Attr = H ] $NtUninstallKB899587$ -> %SystemRoot%\$NtUninstallKB899587$ -> [Folder | Modified Date = 30/07/2007 14:18:44 | Attr = H ] $NtUninstallKB911562$ -> %SystemRoot%\$NtUninstallKB911562$ -> [Folder | Modified Date = 30/07/2007 14:19:24 | Attr = H ] $NtUninstallKB908531$ -> %SystemRoot%\$NtUninstallKB908531$ -> [Folder | Modified Date = 30/07/2007 14:20:02 | Attr = H ] $NtUninstallKB913580$ -> %SystemRoot%\$NtUninstallKB913580$ -> [Folder | Modified Date = 30/07/2007 14:20:46 | Attr = H ] $NtUninstallKB914389$ -> %SystemRoot%\$NtUninstallKB914389$ -> [Folder | Modified Date = 30/07/2007 14:21:28 | Attr = H ] $NtUninstallKB917953$ -> %SystemRoot%\$NtUninstallKB917953$ -> [Folder | Modified Date = 30/07/2007 14:22:10 | Attr = H ] $NtUninstallKB917344$ -> %SystemRoot%\$NtUninstallKB917344$ -> [Folder | Modified Date = 30/07/2007 14:22:52 | Attr = H ] $NtUninstallKB911280$ -> %SystemRoot%\$NtUninstallKB911280$ -> [Folder | Modified Date = 30/07/2007 14:23:36 | Attr = H ] $NtUninstallKB910437$ -> %SystemRoot%\$NtUninstallKB910437$ -> [Folder | Modified Date = 30/07/2007 14:24:16 | Attr = H ] $NtUninstallKB914388$ -> %SystemRoot%\$NtUninstallKB914388$ -> [Folder | Modified Date = 30/07/2007 14:24:56 | Attr = H ] $NtUninstallKB921883$ -> %SystemRoot%\$NtUninstallKB921883$ -> [Folder | Modified Date = 30/07/2007 14:25:38 | Attr = H ] $NtUninstallKB920683$ -> %SystemRoot%\$NtUninstallKB920683$ -> [Folder | Modified Date = 30/07/2007 14:26:20 | Attr = H ] $NtUninstallKB917422$ -> %SystemRoot%\$NtUninstallKB917422$ -> [Folder | Modified Date = 30/07/2007 14:27:04 | Attr = H ] $NtUninstallKB920670$ -> %SystemRoot%\$NtUninstallKB920670$ -> [Folder | Modified Date = 30/07/2007 14:27:44 | Attr = H ] $NtUninstallKB921398$ -> %SystemRoot%\$NtUninstallKB921398$ -> [Folder | Modified Date = 30/07/2007 14:28:24 | Attr = H ] $NtUninstallKB922616$ -> %SystemRoot%\$NtUninstallKB922616$ -> [Folder | Modified Date = 30/07/2007 14:29:06 | Attr = H ] $NtUninstallKB919007$ -> %SystemRoot%\$NtUninstallKB919007$ -> [Folder | Modified Date = 30/07/2007 14:29:46 | Attr = H ] $NtUninstallKB920685$ -> %SystemRoot%\$NtUninstallKB920685$ -> [Folder | Modified Date = 30/07/2007 14:30:28 | Attr = H ] $NtUninstallKB923191$ -> %SystemRoot%\$NtUninstallKB923191$ -> [Folder | Modified Date = 30/07/2007 14:31:14 | Attr = H ] $NtUninstallKB924496$ -> %SystemRoot%\$NtUninstallKB924496$ -> [Folder | Modified Date = 30/07/2007 14:31:54 | Attr = H ] $NtUninstallKB923414$ -> %SystemRoot%\$NtUninstallKB923414$ -> [Folder | Modified Date = 30/07/2007 14:32:34 | Attr = H ] $NtUninstallKB922819$ -> %SystemRoot%\$NtUninstallKB922819$ -> [Folder | Modified Date = 30/07/2007 14:33:16 | Attr = H ] $NtUninstallKB924191$ -> %SystemRoot%\$NtUninstallKB924191$ -> [Folder | Modified Date = 30/07/2007 14:33:56 | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 31/07/2007 21:45:44 | Attr = ] $NtUninstallKB885884$ -> %SystemRoot%\$NtUninstallKB885884$ -> [Folder | Modified Date = 30/07/2007 15:04:18 | Attr = H ] $NtUninstallKB886185$ -> %SystemRoot%\$NtUninstallKB886185$ -> [Folder | Modified Date = 30/07/2007 15:04:24 | Attr = H ] $NtUninstallKB887472$ -> %SystemRoot%\$NtUninstallKB887472$ -> [Folder | Modified Date = 30/07/2007 15:04:28 | Attr = H ] $NtUninstallKB900485$ -> %SystemRoot%\$NtUninstallKB900485$ -> [Folder | Modified Date = 30/07/2007 15:04:44 | Attr = H ] $NtUninstallKB922582$ -> %SystemRoot%\$NtUninstallKB922582$ -> [Folder | Modified Date = 30/07/2007 15:04:50 | Attr = H ] $NtUninstallKB916595$ -> %SystemRoot%\$NtUninstallKB916595$ -> [Folder | Modified Date = 30/07/2007 15:04:54 | Attr = H ] $NtUninstallKB920872$ -> %SystemRoot%\$NtUninstallKB920872$ -> [Folder | Modified Date = 30/07/2007 15:05:02 | Attr = H ] $NtUninstallKB924270$ -> %SystemRoot%\$NtUninstallKB924270$ -> [Folder | Modified Date = 30/07/2007 15:05:06 | Attr = H ] $NtUninstallKB923980$ -> %SystemRoot%\$NtUninstallKB923980$ -> [Folder | Modified Date = 30/07/2007 15:05:12 | Attr = H ] $NtUninstallKB926255$ -> %SystemRoot%\$NtUninstallKB926255$ -> [Folder | Modified Date = 30/07/2007 15:05:16 | Attr = H ] $NtUninstallKB929969$ -> %SystemRoot%\$NtUninstallKB929969$ -> [Folder | Modified Date = 30/07/2007 15:05:20 | Attr = H ] $NtUninstallKB928255$ -> %SystemRoot%\$NtUninstallKB928255$ -> [Folder | Modified Date = 30/07/2007 15:05:24 | Attr = H ] $NtUninstallKB928843$ -> %SystemRoot%\$NtUninstallKB928843$ -> [Folder | Modified Date = 30/07/2007 15:05:32 | Attr = H ] $NtUninstallKB927802$ -> %SystemRoot%\$NtUninstallKB927802$ -> [Folder | Modified Date = 30/07/2007 15:05:38 | Attr = H ] $NtUninstallKB924667$ -> %SystemRoot%\$NtUninstallKB924667$ -> [Folder | Modified Date = 30/07/2007 15:05:42 | Attr = H ] $NtUninstallKB927779$ -> %SystemRoot%\$NtUninstallKB927779$ -> [Folder | Modified Date = 30/07/2007 15:05:46 | Attr = H ] $NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Modified Date = 30/07/2007 15:05:52 | Attr = H ] $NtUninstallKB926436$ -> %SystemRoot%\$NtUninstallKB926436$ -> [Folder | Modified Date = 30/07/2007 15:05:56 | Attr = H ] $NtUninstallKB931836$ -> %SystemRoot%\$NtUninstallKB931836$ -> [Folder | Modified Date = 30/07/2007 15:06:02 | Attr = H ] $NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Modified Date = 30/07/2007 15:06:06 | Attr = H ] $NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Modified Date = 30/07/2007 15:06:12 | Attr = H ] $NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Modified Date = 30/07/2007 15:06:20 | Attr = H ] $NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Modified Date = 30/07/2007 15:06:24 | Attr = H ] $NtUninstallKB904942$ -> %SystemRoot%\$NtUninstallKB904942$ -> [Folder | Modified Date = 30/07/2007 15:10:40 | Attr = H ] $NtUninstallKB914440$ -> %SystemRoot%\$NtUninstallKB914440$ -> [Folder | Modified Date = 30/07/2007 15:10:48 | Attr = H ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 30/07/2007 15:10:50 | Attr = ] $NtUninstallKB915865$ -> %SystemRoot%\$NtUninstallKB915865$ -> [Folder | Modified Date = 30/07/2007 15:11:50 | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Modified Date = 30/07/2007 15:12:18 | Attr = H ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Modified Date = 30/07/2007 15:12:40 | Attr = H ] ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 30/07/2007 15:12:56 | Attr = H ] WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 30/07/2007 15:14:14 | Attr = ] $NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Modified Date = 30/07/2007 15:14:48 | Attr = H ] $NtUninstallKB920213$ -> %SystemRoot%\$NtUninstallKB920213$ -> [Folder | Modified Date = 30/07/2007 15:14:52 | Attr = H ] $NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Modified Date = 30/07/2007 15:14:58 | Attr = H ] $NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Modified Date = 30/07/2007 15:15:02 | Attr = H ] $NtUninstallKB933566$ -> %SystemRoot%\$NtUninstallKB933566$ -> [Folder | Modified Date = 30/07/2007 15:15:10 | Attr = H ] $NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Modified Date = 30/07/2007 15:15:18 | Attr = H ] $NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Modified Date = 30/07/2007 15:15:24 | Attr = H ] $NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Modified Date = 30/07/2007 15:15:28 | Attr = H ] $NtUninstallKB925398_WMP64$ -> %SystemRoot%\$NtUninstallKB925398_WMP64$ -> [Folder | Modified Date = 30/07/2007 15:15:50 | Attr = H ] $NtUninstallKB923689$ -> %SystemRoot%\$NtUninstallKB923689$ -> [Folder | Modified Date = 30/07/2007 15:16:04 | Attr = H ] $NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Modified Date = 30/08/2007 22:47:56 | Attr = H ] $NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Modified Date = 30/08/2007 22:49:10 | Attr = H ] $NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Modified Date = 30/08/2007 22:49:14 | Attr = H ] $NtUninstallKB936782_WMP9$ -> %SystemRoot%\$NtUninstallKB936782_WMP9$ -> [Folder | Modified Date = 30/08/2007 22:49:36 | Attr = H ] $NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Modified Date = 30/08/2007 22:49:42 | Attr = H ] $NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Modified Date = 30/08/2007 22:49:48 | Attr = H ] AU_Log -> %SystemRoot%\AU_Log -> [Folder | Modified Date = 19/09/2007 07:23:24 | Attr = ] AU_Temp -> %SystemRoot%\AU_Temp -> [Folder | Modified Date = 19/09/2007 07:23:24 | Attr = ] GetServer.ini -> %SystemRoot%\GetServer.ini -> [Ver = | Size = 170 bytes | Modified Date = 19/09/2007 07:23:24 | Attr = ] VPTNFILE.725 -> %SystemRoot%\VPTNFILE.725 -> [Ver = | Size = 37727661 bytes | Modified Date = 19/09/2007 07:25:32 | Attr = ] BPMNT.dll -> %SystemRoot%\BPMNT.dll -> Trend Micro Inc. [Ver = 8.000-1001 | Size = 86094 bytes | Modified Date = 19/09/2007 07:25:32 | Attr = ] vsapi32.dll -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 8.500-1002 | Size = 1163344 bytes | Modified Date = 19/09/2007 07:25:32 | Attr = ] hcextoutput.dll -> %SystemRoot%\hcextoutput.dll -> [Ver = | Size = 71749 bytes | Modified Date = 19/09/2007 07:25:32 | Attr = ] tsc.exe -> %SystemRoot%\tsc.exe -> Trend Micro Inc. [Ver = 5.3.0.1103 | Size = 267845 bytes | Modified Date = 19/09/2007 07:25:32 | Attr = ] tsc.ini -> %SystemRoot%\tsc.ini -> [Ver = | Size = 823 bytes | Modified Date = 19/09/2007 07:26:32 | Attr = ] tsc.ptn -> %SystemRoot%\tsc.ptn -> [Ver = | Size = 1871245 bytes | Modified Date = 19/09/2007 07:25:32 | Attr = ] AU_Backup -> %SystemRoot%\AU_Backup -> [Folder | Modified Date = 19/09/2007 07:25:32 | Attr = ] LPT$VPN.725 -> %SystemRoot%\LPT$VPN.725 -> [Ver = | Size = 37727661 bytes | Modified Date = 19/09/2007 07:25:32 | Attr = ] report -> %SystemRoot%\report -> [Folder | Modified Date = 19/09/2007 07:26:10 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 23/09/2007 20:37:06 | Attr = H ] tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3398 bytes | Modified Date = 23/09/2007 09:09:34 | Attr = ] printer.exe -> %System32%\printer.exe -> [Ver = | Size = 7680 bytes | Modified Date = 13/09/2007 11:06:42 | Attr = ] wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 14/09/2007 12:59:40 | Attr = ] vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 58727 bytes | Modified Date = 23/09/2007 20:37:42 | Attr = ] perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 39992 bytes | Modified Date = 30/07/2007 15:21:32 | Attr = ] perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 311604 bytes | Modified Date = 30/07/2007 15:21:32 | Attr = ] perfc00C.dat -> %System32%\perfc00C.dat -> [Ver = | Size = 48616 bytes | Modified Date = 30/07/2007 15:21:32 | Attr = ] perfh00C.dat -> %System32%\perfh00C.dat -> [Ver = | Size = 367658 bytes | Modified Date = 30/07/2007 15:21:32 | Attr = ] aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 801144 bytes | Modified Date = 06/09/2007 12:09:50 | Attr = ] fr-fr -> %System32%\fr-fr -> [Folder | Modified Date = 30/07/2007 15:14:14 | Attr = ] WinAvXX.exe -> %System32%\WinAvXX.exe -> [Ver = | Size = 7680 bytes | Modified Date = 13/09/2007 11:06:42 | Attr = ] ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 22/09/2007 19:18:34 | Attr = ] zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 22/09/2007 19:22:28 | Attr = H ] vdo_g.ini -> %System32%\vdo_g.ini -> [Ver = | Size = 22657 bytes | Modified Date = 29/07/2007 17:58:14 | Attr = ] FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 173872 bytes | Modified Date = 30/07/2007 15:17:48 | Attr = ] PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 775034 bytes | Modified Date = 30/07/2007 15:21:30 | Attr = ] AvastSS.scr -> %System32%\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 95608 bytes | Modified Date = 06/09/2007 12:00:08 | Attr = ] CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 3121 bytes | Modified Date = 13/09/2007 09:58:16 | Attr = ] NSDriver.sys -> %System32%\drivers\NSDriver.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 9344 bytes | Modified Date = 14/09/2007 21:11:58 | Attr = ] AWRTRD.sys -> %System32%\drivers\AWRTRD.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 8320 bytes | Modified Date = 14/09/2007 21:11:56 | Attr = ] fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 32 bytes | Modified Date = 23/09/2007 12:33:46 | Attr = HS] fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 32 bytes | Modified Date = 23/09/2007 12:33:46 | Attr = HS] klick.dat -> %System32%\drivers\klick.dat -> [Ver = | Size = 75932 bytes | Modified Date = 22/09/2007 19:19:44 | Attr = ] klin.dat -> %System32%\drivers\klin.dat -> [Ver = | Size = 74396 bytes | Modified Date = 22/09/2007 19:19:44 | Attr = ] aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 92848 bytes | Modified Date = 06/09/2007 12:05:26 | Attr = ] aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 94416 bytes | Modified Date = 06/09/2007 12:05:10 | Attr = ] aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 26624 bytes | Modified Date = 06/09/2007 12:00:54 | Attr = ] aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 42912 bytes | Modified Date = 06/09/2007 12:02:20 | Attr = ] aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 23152 bytes | Modified Date = 06/09/2007 12:03:02 | Attr = ] hosts.20070919-112423.backup -> %System32%\drivers\etc\hosts.20070919-112423.backup -> [Ver = | Size = 3541 bytes | Modified Date = 19/09/2007 11:24:24 | Attr = R ] hosts.20070919-113959.backup -> %System32%\drivers\etc\hosts.20070919-113959.backup -> [Ver = | Size = 659 bytes | Modified Date = 19/09/2007 11:24:24 | Attr = R ] hosts.20070919-132252.backup -> %System32%\drivers\etc\hosts.20070919-132252.backup -> [Ver = | Size = 627 bytes | Modified Date = 19/09/2007 11:40:00 | Attr = R ] Lavasoft -> %AllUsersAppData%\Lavasoft -> [Folder | Modified Date = 29/07/2007 17:07:14 | Attr = ] Windows Genuine Advantage -> %AllUsersAppData%\Windows Genuine Advantage -> [Folder | Modified Date = 30/07/2007 13:14:58 | Attr = ] Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Modified Date = 14/09/2007 14:05:14 | Attr = ] Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 18/09/2007 20:54:48 | Attr = ] MailFrontier -> %AllUsersAppData%\MailFrontier -> [Folder | Modified Date = 22/09/2007 19:20:22 | Attr = ] Mozilla -> %UserAppData%\Mozilla -> [Folder | Modified Date = 21/08/2007 20:28:52 | Attr = ] Grisoft -> %UserAppData%\Grisoft -> [Folder | Modified Date = 14/09/2007 14:05:34 | Attr = ] GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 35680 bytes | Modified Date = 30/07/2007 14:44:34 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 46592 bytes | Modified Date = 16/09/2007 16:36:34 | Attr = ] Mozilla -> %LocalAppData%\Mozilla -> [Folder | Modified Date = 21/08/2007 20:28:52 | Attr = ] Ma musique -> %AllUsersDocuments%\Ma musique -> [Folder | Modified Date = 30/07/2007 14:00:02 | Attr = R ] Mes images -> %UserDocuments%\Mes images -> [Folder | Modified Date = 31/07/2007 07:26:08 | Attr = R ] Ma musique -> %UserDocuments%\Ma musique -> [Folder | Modified Date = 31/07/2007 07:26:08 | Attr = R ] desktop.ini -> %UserDocuments%\desktop.ini -> [Ver = | Size = 123 bytes | Modified Date = 31/07/2007 07:26:08 | Attr = HS] a-squared -> %UserDocuments%\a-squared -> [Folder | Modified Date = 19/09/2007 12:46:30 | Attr = ] avast! Antivirus.lnk -> %AllUsersDesktop%\avast! Antivirus.lnk -> [Ver = | Size = 1613 bytes | Modified Date = 29/07/2007 17:58:02 | Attr = ] AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 753 bytes | Modified Date = 14/09/2007 14:05:24 | Attr = ] Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk -> [Ver = | Size = 1694 bytes | Modified Date = 14/09/2007 21:09:40 | Attr = ] Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk -> [Ver = | Size = 1694 bytes | Modified Date = 14/09/2007 21:09:42 | Attr = ] Navilog1.lnk -> %AllUsersDesktop%\Navilog1.lnk -> [Ver = | Size = 534 bytes | Modified Date = 18/09/2007 21:10:18 | Attr = ] a-squared Free.lnk -> %AllUsersDesktop%\a-squared Free.lnk -> [Ver = | Size = 552 bytes | Modified Date = 19/09/2007 12:46:52 | Attr = ] Lecteur Windows Media.lnk -> %UserDesktop%\Lecteur Windows Media.lnk -> [Ver = | Size = 690 bytes | Modified Date = 18/09/2007 19:32:24 | Attr = ] Navilog1.exe -> %UserDesktop%\Navilog1.exe -> @IL-MAFIOSO [Ver = | Size = 544635 bytes | Modified Date = 18/09/2007 21:08:32 | Attr = ] RegCleaner.lnk -> %UserDesktop%\RegCleaner.lnk -> [Ver = | Size = 549 bytes | Modified Date = 19/09/2007 13:01:02 | Attr = ] Warning.mht -> %UserDesktop%\Warning.mht -> [Ver = | Size = 97695 bytes | Modified Date = 19/09/2007 21:53:06 | Attr = ] [4]-Submit_2007-09-20@22.07.zip -> %UserDesktop%\[4]-Submit_2007-09-20@22.07.zip -> [Ver = | Size = 417 bytes | Modified Date = 20/09/2007 22:07:38 | Attr = ] HostsXpert -> %UserDesktop%\HostsXpert -> [Folder | Modified Date = 23/09/2007 20:43:34 | Attr = ] winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 356045 bytes | Modified Date = 23/09/2007 20:48:06 | Attr = ] WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Modified Date = 23/09/2007 20:48:50 | Attr = ] autorun.exe -> %AllUsersStartup%\autorun.exe -> [Ver = | Size = 7680 bytes | Modified Date = 13/09/2007 11:06:42 | Attr = ] system.exe -> %UserStartup%\system.exe -> [Ver = | Size = 7680 bytes | Modified Date = 13/09/2007 11:06:42 | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 14/09/2007 21:08:58 | Attr = ] [File String Scan - Non-Microsoft Only] PTech , -> %SystemDrive%\xscan.txt -> [Ver = | Size = 59069437 bytes | Modified Date = 19/09/2007 10:35:34 | Attr = ] UPX! , aspack , -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 8.500-1002 | Size = 1163344 bytes | Modified Date = 19/09/2007 07:25:32 | Attr = ] UPX! , UPX0 , -> %SystemRoot%\tsc.exe -> Trend Micro Inc. [Ver = 5.3.0.1103 | Size = 267845 bytes | Modified Date = 19/09/2007 07:25:32 | Attr = ] UPX0 , -> %System32%\printer.exe -> [Ver = | Size = 7680 bytes | Modified Date = 13/09/2007 11:06:42 | Attr = ] WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.03 | Size = 10435072 bytes | Modified Date = 23/09/2003 09:09:00 | Attr = ] PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41131 bytes | Modified Date = 28/08/2001 20:00:00 | Attr = ] winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 28/08/2001 20:00:00 | Attr = ] UPX! , UPX0 , -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 801144 bytes | Modified Date = 06/09/2007 12:09:50 | Attr = ] UPX0 , -> %System32%\WinAvXX.exe -> [Ver = | Size = 7680 bytes | Modified Date = 13/09/2007 11:06:42 | Attr = ] PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivXNetworks, Inc. [Ver = 5.2.1.1338 | Size = 716800 bytes | Modified Date = 27/10/2004 00:13:24 | Attr = ] UPX0 , -> %System32%\dllcache\NT5IIS.CAT -> [Ver = | Size = 809394 bytes | Modified Date = 28/08/2001 20:00:00 | Attr = ] PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 04/08/2004 07:41:38 | Attr = ] UPX! , -> %System32%\drivers\mrk.exe -> [Ver = | Size = 94262 bytes | Modified Date = 14/10/2003 21:30:48 | Attr = ] WSUD , -> %UserDocuments%\img001.bmp -> [Ver = | Size = 2749158 bytes | Modified Date = 09/06/2006 19:27:14 | Attr = ] UPX0 , -> %AllUsersStartup%\autorun.exe -> [Ver = | Size = 7680 bytes | Modified Date = 13/09/2007 11:06:42 | Attr = ] UPX0 , -> %UserStartup%\system.exe -> [Ver = | Size = 7680 bytes | Modified Date = 13/09/2007 11:06:42 | Attr = ] < End of report > -
Warning! potential spyware operation
lesandre a répondu à un(e) sujet de lesandre dans Analyses et éradication malwares
Re, ==> Une precision: je n'ai toujours pas acces au parametre de config, gestionnaire des taches... Donc il doit toujours rester une saloperie en quelque part. Merci, Lesandre -
Warning! potential spyware operation
lesandre a répondu à un(e) sujet de lesandre dans Analyses et éradication malwares
Re, Et voici les infos demandees: Fichier demandant l'acces a Internet durant Combofix: NirCmd.cfexe Fenetre revenant sans arret (ttes les 2-3 minutes): /////// (petite fenetre window type avec croix banche sur fond rouge en haut a gauche de la fenetre) - Voici son texte exact Windows Security Alert Warning! Potential Spyware Operation! Your computer is making unauthorized copies of your system and Internet files. Run full scan now to pervent any unathorised access to your files! Click YES to download spyware remover ... Oui Non /////// Internet OK (c'etait ma faute) Rapports ci-apres (j'ai fait un combofix ce matin). Merci encore, Lesandre Rapport SmitFraudFix de ce matin: SmitFraudFix v2.227 Rapport fait à 9:09:29,03, 23/09/2007 Executé à partir de C:\Documents and Settings\Jean-Christophe\Bureau\Mes telechargement\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est FAT32 Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 192.168.200.3 ad.doubleclick.net 192.168.200.3 ad.fastclick.net 192.168.200.3 ads.fastclick.net 192.168.200.3 ar.atwola.com 192.168.200.3 atdmt.com 192.168.200.3 avp.ch 192.168.200.3 avp.com 192.168.200.3 avp.ru 192.168.200.3 awaps.net 192.168.200.3 banner.fastclick.net 192.168.200.3 banners.fastclick.net 192.168.200.3 ca.com 192.168.200.3 click.atdmt.com 192.168.200.3 clicks.atdmt.com 192.168.200.3 customer.symantec.com 192.168.200.3 dispatch.mcafee.com 192.168.200.3 download.mcafee.com 192.168.200.3 downloads-us1.kaspersky-labs.com 192.168.200.3 downloads-us2.kaspersky-labs.com 192.168.200.3 downloads-us3.kaspersky-labs.com 192.168.200.3 downloads1.kaspersky-labs.com 192.168.200.3 downloads2.kaspersky-labs.com 192.168.200.3 downloads3.kaspersky-labs.com 192.168.200.3 downloads4.kaspersky-labs.com 192.168.200.3 engine.awaps.net 192.168.200.3 f-secure.com 192.168.200.3 fastclick.net 192.168.200.3 ftp.avp.ch 192.168.200.3 ftp.downloads1.kaspersky-labs.com 192.168.200.3 ftp.downloads2.kaspersky-labs.com 192.168.200.3 ftp.downloads3.kaspersky-labs.com 192.168.200.3 ftp.f-secure.com 192.168.200.3 ftp.kasperskylab.ru 192.168.200.3 ftp.sophos.com 192.168.200.3 ids.kaspersky-labs.com 192.168.200.3 kaspersky-labs.com 192.168.200.3 kaspersky.com 192.168.200.3 liveupdate.symantec.com 192.168.200.3 liveupdate.symantecliveupdate.com 192.168.200.3 mast.mcafee.com 192.168.200.3 mcafee.com 192.168.200.3 media.fastclick.net 192.168.200.3 my-etrust.com 192.168.200.3 nai.com 192.168.200.3 networkassociates.com 192.168.200.3 norton.com 192.168.200.3 phx.corporate-ir.net 192.168.200.3 rads.mcafee.com 192.168.200.3 secure.nai.com 192.168.200.3 securityresponse.symantec.com 192.168.200.3 service1.symantec.com 192.168.200.3 sophos.com 192.168.200.3 spd.atdmt.com 192.168.200.3 symantec.com 192.168.200.3 trendmicro.com 192.168.200.3 update.symantec.com 192.168.200.3 updates.symantec.com 192.168.200.3 updates1.kaspersky-labs.com 192.168.200.3 updates2.kaspersky-labs.com 192.168.200.3 updates3.kaspersky-labs.com 192.168.200.3 updates4.kaspersky-labs.com 192.168.200.3 updates5.kaspersky-labs.com 192.168.200.3 us.mcafee.com 192.168.200.3 vil.nai.com 192.168.200.3 viruslist.com 192.168.200.3 viruslist.ru 192.168.200.3 virusscan.jotti.org 192.168.200.3 virustotal.com 192.168.200.3 www.avp.ch 192.168.200.3 www.avp.com 192.168.200.3 www.avp.ru 192.168.200.3 www.awaps.net 192.168.200.3 www.ca.com 192.168.200.3 www.f-secure.com 192.168.200.3 www.fastclick.net 192.168.200.3 www.grisoft.com 192.168.200.3 www.kaspersky-labs.com 192.168.200.3 www.kaspersky.com 192.168.200.3 www.kaspersky.ru 192.168.200.3 www.mcafee.com 192.168.200.3 www.my-etrust.com 192.168.200.3 www.nai.com 192.168.200.3 www.networkassociates.com 192.168.200.3 www.sophos.com 192.168.200.3 www.symantec.com 192.168.200.3 www.symantec.com 192.168.200.3 www.trendmicro.com 192.168.200.3 www.viruslist.com 192.168.200.3 www.viruslist.ru 192.168.200.3 www.virustotal.com 192.168.200.3 www3.ca.com »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{81260026-7663-40F1-88CE-7C27A0FBAA76}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\..\{81260026-7663-40F1-88CE-7C27A0FBAA76}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS2\Services\Tcpip\..\{81260026-7663-40F1-88CE-7C27A0FBAA76}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS3\Services\Tcpip\..\{81260026-7663-40F1-88CE-7C27A0FBAA76}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Rapport Combofix de ce matin: ComboFix 07-09-20.1 - "Jean-Christophe" 2007-09-23 8:57:07.8 - FAT32x86 Microsoft Windows XP ?dition familiale 5.1.2600.2.1252.1.1036.18.64 [GMT 2:00] * Created a new restore point FILE:: C:\WINDOWS\system32\WinAvXX.exe C:\WINDOWS\system32\printer.exe C:\WINDOWS\system32\systems.txt C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\autorun.exe C:\Documents and Settings\Jean-Christophe\Menu Démarrer\Programmes\Démarrage\system.exe C:\WINDOWS\system32\vtr.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\printer.exe C:\WINDOWS\system32\WinAvXX.exe . ((((((((((((((((((((((((((((( Fichiers créés 2007-08-23 to 2007-09-23 )))))))))))))))))))))))))))))))))))) . 2007-09-22 19:20 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-09-22 19:20 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier 2007-09-22 19:17 <REP> d-------- C:\WINDOWS\Internet Logs 2007-09-20 21:19 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-19 13:02 <REP> d-------- C:\Program Files\CCleaner 2007-09-19 12:46 <REP> d-------- C:\Program Files\a-squared Free 2007-09-19 10:56 <REP> d-------- C:\Program Files\RegCleaner 2007-09-19 07:26 <REP> d-------- C:\WINDOWS\report 2007-09-19 07:25 86,094 --a------ C:\WINDOWS\BPMNT.dll 2007-09-19 07:25 71,749 --a------ C:\WINDOWS\hcextoutput.dll 2007-09-19 07:25 267,845 --a------ C:\WINDOWS\tsc.exe 2007-09-19 07:25 1,163,344 --a------ C:\WINDOWS\vsapi32.dll 2007-09-19 07:25 <REP> d-------- C:\WINDOWS\AU_Backup 2007-09-19 07:23 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2007-09-19 07:23 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2007-09-19 07:23 286,720 --a------ C:\WINDOWS\PATCH.EXE 2007-09-19 07:23 <REP> d-------- C:\WINDOWS\AU_Temp 2007-09-19 07:23 <REP> d-------- C:\WINDOWS\AU_Log 2007-09-18 23:31 883,694 --a------ C:\SmitfraudFix.exe 2007-09-18 23:08 <REP> d-------- C:\SmitfraudFix 2007-09-18 22:39 3,398 --a------ C:\WINDOWS\system32\tmp.reg 2007-09-18 21:10 <REP> d-------- C:\Program Files\Navilog1 2007-09-18 20:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-09-17 21:10 <REP> dr------- C:\DOCUME~1\Elyan\Mes documents 2007-09-17 21:10 <REP> dr------- C:\DOCUME~1\Elyan\Favoris 2007-09-14 21:08 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-09-14 14:05 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-09-14 12:59 <REP> dr------- C:\DOCUME~1\ADMINI~1\Mes documents 2007-09-14 12:59 <REP> dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer 2007-09-14 12:59 <REP> dr------- C:\DOCUME~1\ADMINI~1\Favoris 2007-09-14 12:59 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau 2007-09-14 12:59 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression 2007-09-14 12:59 <REP> d--h----- C:\DOCUME~1\ADMINI~1\ModŠles 2007-09-14 12:59 <REP> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS 2007-09-14 12:59 <REP> d-------- C:\DOCUME~1\ADMINI~1\Bureau 2007-09-14 12:59 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\InterTrust 2007-09-01 15:57 1,268 --a------ C:\WINDOWS\mozver.dat . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-22 21:52 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2007-09-22 21:52 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-09-22 19:19 75932 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-09-22 19:19 74396 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-09-14 21:11 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2007-09-14 21:11 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-09-06 12:09 801144 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-09-06 12:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-06 12:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-06 12:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-09-06 12:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-09-06 12:00 95608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-09-06 12:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll 2007-07-29 17:57 --------- d-------- C:\Program Files\Alwil Software 2007-07-29 17:07 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-07-29 16:24 --------- d-------- C:\Program Files\Realtek Sound Manager 2007-07-29 16:24 --------- d-------- C:\Program Files\AvRack 2007-07-29 16:24 --------- d-------- C:\DOCUME~1\ELYAN\APPLIC~1\Real 2007-07-29 16:24 --------- d-------- C:\DOCUME~1\ELYAN\APPLIC~1\InterTrust 2007-07-29 16:24 --------- d-------- C:\DOCUME~1\ELYAN\APPLIC~1\ICQ 2007-07-29 16:24 --------- d-------- C:\DOCUME~1\ELYAN\APPLIC~1\FUJIFILM 2007-07-26 17:25 --------- d-------- C:\DOCUME~1\OLGA\APPLIC~1\WebCallDirect 2007-07-19 08:58 3583488 --------- C:\WINDOWS\system32\dllcache\mshtml.dll 2007-07-13 01:30 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll 2007-06-27 15:24 823808 --------- C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-27 15:24 671232 --------- C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-27 15:24 477696 --------- C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-27 15:24 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll 2007-06-27 15:24 193024 --------- C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-27 15:24 1152000 --------- C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-27 15:24 105984 --------- C:\WINDOWS\system32\dllcache\url.dll 2007-06-27 15:24 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll 2007-06-27 15:23 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-06-27 15:23 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-06-27 15:23 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-06-27 15:23 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll 2007-06-27 15:23 27648 --------- C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-27 15:23 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-06-27 15:22 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-06-27 15:22 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-06-27 15:22 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-06-27 15:22 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-06-27 15:22 132608 --------- C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-27 15:22 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll 2007-06-27 10:28 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe 2007-06-27 10:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-06-27 10:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-06-27 09:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll 2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll 2005-07-21 15:12 457 --a------ C:\Program Files\INSTALL.LOG . ((((((((((((((((((((((((((((( snapshot_2007-09-20_212949.73 ))))))))))))))))))))))))))))))))))))))))) . ----a-w 75,248 2007-06-21 19:54:48 C:\WINDOWS\zllsputility.exe ----a-w 42,384 2007-06-21 19:55:32 C:\WINDOWS\zllsputility_loc040c.dll ----a-w 394,984 2007-06-21 19:54:52 C:\WINDOWS\system32\vsdatant.sys ----a-w 83,432 2007-06-21 19:54:30 C:\WINDOWS\system32\vsdata.dll ----a-w 472,552 2007-06-21 19:54:34 C:\WINDOWS\system32\vsutil.dll ----a-w 103,912 2007-06-21 19:54:32 C:\WINDOWS\system32\vsmonapi.dll ----a-w 275,944 2007-06-21 19:54:32 C:\WINDOWS\system32\vspubapi.dll ----a-w 157,160 2007-06-21 19:54:32 C:\WINDOWS\system32\vsinit.dll ----a-w 46,568 2007-06-21 19:54:34 C:\WINDOWS\system32\vswmi.dll ----a-w 99,816 2007-06-21 19:54:34 C:\WINDOWS\system32\vsxml.dll ----a-w 1,086,952 2007-06-21 19:54:40 C:\WINDOWS\system32\zpeng24.dll ----a-w 71,144 2007-06-21 19:54:34 C:\WINDOWS\system32\zlcommdb.dll ----a-w 83,432 2007-06-21 19:54:34 C:\WINDOWS\system32\zlcomm.dll ----a-w 71,144 2007-06-21 19:54:32 C:\WINDOWS\system32\vsregexp.dll ----a-w 11,264 2004-04-27 02:40:52 C:\WINDOWS\system32\SpOrder.dll ----a-w 212,480 2006-12-01 03:20:32 C:\WINDOWS\system32\swxcacls.exe ----a-w 370,688 2006-11-29 15:21:30 C:\WINDOWS\system32\swsc.exe ----a-w 796,048 2007-06-21 19:54:26 C:\WINDOWS\system32\libeay32_0.9.6l.dll ----a-w 54,672 2007-06-21 19:55:30 C:\WINDOWS\system32\vsutil_loc040c.dll ----a-w 21,904 2007-06-21 19:55:28 C:\WINDOWS\system32\imsinstall_loc040c.dll ----a-w 17,808 2007-06-21 19:55:28 C:\WINDOWS\system32\imslsp_install_loc040c.dll ----a-w 119,576 2007-05-30 22:03:50 C:\WINDOWS\system32\drivers\klif.sys ----a-w 110,360 2007-05-30 22:03:48 C:\WINDOWS\system32\drivers\kl1.sys ----a-w 79,336 2007-06-21 19:54:30 C:\WINDOWS\system32\ZoneLabs\vsdb.dll ----a-w 75,304 2007-06-21 19:54:46 C:\WINDOWS\system32\ZoneLabs\vsmon.exe ----a-w 2,024,936 2007-06-21 19:54:32 C:\WINDOWS\system32\ZoneLabs\vsmondll.dll ----a-w 456,168 2007-06-21 19:54:28 C:\WINDOWS\system32\ZoneLabs\ssleay32.dll ----a-w 108,008 2007-06-21 19:54:30 C:\WINDOWS\system32\ZoneLabs\vsavpro.dll ----a-w 1,345,000 2007-06-21 19:54:32 C:\WINDOWS\system32\ZoneLabs\vsruledb.dll ----a-w 128,480 2007-06-21 19:54:24 C:\WINDOWS\system32\ZoneLabs\fbl.dll ----a-w 38,376 2007-06-21 19:54:26 C:\WINDOWS\system32\ZoneLabs\featuremap.dll ----a-w 120,296 2007-06-21 19:54:36 C:\WINDOWS\system32\ZoneLabs\zlupdate.dll ----a-w 833,520 2006-10-28 01:03:16 C:\WINDOWS\system32\ZoneLabs\updating.dll ----a-w 177,640 2007-06-21 19:54:36 C:\WINDOWS\system32\ZoneLabs\zlparser.dll ----a-w 173,544 2007-06-21 19:54:28 C:\WINDOWS\system32\ZoneLabs\scheduler.dll ----a-w 243,176 2007-06-21 19:54:34 C:\WINDOWS\system32\ZoneLabs\vsvault.dll ----a-w 714,472 2007-06-11 10:43:50 C:\WINDOWS\system32\ZoneLabs\qrbase.dll ----a-w 79,344 2007-06-21 19:54:36 C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll ----a-w 366,112 2007-06-21 19:54:24 C:\WINDOWS\system32\ZoneLabs\av.dll ----a-w 503,875 2006-09-04 18:59:14 C:\WINDOWS\system32\ZoneLabs\upd_core.dll ----a-w 286,787 2007-01-11 15:31:06 C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll ----a-w 321,016 2007-06-21 19:54:26 C:\WINDOWS\system32\ZoneLabs\imsecure.dll ----a-w 378,344 2007-06-21 19:54:36 C:\WINDOWS\system32\ZoneLabs\zlsre.dll ----a-w 788,200 2007-06-11 10:43:52 C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll ----a-w 1,496,808 2007-06-11 10:43:56 C:\WINDOWS\system32\ZoneLabs\srescan.dll ----a-w 2,432,259 2007-01-11 09:12:08 C:\WINDOWS\system32\ZoneLabs\spyware.dat ----a-w 2,432,259 2007-01-11 09:12:08 C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat ----a-w 50,416 2007-06-11 10:44:10 C:\WINDOWS\system32\ZoneLabs\srescan.sys ----a-w 99,816 2007-06-21 19:54:24 C:\WINDOWS\system32\ZoneLabs\camupd.dll ----a-w 144,936 2007-06-21 19:54:46 C:\WINDOWS\system32\ZoneLabs\updclient.exe ----a-w 17,808 2007-06-21 19:55:30 C:\WINDOWS\system32\ZoneLabs\scheduler_loc040c.dll ----a-w 17,808 2007-06-21 19:55:30 C:\WINDOWS\system32\ZoneLabs\vsdb_loc040c.dll ----a-w 46,480 2007-06-21 19:55:30 C:\WINDOWS\system32\ZoneLabs\vsmon_loc040c.dll ----a-w 198,032 2007-06-21 19:55:30 C:\WINDOWS\system32\ZoneLabs\vsruledb_loc040c.dll ----a-w 17,808 2007-06-21 19:55:30 C:\WINDOWS\system32\ZoneLabs\vsvault_loc040c.dll ----a-w 75,152 2007-06-21 19:55:30 C:\WINDOWS\system32\ZoneLabs\updClient_loc040c.dll ----a-w 21,904 2007-06-21 19:55:32 C:\WINDOWS\system32\ZoneLabs\zlsre_loc040c.dll ----a-w 17,808 2007-06-21 19:55:32 C:\WINDOWS\system32\ZoneLabs\zlquarantine_loc040c.dll ----a-w 26,000 2007-06-21 19:55:28 C:\WINDOWS\system32\ZoneLabs\imsecure_loc040c.dll ----a-w 26,000 2007-06-21 19:55:26 C:\WINDOWS\system32\ZoneLabs\av_loc040c.dll ----a-w 17,808 2007-06-21 19:55:26 C:\WINDOWS\system32\ZoneLabs\camupd_loc040c.dll ----a-w 813,568 2004-01-30 10:35:08 C:\WINDOWS\system32\ZoneLabs\dbghelp.dll ----a-w 26,000 2007-06-21 19:54:54 C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll ----a-w 1,361,296 2007-06-21 19:54:54 C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll ----a-w 71,056 2007-06-21 19:54:54 C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll ----a-w 288,144 2007-06-21 19:55:26 C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard_loc040c.zip.dll ----a-w 152,976 2007-06-21 19:55:28 C:\WINDOWS\system32\ZoneLabs\lib\LicenseUI_loc040c.zip.dll ----a-w 30,184 2007-06-21 19:56:16 C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll ----a-w 30,216 2007-06-21 19:56:16 C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll ----a-w 3,229,176 2007-06-21 19:56:18 C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll ----a-w 26,000 2007-06-21 19:55:28 C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp_loc040c.dll ----a-w 210,432 2007-06-21 19:56:16 C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll ----a-w 118,784 2007-05-30 22:03:18 C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe ----a-w 258,048 2007-05-30 22:03:16 C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll ----a-w 38,400 2007-05-30 22:03:16 C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll ----a-w 184,320 2007-05-30 22:03:18 C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll ----a-w 208,960 2006-09-19 21:12:14 C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll ----a-w 90,112 2007-05-30 22:03:22 C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll ----a-w 548,864 2007-05-30 22:03:20 C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll ----a-w 626,688 2007-05-30 22:03:20 C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll ----a-w 77,824 2007-05-30 22:03:16 C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll ----a-w 110,592 2007-05-30 22:03:16 C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll ----a-w 331,776 2007-05-30 22:03:16 C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll ----a-w 1,093,632 2006-12-19 16:13:52 C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll ----a-w 200,704 2006-12-19 16:13:52 C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll ----a-w 65,248 2007-05-30 22:03:30 C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat ----a-w 21,568 2006-06-30 12:47:36 C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll ----a-w 16,384 2007-09-23 06:46:20 C:\WINDOWS\Temp\Perflib_Perfdata_6c8.dat . ----a-w 40,960 2006-01-09 08:36:06 C:\WINDOWS\system32\swsc.exe ----a-w 79,360 2006-12-01 04:20:34 C:\WINDOWS\system32\swxcacls.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2003-09-23 09:09 C:\WINDOWS\SOUNDMAN.EXE] "Disk Monitor"="C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe" [2003-06-18 11:57] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 22:05] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-10-11 22:02] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-06-24 15:16] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-06 21:12] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32] "ExtraFilmHemmaAgent"="C:\Program Files\Extrafilm FotoFacil\Agent.exe" [2006-10-03 09:40] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24] "NetAppel"="C:\program files\netappel\netappel.exe" [2007-09-15 13:19] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] PCANotify.dll 2003-05-29 11:00 8704 C:\WINDOWS\system32\PCANotify.dll R3 C4C_BSC2;C4C_BSC2;C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS S2 vdo_326d-6b44;vdo_326d-6b44;\??\C:\WINDOWS\system32\vdo_326d-6b44.sys S3 PIXMC10;JVC Communication PIX-MC10 Driver;C:\WINDOWS\system32\Drivers\pixmc10c.sys S3 PIXMC10A;JVC PIX-MC10 Audio Capture;C:\WINDOWS\system32\Drivers\pixmc10a.sys S3 PIXMC10V;JVC PIX-MC10 Video Capture;C:\WINDOWS\system32\Drivers\pixmc10v.sys S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-23 09:01:49 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-23 9:04:00 C:\ComboFix-quarantined-files.txt ... 2007-09-23 09:04 C:\ComboFix3.txt ... 2007-09-22 19:42 C:\ComboFix2.txt ... 2007-09-22 19:51 . --- E O F --- -
Warning! potential spyware operation
lesandre a répondu à un(e) sujet de lesandre dans Analyses et éradication malwares
Salut, Je te fais tout cela et reviens vers toi avec toutes les infos demandées. Je n'avais plus accés au tuto après redémarrage et je n'ai ouvert qu'Internet Explorer sur le FW. Merci encore, JC -
Warning! potential spyware operation
lesandre a répondu à un(e) sujet de lesandre dans Analyses et éradication malwares
Bonjour Charles, Merci à toi surtout pour ta patience. Procédure suivi pas à pas: nombreuses demandes d'accés à Internet durant Combo: toutes refusées. Plus d'accés à l'internet du tout sur mon PC infecté. Toujours le faux message de pub. Pas d'accés au Getsionnaire de taches, Panneau de config... Merci, JC Voici les rapports: ComboFix: ComboFix 07-09-20.1 - "Jean-Christophe" 2007-09-22 19:44:40.7 - FAT32x86 Microsoft Windows XP ?dition familiale 5.1.2600.2.1252.1.1036.18.53 [GMT 2:00] Command switches used :: C:\Documents and Settings\Jean-Christophe\Bureau\Mes telechargement\Debug\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\system32\WinAvXX.exe C:\WINDOWS\system32\printer.exe C:\WINDOWS\system32\systems.txt C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\autorun.exe C:\Documents and Settings\Jean-Christophe\Menu Démarrer\Programmes\Démarrage\system.exe C:\WINDOWS\system32\vtr.dll . ((((((((((((((((((((((((((((( Fichiers créés 2007-08-22 to 2007-09-22 )))))))))))))))))))))))))))))))))))) . 2007-09-22 19:20 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-09-22 19:20 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier 2007-09-22 19:17 <REP> d-------- C:\WINDOWS\Internet Logs 2007-09-20 21:19 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-19 13:02 <REP> d-------- C:\Program Files\CCleaner 2007-09-19 12:46 <REP> d-------- C:\Program Files\a-squared Free 2007-09-19 10:56 <REP> d-------- C:\Program Files\RegCleaner 2007-09-19 07:26 <REP> d-------- C:\WINDOWS\report 2007-09-19 07:25 86,094 --a------ C:\WINDOWS\BPMNT.dll 2007-09-19 07:25 71,749 --a------ C:\WINDOWS\hcextoutput.dll 2007-09-19 07:25 267,845 --a------ C:\WINDOWS\tsc.exe 2007-09-19 07:25 1,163,344 --a------ C:\WINDOWS\vsapi32.dll 2007-09-19 07:25 <REP> d-------- C:\WINDOWS\AU_Backup 2007-09-19 07:23 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2007-09-19 07:23 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2007-09-19 07:23 286,720 --a------ C:\WINDOWS\PATCH.EXE 2007-09-19 07:23 <REP> d-------- C:\WINDOWS\AU_Temp 2007-09-19 07:23 <REP> d-------- C:\WINDOWS\AU_Log 2007-09-18 23:31 883,694 --a------ C:\SmitfraudFix.exe 2007-09-18 23:08 <REP> d-------- C:\SmitfraudFix 2007-09-18 22:39 3,332 --a------ C:\WINDOWS\system32\tmp.reg 2007-09-18 21:10 <REP> d-------- C:\Program Files\Navilog1 2007-09-18 20:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-09-17 21:10 <REP> dr------- C:\DOCUME~1\Elyan\Mes documents 2007-09-17 21:10 <REP> dr------- C:\DOCUME~1\Elyan\Favoris 2007-09-14 21:08 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-09-14 14:05 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-09-14 12:59 <REP> dr------- C:\DOCUME~1\ADMINI~1\Mes documents 2007-09-14 12:59 <REP> dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer 2007-09-14 12:59 <REP> dr------- C:\DOCUME~1\ADMINI~1\Favoris 2007-09-14 12:59 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau 2007-09-14 12:59 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression 2007-09-14 12:59 <REP> d--h----- C:\DOCUME~1\ADMINI~1\ModŠles 2007-09-14 12:59 <REP> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS 2007-09-14 12:59 <REP> d-------- C:\DOCUME~1\ADMINI~1\Bureau 2007-09-14 12:59 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\InterTrust 2007-09-01 15:57 1,268 --a------ C:\WINDOWS\mozver.dat . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-22 19:23 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2007-09-22 19:23 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-09-22 19:19 75932 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-09-22 19:19 74396 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-09-14 21:11 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2007-09-14 21:11 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-09-06 12:09 801144 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-09-06 12:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-06 12:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-06 12:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-09-06 12:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-09-06 12:00 95608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-09-06 12:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll 2007-07-29 17:57 --------- d-------- C:\Program Files\Alwil Software 2007-07-29 17:07 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-07-29 16:24 --------- d-------- C:\Program Files\Realtek Sound Manager 2007-07-29 16:24 --------- d-------- C:\Program Files\AvRack 2007-07-29 16:24 --------- d-------- C:\DOCUME~1\ELYAN\APPLIC~1\Real 2007-07-29 16:24 --------- d-------- C:\DOCUME~1\ELYAN\APPLIC~1\InterTrust 2007-07-29 16:24 --------- d-------- C:\DOCUME~1\ELYAN\APPLIC~1\ICQ 2007-07-29 16:24 --------- d-------- C:\DOCUME~1\ELYAN\APPLIC~1\FUJIFILM 2007-07-26 17:25 --------- d-------- C:\DOCUME~1\OLGA\APPLIC~1\WebCallDirect 2007-07-19 08:58 3583488 --------- C:\WINDOWS\system32\dllcache\mshtml.dll 2007-07-13 01:30 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll 2007-06-27 15:24 823808 --------- C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-27 15:24 671232 --------- C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-27 15:24 477696 --------- C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-27 15:24 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll 2007-06-27 15:24 193024 --------- C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-27 15:24 1152000 --------- C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-27 15:24 105984 --------- C:\WINDOWS\system32\dllcache\url.dll 2007-06-27 15:24 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll 2007-06-27 15:23 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-06-27 15:23 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-06-27 15:23 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-06-27 15:23 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll 2007-06-27 15:23 27648 --------- C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-27 15:23 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-06-27 15:22 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-06-27 15:22 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-06-27 15:22 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-06-27 15:22 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-06-27 15:22 132608 --------- C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-27 15:22 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll 2007-06-27 10:28 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe 2007-06-27 10:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-06-27 10:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-06-27 09:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll 2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll 2005-07-21 15:12 457 --a------ C:\Program Files\INSTALL.LOG . ((((((((((((((((((((((((((((( snapshot_2007-09-20_212949.73 ))))))))))))))))))))))))))))))))))))))))) . ----a-w 75,248 2007-06-21 19:54:48 C:\WINDOWS\zllsputility.exe ----a-w 42,384 2007-06-21 19:55:32 C:\WINDOWS\zllsputility_loc040c.dll ----a-w 394,984 2007-06-21 19:54:52 C:\WINDOWS\system32\vsdatant.sys ----a-w 83,432 2007-06-21 19:54:30 C:\WINDOWS\system32\vsdata.dll ----a-w 472,552 2007-06-21 19:54:34 C:\WINDOWS\system32\vsutil.dll ----a-w 103,912 2007-06-21 19:54:32 C:\WINDOWS\system32\vsmonapi.dll ----a-w 275,944 2007-06-21 19:54:32 C:\WINDOWS\system32\vspubapi.dll ----a-w 157,160 2007-06-21 19:54:32 C:\WINDOWS\system32\vsinit.dll ----a-w 46,568 2007-06-21 19:54:34 C:\WINDOWS\system32\vswmi.dll ----a-w 99,816 2007-06-21 19:54:34 C:\WINDOWS\system32\vsxml.dll ----a-w 1,086,952 2007-06-21 19:54:40 C:\WINDOWS\system32\zpeng24.dll ----a-w 71,144 2007-06-21 19:54:34 C:\WINDOWS\system32\zlcommdb.dll ----a-w 83,432 2007-06-21 19:54:34 C:\WINDOWS\system32\zlcomm.dll ----a-w 71,144 2007-06-21 19:54:32 C:\WINDOWS\system32\vsregexp.dll ----a-w 11,264 2004-04-27 02:40:52 C:\WINDOWS\system32\SpOrder.dll ----a-w 212,480 2006-12-01 03:20:32 C:\WINDOWS\system32\swxcacls.exe ----a-w 370,688 2006-11-29 15:21:30 C:\WINDOWS\system32\swsc.exe ----a-w 796,048 2007-06-21 19:54:26 C:\WINDOWS\system32\libeay32_0.9.6l.dll ----a-w 54,672 2007-06-21 19:55:30 C:\WINDOWS\system32\vsutil_loc040c.dll ----a-w 21,904 2007-06-21 19:55:28 C:\WINDOWS\system32\imsinstall_loc040c.dll ----a-w 17,808 2007-06-21 19:55:28 C:\WINDOWS\system32\imslsp_install_loc040c.dll ----a-w 119,576 2007-05-30 22:03:50 C:\WINDOWS\system32\drivers\klif.sys ----a-w 110,360 2007-05-30 22:03:48 C:\WINDOWS\system32\drivers\kl1.sys ----a-w 79,336 2007-06-21 19:54:30 C:\WINDOWS\system32\ZoneLabs\vsdb.dll ----a-w 75,304 2007-06-21 19:54:46 C:\WINDOWS\system32\ZoneLabs\vsmon.exe ----a-w 2,024,936 2007-06-21 19:54:32 C:\WINDOWS\system32\ZoneLabs\vsmondll.dll ----a-w 456,168 2007-06-21 19:54:28 C:\WINDOWS\system32\ZoneLabs\ssleay32.dll ----a-w 108,008 2007-06-21 19:54:30 C:\WINDOWS\system32\ZoneLabs\vsavpro.dll ----a-w 1,345,000 2007-06-21 19:54:32 C:\WINDOWS\system32\ZoneLabs\vsruledb.dll ----a-w 128,480 2007-06-21 19:54:24 C:\WINDOWS\system32\ZoneLabs\fbl.dll ----a-w 38,376 2007-06-21 19:54:26 C:\WINDOWS\system32\ZoneLabs\featuremap.dll ----a-w 120,296 2007-06-21 19:54:36 C:\WINDOWS\system32\ZoneLabs\zlupdate.dll ----a-w 833,520 2006-10-28 01:03:16 C:\WINDOWS\system32\ZoneLabs\updating.dll ----a-w 177,640 2007-06-21 19:54:36 C:\WINDOWS\system32\ZoneLabs\zlparser.dll ----a-w 173,544 2007-06-21 19:54:28 C:\WINDOWS\system32\ZoneLabs\scheduler.dll ----a-w 243,176 2007-06-21 19:54:34 C:\WINDOWS\system32\ZoneLabs\vsvault.dll ----a-w 714,472 2007-06-11 10:43:50 C:\WINDOWS\system32\ZoneLabs\qrbase.dll ----a-w 79,344 2007-06-21 19:54:36 C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll ----a-w 366,112 2007-06-21 19:54:24 C:\WINDOWS\system32\ZoneLabs\av.dll ----a-w 503,875 2006-09-04 18:59:14 C:\WINDOWS\system32\ZoneLabs\upd_core.dll ----a-w 286,787 2007-01-11 15:31:06 C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll ----a-w 321,016 2007-06-21 19:54:26 C:\WINDOWS\system32\ZoneLabs\imsecure.dll ----a-w 378,344 2007-06-21 19:54:36 C:\WINDOWS\system32\ZoneLabs\zlsre.dll ----a-w 788,200 2007-06-11 10:43:52 C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll ----a-w 1,496,808 2007-06-11 10:43:56 C:\WINDOWS\system32\ZoneLabs\srescan.dll ----a-w 2,432,259 2007-01-11 09:12:08 C:\WINDOWS\system32\ZoneLabs\spyware.dat ----a-w 2,432,259 2007-01-11 09:12:08 C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat ----a-w 50,416 2007-06-11 10:44:10 C:\WINDOWS\system32\ZoneLabs\srescan.sys ----a-w 99,816 2007-06-21 19:54:24 C:\WINDOWS\system32\ZoneLabs\camupd.dll ----a-w 144,936 2007-06-21 19:54:46 C:\WINDOWS\system32\ZoneLabs\updclient.exe ----a-w 17,808 2007-06-21 19:55:30 C:\WINDOWS\system32\ZoneLabs\scheduler_loc040c.dll ----a-w 17,808 2007-06-21 19:55:30 C:\WINDOWS\system32\ZoneLabs\vsdb_loc040c.dll ----a-w 46,480 2007-06-21 19:55:30 C:\WINDOWS\system32\ZoneLabs\vsmon_loc040c.dll ----a-w 198,032 2007-06-21 19:55:30 C:\WINDOWS\system32\ZoneLabs\vsruledb_loc040c.dll ----a-w 17,808 2007-06-21 19:55:30 C:\WINDOWS\system32\ZoneLabs\vsvault_loc040c.dll ----a-w 75,152 2007-06-21 19:55:30 C:\WINDOWS\system32\ZoneLabs\updClient_loc040c.dll ----a-w 21,904 2007-06-21 19:55:32 C:\WINDOWS\system32\ZoneLabs\zlsre_loc040c.dll ----a-w 17,808 2007-06-21 19:55:32 C:\WINDOWS\system32\ZoneLabs\zlquarantine_loc040c.dll ----a-w 26,000 2007-06-21 19:55:28 C:\WINDOWS\system32\ZoneLabs\imsecure_loc040c.dll ----a-w 26,000 2007-06-21 19:55:26 C:\WINDOWS\system32\ZoneLabs\av_loc040c.dll ----a-w 17,808 2007-06-21 19:55:26 C:\WINDOWS\system32\ZoneLabs\camupd_loc040c.dll ----a-w 813,568 2004-01-30 10:35:08 C:\WINDOWS\system32\ZoneLabs\dbghelp.dll ----a-w 26,000 2007-06-21 19:54:54 C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll ----a-w 1,361,296 2007-06-21 19:54:54 C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll ----a-w 71,056 2007-06-21 19:54:54 C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll ----a-w 288,144 2007-06-21 19:55:26 C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard_loc040c.zip.dll ----a-w 152,976 2007-06-21 19:55:28 C:\WINDOWS\system32\ZoneLabs\lib\LicenseUI_loc040c.zip.dll ----a-w 30,184 2007-06-21 19:56:16 C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll ----a-w 30,216 2007-06-21 19:56:16 C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll ----a-w 3,229,176 2007-06-21 19:56:18 C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll ----a-w 26,000 2007-06-21 19:55:28 C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp_loc040c.dll ----a-w 210,432 2007-06-21 19:56:16 C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll ----a-w 118,784 2007-05-30 22:03:18 C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe ----a-w 258,048 2007-05-30 22:03:16 C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll ----a-w 38,400 2007-05-30 22:03:16 C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll ----a-w 184,320 2007-05-30 22:03:18 C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll ----a-w 208,960 2006-09-19 21:12:14 C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll ----a-w 90,112 2007-05-30 22:03:22 C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll ----a-w 548,864 2007-05-30 22:03:20 C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll ----a-w 626,688 2007-05-30 22:03:20 C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll ----a-w 77,824 2007-05-30 22:03:16 C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll ----a-w 110,592 2007-05-30 22:03:16 C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll ----a-w 331,776 2007-05-30 22:03:16 C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll ----a-w 1,093,632 2006-12-19 16:13:52 C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll ----a-w 200,704 2006-12-19 16:13:52 C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll ----a-w 65,248 2007-05-30 22:03:30 C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat ----a-w 21,568 2006-06-30 12:47:36 C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll ----a-w 16,384 2007-09-22 17:24:52 C:\WINDOWS\Temp\Perflib_Perfdata_6b0.dat . ----a-w 40,960 2006-01-09 08:36:06 C:\WINDOWS\system32\swsc.exe ----a-w 79,360 2006-12-01 04:20:34 C:\WINDOWS\system32\swxcacls.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2003-09-23 09:09 C:\WINDOWS\SOUNDMAN.EXE] "Disk Monitor"="C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe" [2003-06-18 11:57] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 22:05] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-10-11 22:02] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-06-24 15:16] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-06 21:12] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32] "ExtraFilmHemmaAgent"="C:\Program Files\Extrafilm FotoFacil\Agent.exe" [2006-10-03 09:40] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24] "NetAppel"="C:\program files\netappel\netappel.exe" [2007-09-15 13:19] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] PCANotify.dll 2003-05-29 11:00 8704 C:\WINDOWS\system32\PCANotify.dll R3 C4C_BSC2;C4C_BSC2;C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS S2 vdo_326d-6b44;vdo_326d-6b44;\??\C:\WINDOWS\system32\vdo_326d-6b44.sys S3 PIXMC10;JVC Communication PIX-MC10 Driver;C:\WINDOWS\system32\Drivers\pixmc10c.sys S3 PIXMC10A;JVC PIX-MC10 Audio Capture;C:\WINDOWS\system32\Drivers\pixmc10a.sys S3 PIXMC10V;JVC PIX-MC10 Video Capture;C:\WINDOWS\system32\Drivers\pixmc10v.sys *Newly Created Service* - SRESCAN *Newly Created Service* - VSMON . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-22 19:49:02 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-22 19:51:14 C:\ComboFix-quarantined-files.txt ... 2007-09-22 19:51 C:\ComboFix3.txt ... 2007-09-21 19:45 C:\ComboFix2.txt ... 2007-09-22 19:42 . --- E O F --- Fix: SmitFraudFix v2.227 Rapport fait à 19:52:45,71, 22/09/2007 Executé à partir de C:\Documents and Settings\Jean-Christophe\Bureau\Mes telechargement\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est FAT32 Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\lotus\notes\nslsvice.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Extrafilm FotoFacil\Agent.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\program files\netappel\netappel.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts Fichier hosts corrompu ! 192.168.200.3 download.microsoft.com 192.168.200.3 downloads.microsoft.com 192.168.200.3 go.microsoft.com 192.168.200.3 microsoft.com 192.168.200.3 msdn.microsoft.com 192.168.200.3 office.microsoft.com 192.168.200.3 support.microsoft.com 192.168.200.3 windowsupdate.microsoft.com 192.168.200.3 www.microsoft.com 192.168.200.3 pandasoftware.com 192.168.200.3 www.pandasoftware.com »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jean-Christophe »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jean-Christophe\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JEAN-C~1\FAVORIS »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.254 HKLM\SYSTEM\CCS\Services\Tcpip\..\{81260026-7663-40F1-88CE-7C27A0FBAA76}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\..\{81260026-7663-40F1-88CE-7C27A0FBAA76}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS2\Services\Tcpip\..\{81260026-7663-40F1-88CE-7C27A0FBAA76}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS3\Services\Tcpip\..\{81260026-7663-40F1-88CE-7C27A0FBAA76}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin -
Warning! potential spyware operation
lesandre a répondu à un(e) sujet de lesandre dans Analyses et éradication malwares
Bonjour Charles, Voici le rapport demande. Durant la recherche, j'ai eu trois fois le message, modification de la base de registre impossible. Le gestionnaire de tache n'est plus accessible de nouveau (ainsi que le reste). ;( Merci encore et a bientot, JC Rapport SmitFraudfix: SmitFraudFix v2.225 Rapport fait à 8:27:17,14, 22/09/2007 Executé à partir de C:\Documents and Settings\Jean-Christophe\Bureau\Mes telechargement\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est FAT32 Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\lotus\notes\nslsvice.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Extrafilm FotoFacil\Agent.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\program files\netappel\netappel.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Documents and Settings\Jean-Christophe\Menu Démarrer\Programmes\Démarrage\system.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts Fichier hosts corrompu ! 192.168.200.3 download.microsoft.com 192.168.200.3 downloads.microsoft.com 192.168.200.3 go.microsoft.com 192.168.200.3 microsoft.com 192.168.200.3 msdn.microsoft.com 192.168.200.3 office.microsoft.com 192.168.200.3 support.microsoft.com 192.168.200.3 windowsupdate.microsoft.com 192.168.200.3 www.microsoft.com 192.168.200.3 pandasoftware.com 192.168.200.3 www.pandasoftware.com »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\printer.exe PRESENT ! C:\WINDOWS\system32\WinAvXX.exe PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jean-Christophe »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jean-Christophe\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JEAN-C~1\FAVORIS »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.254 HKLM\SYSTEM\CCS\Services\Tcpip\..\{81260026-7663-40F1-88CE-7C27A0FBAA76}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\..\{81260026-7663-40F1-88CE-7C27A0FBAA76}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS2\Services\Tcpip\..\{81260026-7663-40F1-88CE-7C27A0FBAA76}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS3\Services\Tcpip\..\{81260026-7663-40F1-88CE-7C27A0FBAA76}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin -
Warning! potential spyware operation
lesandre a répondu à un(e) sujet de lesandre dans Analyses et éradication malwares
Re, Je ne trouve pas le fichier vdo_326d-6b44.sys: j'ai suivi exactement la procedure mais il n'apparait pas. Merci, JC -
Warning! potential spyware operation
lesandre a répondu à un(e) sujet de lesandre dans Analyses et éradication malwares
Re, ==> Je n'arrive pas a passer sur le site Virustotal.com. j'essaye depuis 20 minutes. Il y a qque chose qui le bloque. Que dois-je faire STP? Pour info.: j'ai un autre PC qui peut aller dessus sans pb donc c'est interne a ce PC. Pour la fenetre, c'est la fausse pub: Warning! etc.... Merci, JC -
Warning! potential spyware operation
lesandre a répondu à un(e) sujet de lesandre dans Analyses et éradication malwares
Salut Charles, Les deux manips ont ete faites, voici les rapports. La fenetre apparait toujours (( et le PC est lent ( mais j'ai acces (pour le moment) au panneau de configuration, au gestionnaires de taches... ))) Merci, JC Combofix rapport: ComboFix 07-09-20.1 - "Jean-Christophe" 2007-09-21 19:41:25.5 - FAT32x86 Microsoft Windows XP ?dition familiale 5.1.2600.2.1252.33.1036.18.54 [GMT 2:00] Command switches used :: C:\Documents and Settings\Jean-Christophe\Bureau\Mes telechargement\Debug\CFScript.txt Le temps d'ex‚cution du script a ‚t‚ d‚pass‚ pour le script "C:\ComboFix\restore_pt.vbs". L'ex‚cution du script a pris fin. FILE:: C:\WINDOWS\system32\WinAvXX.exe C:\WINDOWS\system32\printer.exe C:\WINDOWS\system32\systems.txt C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\autorun.exe C:\WINDOWS\system32\vtr.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\printer.exe C:\WINDOWS\system32\WinAvXX.exe . ((((((((((((((((((((((((((((( Fichiers créés 2007-08-21 to 2007-09-21 )))))))))))))))))))))))))))))))))))) . 2007-09-20 21:19 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-19 22:09 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-09-19 16:53 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-09-19 16:00 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-09-19 16:00 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-09-19 13:02 <REP> d-------- C:\Program Files\CCleaner 2007-09-19 12:46 <REP> d-------- C:\Program Files\a-squared Free 2007-09-19 10:56 <REP> d-------- C:\Program Files\RegCleaner 2007-09-19 07:26 <REP> d-------- C:\WINDOWS\report 2007-09-19 07:25 86,094 --a------ C:\WINDOWS\BPMNT.dll 2007-09-19 07:25 71,749 --a------ C:\WINDOWS\hcextoutput.dll 2007-09-19 07:25 267,845 --a------ C:\WINDOWS\tsc.exe 2007-09-19 07:25 1,163,344 --a------ C:\WINDOWS\vsapi32.dll 2007-09-19 07:25 <REP> d-------- C:\WINDOWS\AU_Backup 2007-09-19 07:23 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2007-09-19 07:23 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2007-09-19 07:23 286,720 --a------ C:\WINDOWS\PATCH.EXE 2007-09-19 07:23 <REP> d-------- C:\WINDOWS\AU_Temp 2007-09-19 07:23 <REP> d-------- C:\WINDOWS\AU_Log 2007-09-18 23:31 883,694 --a------ C:\SmitfraudFix.exe 2007-09-18 23:08 <REP> d-------- C:\SmitfraudFix 2007-09-18 22:39 3,394 --a------ C:\WINDOWS\system32\tmp.reg 2007-09-18 21:10 <REP> d-------- C:\Program Files\Navilog1 2007-09-18 20:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-09-17 21:10 <REP> dr------- C:\DOCUME~1\Elyan\Mes documents 2007-09-17 21:10 <REP> dr------- C:\DOCUME~1\Elyan\Favoris 2007-09-14 21:08 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-09-14 14:05 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-09-14 12:59 <REP> dr------- C:\DOCUME~1\ADMINI~1\Mes documents 2007-09-14 12:59 <REP> dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer 2007-09-14 12:59 <REP> dr------- C:\DOCUME~1\ADMINI~1\Favoris 2007-09-14 12:59 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau 2007-09-14 12:59 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression 2007-09-14 12:59 <REP> d--h----- C:\DOCUME~1\ADMINI~1\ModŠles 2007-09-14 12:59 <REP> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS 2007-09-14 12:59 <REP> d-------- C:\DOCUME~1\ADMINI~1\Bureau 2007-09-14 12:59 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\InterTrust 2007-09-01 15:57 1,268 --a------ C:\WINDOWS\mozver.dat 2007-08-21 20:28 0 --a------ C:\WINDOWS\nsreg.dat . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-14 21:11 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2007-09-14 21:11 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-09-06 12:09 801144 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-09-06 12:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-06 12:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-06 12:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-09-06 12:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-09-06 12:00 95608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-09-06 12:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll 2007-07-29 17:57 --------- d-------- C:\Program Files\Alwil Software 2007-07-29 17:07 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-07-29 16:24 --------- d-------- C:\Program Files\Realtek Sound Manager 2007-07-29 16:24 --------- d-------- C:\Program Files\AvRack 2007-07-29 16:24 --------- d-------- C:\DOCUME~1\ELYAN\APPLIC~1\Real 2007-07-29 16:24 --------- d-------- C:\DOCUME~1\ELYAN\APPLIC~1\InterTrust 2007-07-29 16:24 --------- d-------- C:\DOCUME~1\ELYAN\APPLIC~1\ICQ 2007-07-29 16:24 --------- d-------- C:\DOCUME~1\ELYAN\APPLIC~1\FUJIFILM 2007-07-26 17:25 --------- d-------- C:\DOCUME~1\OLGA\APPLIC~1\WebCallDirect 2007-07-19 08:58 3583488 --------- C:\WINDOWS\system32\dllcache\mshtml.dll 2007-07-13 01:30 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll 2007-06-27 15:24 823808 --------- C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-27 15:24 671232 --------- C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-27 15:24 477696 --------- C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-27 15:24 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll 2007-06-27 15:24 193024 --------- C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-27 15:24 1152000 --------- C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-27 15:24 105984 --------- C:\WINDOWS\system32\dllcache\url.dll 2007-06-27 15:24 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll 2007-06-27 15:23 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-06-27 15:23 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-06-27 15:23 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-06-27 15:23 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll 2007-06-27 15:23 27648 --------- C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-27 15:23 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-06-27 15:22 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-06-27 15:22 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-06-27 15:22 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-06-27 15:22 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-06-27 15:22 132608 --------- C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-27 15:22 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll 2007-06-27 10:28 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe 2007-06-27 10:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-06-27 10:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-06-27 09:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll 2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll 2005-07-21 15:12 457 --a------ C:\Program Files\INSTALL.LOG . ((((((((((((((((((((((((((((( snapshot_2007-09-20_212949.73 ))))))))))))))))))))))))))))))))))))))))) . ----a-w 16,384 2007-09-21 17:36:22 C:\WINDOWS\Temp\Perflib_Perfdata_598.dat . . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2003-09-23 09:09 C:\WINDOWS\SOUNDMAN.EXE] "Disk Monitor"="C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe" [2003-06-18 11:57] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 22:05] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-10-11 22:02] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-06-24 15:16] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-06 21:12] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32] "ExtraFilmHemmaAgent"="C:\Program Files\Extrafilm FotoFacil\Agent.exe" [2006-10-03 09:40] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24] "NetAppel"="C:\program files\netappel\netappel.exe" [2007-09-15 13:19] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] PCANotify.dll 2003-05-29 11:00 8704 C:\WINDOWS\system32\PCANotify.dll R3 C4C_BSC2;C4C_BSC2;C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS S2 vdo_326d-6b44;vdo_326d-6b44;\??\C:\WINDOWS\system32\vdo_326d-6b44.sys S3 PIXMC10;JVC Communication PIX-MC10 Driver;C:\WINDOWS\system32\Drivers\pixmc10c.sys S3 PIXMC10A;JVC PIX-MC10 Audio Capture;C:\WINDOWS\system32\Drivers\pixmc10a.sys S3 PIXMC10V;JVC PIX-MC10 Video Capture;C:\WINDOWS\system32\Drivers\pixmc10v.sys . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-21 19:44:17 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-21 19:45:29 C:\ComboFix-quarantined-files.txt ... 2007-09-21 19:45 C:\ComboFix3.txt ... 2007-09-20 22:17 C:\ComboFix2.txt ... 2007-09-21 19:32 . --- E O F --- Rapport HijackThis: StartupList report, 21/09/2007, 19:48:18 StartupList version: 1.52.2 Started from : C:\Documents and Settings\Jean-Christophe\Bureau\Mes telechargement\HiJackThis_v2.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v7.00 (7.00.6000.16512) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\lotus\notes\nslsvice.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Extrafilm FotoFacil\Agent.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Messenger\msmsgs.exe C:\program files\netappel\netappel.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\autorun.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Jean-Christophe\Bureau\Mes telechargement\HiJackThis_v2.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Jean-Christophe\Menu Démarrer\Programmes\Démarrage] system.exe Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage] Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE Exif Launcher.lnk = ? autorun.exe Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run SoundMan = SOUNDMAN.EXE Disk Monitor = C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe SunJavaUpdateSched = C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe TkBellExe = "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot SpeedTouch USB Diagnostics = "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime REGSHAVE = C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN ExtraFilmHemmaAgent = "C:\Program Files\Extrafilm FotoFacil\Agent.exe" Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" Adobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe !AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background NetAppel = "C:\program files\netappel\netappel.exe" -nosplash -minimized -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] = -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\system32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] * StubPath = C:\WINDOWS\system32\ieudinit.exe [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Regedit.exe has no CompanyName property! It is either missing or named something else. - Regedit.exe has no OriginalFilename property! It is either missing or named something else. - Regedit.exe has no FileDescription property! It is either missing or named something else. Registry check failed! -------------------------------------------------- Enumerating Browser Helper Objects: *No BHO's found* -------------------------------------------------- Enumerating Task Scheduler jobs: *No jobs found* -------------------------------------------------- Enumerating Download Program Files: [France Telecom MDM ActiveX Control] InProcServer32 = C:\WINDOWS\MDM.ocx CODEBASE = http://minitelweb.minitel.com/imin_data/ocx/MDM.cab [shockwave ActiveX Control] InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab [ewidoOnlineScan Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL CODEBASE = http://downloads.ewido.net/ewidoOnlineScan.cab [Contrôleur de DownloadManager] InProcServer32 = C:\WINDOWS\DOWNLO~1\DOWNLO~1.OCX CODEBASE = http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.0.8.cab [image Uploader Control] InProcServer32 = C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx CODEBASE = http://webalbum.foto.com/NewUploader/ImageUploader4.cab [HouseCall Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx CODEBASE = http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab [Java Plug-in 1.4.2_05] InProcServer32 = C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll CODEBASE = http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab [{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}] CODEBASE = http://fpdownload.macromedia.com/get/shock...h/ultrashim.cab [{A18962F6-E6ED-40B1-97C9-1FB36F38BFA8}] CODEBASE = http://www.extrafilm.fr/net/import/ImageUploader3.cab [iPSUploader4 Control] InProcServer32 = C:\WINDOWS\Downloaded Program Files\IPSUploader4.ocx CODEBASE = http://photoservice.fujicolor.de/ips-opdat...PSUploader4.cab [Java Plug-in 1.4.2_05] InProcServer32 = C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll CODEBASE = http://java.sun.com/products/plugin/autodl...indows-i586.cab [get_atlcom Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\gp.ocx CODEBASE = http://www.adobe.com/products/acrobat/nos/gp.cab [shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx CODEBASE = http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab [Creative Product Registration ActiveX Control Module] InProcServer32 = C:\WINDOWS\System32\CTORWE~1.OCX CODEBASE = http://www.creative.com/register/OCXs/CtORWebClientNoMFC.cab [{FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39}] CODEBASE = http://webalbum.foto.com/FUploader/SpeedUploader.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll Protocol #16: C:\WINDOWS\system32\mswsock.dll Protocol #17: C:\WINDOWS\system32\mswsock.dll Protocol #18: C:\WINDOWS\system32\mswsock.dll Protocol #19: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services a-squared Free Service: "C:\Program Files\a-squared Free\a2service.exe" (autostart) Ad-Aware 2007 Service: "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" (autostart) Pilote ACPI Microsoft: System32\DRIVERS\ACPI.sys (system) Suppresseur d'écho acoustique (Noyau Microsoft): system32\drivers\aec.sys (manual start) Environnement de prise en charge de réseau AFD: \SystemRoot\System32\drivers\afd.sys (system) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN): System32\DRIVERS\alcan5wn.sys (manual start) SpeedTouch ADSL Modem ATM Transport: System32\DRIVERS\alcaudsl.sys (manual start) Service for WDM 3D Audio Driver: system32\drivers\ALCXSENS.SYS (manual start) Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start) Avertissement: %SystemRoot%\System32\svchost.exe -k LocalService (disabled) Service de la passerelle de la couche Application: %SystemRoot%\System32\alg.exe (manual start) Pilote de processeur AMD K7: System32\DRIVERS\amdk7.sys (system) Gestion d'applications: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Protocole client ARP 1394: System32\DRIVERS\arp1394.sys (manual start) avast! iAVS4 Control Service: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" (autostart) Pilote de média asynchrone RAS: System32\DRIVERS\asyncmac.sys (manual start) Contrôleur de disque dur IDE/ESDI standard: System32\DRIVERS\atapi.sys (system) Ati HotKey Poller: %SystemRoot%\System32\Ati2evxx.exe (autostart) ati2mtag: System32\DRIVERS\ati2mtag.sys (manual start) Protocole client ATM ARP: System32\DRIVERS\atmarpc.sys (manual start) Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote audio Stub: System32\DRIVERS\audstub.sys (manual start) avast! Antivirus: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" (autostart) avast! Mail Scanner: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (manual start) avast! Web Scanner: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (manual start) AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system) AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart) AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system) Service Elève pcAnywhere: C:\Program Files\Symantec\pcAnywhere\awhost32.exe (manual start) awlegacy: \SystemRoot\System32\Drivers\awlegacy.sys (system) AW_HOST: system32\drivers\aw_host5.sys (system) Service de transfert intelligent en arrière-plan: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pont MAC: System32\DRIVERS\bridge.sys (manual start) Miniport de pont MAC: System32\DRIVERS\bridge.sys (manual start) Explorateur d'ordinateur: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) C-DillaCdaC11BA: C:\WINDOWS\System32\drivers\CDAC11BA.EXE (autostart) C4C_BSC2: System32\DRIVERS\C4C_BSC2.sys (manual start) catchme: \??\C:\DOCUME~1\JEAN-C~1\LOCALS~1\Temp\catchme.sys (manual start) Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start) CdaC15BA: \??\C:\WINDOWS\System32\drivers\CDAC15BA.SYS (autostart) Pilote de CD-ROM: System32\DRIVERS\cdrom.sys (system) Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start) Gestionnaire de l'Album: %SystemRoot%\system32\clipsrv.exe (disabled) Application système COM+: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Creative Service for CDROM Access: C:\WINDOWS\System32\CTsvcCDA.EXE (autostart) Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Lanceur de processus serveur DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) Client DHCP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote de disque: System32\DRIVERS\disk.sys (system) Service d'administration du Gestionnaire de disque logique: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) dmio: System32\drivers\dmio.sys (disabled) dmload: System32\drivers\dmload.sys (disabled) Gestionnaire de disque logique: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Synthétiseur DLS du noyau Microsoft: system32\drivers\DMusic.sys (manual start) Client DNS: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart) Filtre de décodeur DRM (Noyau Microsoft): system32\drivers\drmkaud.sys (manual start) Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Journal des événements: %SystemRoot%\system32\services.exe (autostart) Système d'événements de COM+: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start) Fallback: System32\DRIVERS\C4C_FALL.sys (autostart) Compatibilité avec le Changement rapide d'utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote de contrôleur de lecteur de disquettes: System32\DRIVERS\fdc.sys (manual start) Pilote de lecteur de disquettes: System32\DRIVERS\flpydisk.sys (manual start) FltMgr: system32\drivers\fltmgr.sys (system) Fsks: System32\DRIVERS\C4C_FSKS.sys (autostart) Pilote du Gestionnaire de volume: System32\DRIVERS\ftdisk.sys (system) France Telecom Routing Table Service: C:\WINDOWS\System32\FTRTSVC.exe (autostart) GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start) Classificateur de paquets générique: System32\DRIVERS\msgpc.sys (manual start) Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Accès du périphérique d'interface utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Pilote de classe HID Microsoft: System32\DRIVERS\hidusb.sys (manual start) HTTP: System32\Drivers\HTTP.sys (manual start) HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start) Pilote pour clavier i8042 et souris sur port PS/2: System32\DRIVERS\i8042prt.sys (system) Pilote de filtre de gravure CD: System32\DRIVERS\imapi.sys (system) Service COM de gravage de CD IMAPI: C:\WINDOWS\System32\imapi.exe (manual start) Pilote du pare-feu Windows IPv6: system32\drivers\ip6fw.sys (manual start) Pilote de filtre de trafic IP: System32\DRIVERS\ipfltdrv.sys (manual start) Pilote de tunnelage IP dans IP: System32\DRIVERS\ipinip.sys (manual start) Traducteur d'adresses réseau IP: System32\DRIVERS\ipnat.sys (manual start) iPod Service: C:\Program Files\iPod\bin\iPodService.exe (manual start) Pilote IPSEC: System32\DRIVERS\ipsec.sys (system) Service énumérateur IR: System32\DRIVERS\irenum.sys (manual start) Pilote de bus Plug-and-Play ISA/EISA: System32\DRIVERS\isapnp.sys (system) K56: System32\DRIVERS\C4C_K56K.sys (autostart) Pilote de la classe Clavier: System32\DRIVERS\kbdclass.sys (system) Mélangeur audio Wave de noyau Microsoft: system32\drivers\kmixer.sys (manual start) Serveur: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Station de travail: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Assistance TCP/IP NetBIOS: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Lotus Notes Single Logon: "C:\Program Files\lotus\notes\nslsvice.exe" (autostart) Machine Debug Manager: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe" (autostart) mdmxsdk: System32\DRIVERS\mdmxsdk.sys (autostart) Affichage des messages: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Partage de Bureau à distance NetMeeting: C:\WINDOWS\System32\mnmsrvc.exe (manual start) Pilote de la classe Souris: System32\DRIVERS\mouclass.sys (system) Pilote HID de souris: System32\DRIVERS\mouhid.sys (manual start) Redirecteur client WebDav: System32\DRIVERS\mrxdav.sys (manual start) MRXSMB: System32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start) Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start) Proxy de service de répartition Microsoft: system32\drivers\MSKSSRV.sys (manual start) Proxy d'horloge de répartition Microsoft: system32\drivers\MSPCLOCK.sys (manual start) Proxy de gestion de qualité de répartition Microsoft: system32\drivers\MSPQM.sys (manual start) Pilote BIOS de gestion de systèmes Microsoft: System32\DRIVERS\mssmbios.sys (manual start) Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start) NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start) Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start) Pilote TAPI NDIS d'accès distant: System32\DRIVERS\ndistapi.sys (manual start) NDIS mode utilisateur E/S Protocole: System32\DRIVERS\ndisuio.sys (manual start) Pilote réseau étendu NDIS d'accès distant: System32\DRIVERS\ndiswan.sys (manual start) Interface NetBIOS: System32\DRIVERS\netbios.sys (system) NetBIOS sur TCP/IP: System32\DRIVERS\netbt.sys (system) DDE réseau: %SystemRoot%\system32\netdde.exe (disabled) DSDM DDE réseau: %SystemRoot%\system32\netdde.exe (disabled) Ouverture de session réseau: %SystemRoot%\System32\lsass.exe (manual start) Connexions réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote réseau 1394: System32\DRIVERS\nic1394.sys (manual start) NLA (Network Location Awareness): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Upper Class Filter Driver: System32\DRIVERS\NTIDrvr.sys (manual start) Fournisseur de la prise en charge de sécurité LM NT: %SystemRoot%\System32\lsass.exe (manual start) Stockage amovible: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Pilote de filtre de trafic IPX: System32\DRIVERS\nwlnkflt.sys (manual start) Pilote de transfert de trafic IPX: System32\DRIVERS\nwlnkfwd.sys (manual start) Contrôleur hôte compatible IEE 1394 VIA OHCI: System32\DRIVERS\ohci1394.sys (system) Pilote de port parallèle: System32\DRIVERS\parport.sys (manual start) PCI Bus Driver: System32\DRIVERS\pci.sys (system) PfModNT: \??\C:\WINDOWS\System32\drivers\PfModNT.sys (autostart) JVC Communication PIX-MC10 Driver: System32\Drivers\pixmc10c.sys (manual start) JVC PIX-MC10 Audio Capture: System32\Drivers\pixmc10a.sys (manual start) JVC PIX-MC10 Video Capture: System32\Drivers\pixmc10v.sys (manual start) Plug-and-Play: %SystemRoot%\system32\services.exe (autostart) Services IPSEC: %SystemRoot%\System32\lsass.exe (autostart) Miniport réseau étendu (PPTP): System32\DRIVERS\raspptp.sys (manual start) Pilote processeur: System32\DRIVERS\processr.sys (system) Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart) Planificateur de paquets QoS: System32\DRIVERS\psched.sys (manual start) Pilote de liaison parallèle directe: System32\DRIVERS\ptilink.sys (manual start) Pilote de connexion automatique d'accès distant: System32\DRIVERS\rasacd.sys (system) Gestionnaire de connexion automatique d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Miniport réseau étendu (L2TP): System32\DRIVERS\rasl2tp.sys (manual start) Gestionnaire de connexions d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote PPPOE d'accès à distance: System32\DRIVERS\raspppoe.sys (manual start) Parallèle direct: System32\DRIVERS\raspti.sys (manual start) Rdbss: System32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Gestionnaire de session d'aide sur le Bureau à distance: C:\WINDOWS\system32\sessmgr.exe (manual start) Pilote de filtre de lecture digitale de CD audio: System32\DRIVERS\redbook.sys (system) Routage et accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Rksample: System32\DRIVERS\C4C_SAMP.sys (manual start) Localisateur d'appels de procédure distante (RPC): %SystemRoot%\System32\locator.exe (manual start) Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start) Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver: System32\DRIVERS\Rtlnic51.sys (manual start) Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart) Pilote de bus de transport/protocole SBP-2: System32\DRIVERS\sbp2port.sys (system) Carte à puce: %SystemRoot%\System32\SCardSvr.exe (manual start) Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: System32\DRIVERS\secdrv.sys (manual start) Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de filtre Serenum: System32\DRIVERS\serenum.sys (manual start) Pilote de port série: System32\DRIVERS\serial.sys (system) Pare-feu Windows / Partage de connexion Internet: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start) SoftFax: System32\DRIVERS\C4C_FAXX.sys (autostart) Splitter audio du noyau Microsoft: system32\drivers\splitter.sys (manual start) Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart) Pilote de filtre de restauration système: System32\DRIVERS\sr.sys (system) Service de restauration système: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Srv: System32\DRIVERS\srv.sys (manual start) Service de découvertes SSDP: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Acquisition d'image Windows (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart) BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start) Pilote de bus logiciel: System32\DRIVERS\swenum.sys (manual start) Synthétiseur de table de sons GC noyau Microsoft: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{43352E4E-DA66-4C43-86BE-6DDE559B81DD} (manual start) SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start) Périphérique audio système du noyau Microsoft: system32\drivers\sysaudio.sys (manual start) Journaux et alertes de performance: %SystemRoot%\system32\smlogsvc.exe (manual start) Téléphonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote du protocole TCP/IP: System32\DRIVERS\tcpip.sys (system) Pilote de périphérique terminal: System32\DRIVERS\termdd.sys (system) Services Terminal Server: %SystemRoot%\System32\svchost -k DComLaunch (manual start) Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Tones: System32\DRIVERS\C4C_TONE.sys (autostart) Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de mise à jour microcode: System32\DRIVERS\update.sys (manual start) Hôte de périphérique universel Plug-and-Play: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start) Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start) Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft: System32\DRIVERS\usbehci.sys (manual start) Concentrateur USB2: System32\DRIVERS\usbhub.sys (manual start) Classe d'imprimantes USB Microsoft: System32\DRIVERS\usbprint.sys (manual start) Pilote de scanneur USB: System32\DRIVERS\usbscan.sys (manual start) Pilote de stockage de masse USB: System32\DRIVERS\USBSTOR.SYS (manual start) Pilote miniport de contrôleur hôte universel USB Microsoft: System32\DRIVERS\usbuhci.sys (manual start) ADI Remote NDIS Network Device Driver: System32\DRIVERS\usb8023.sys (manual start) V124: System32\DRIVERS\C4C_V124.sys (autostart) vdo_326d-6b44: \??\C:\WINDOWS\system32\vdo_326d-6b44.sys (autostart) Carte vidéo VGA.: \SystemRoot\System32\drivers\vga.sys (system) VIA AGP Filter: System32\DRIVERS\viaagp1.sys (system) ViaIde: System32\DRIVERS\viaide.sys (system) Cliché instantané de volume: %SystemRoot%\System32\vssvc.exe (manual start) Horloge Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote ARP IP d'accès distant: System32\DRIVERS\wanarp.sys (manual start) Pilote WINMM de compatibilité audio WDM Microsoft: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) winachsf: System32\DRIVERS\HSF_CNXT.sys (manual start) Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Service de numéro de série du lecteur multimédia portable: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Carte de performance WMI: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start) Centre de sécurité: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start) Mises à jour automatiques: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Service d'approvisionnement réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: C:\ComboFix\fprops.vbs => C:\QooBox\Quarantine\C\ComboFix\FProps.vbs.vir||x -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *No values found* -------------------------------------------------- End of report, 38 040 bytes Report generated in 0,219 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only -
Warning! potential spyware operation
lesandre a répondu à un(e) sujet de lesandre dans Analyses et éradication malwares
OK et merci bon boulot JC -
Warning! potential spyware operation
lesandre a répondu à un(e) sujet de lesandre dans Analyses et éradication malwares
Cela a ete fait - j'avais laisse la fenetre ouverte au cas ou. Voici le message recu sur page web: Malware Submission Your file was successfully submitted. Please let the user helping you know that you have submitted the file. Merci a toi et a demain, Bonne soiree, JC -
Warning! potential spyware operation
lesandre a répondu à un(e) sujet de lesandre dans Analyses et éradication malwares
Re, Je viens d'avoir le message suivant apres l'analyse: ///// Soumettez le malware à Bleeping Computer pour analyses. Copiez/Collez le chemin de fichier ci-dessous dans la zone ci-dessus et cliquez sur Envoyer. C:\DOCUME~1\JEAN-C~1\Bureau.\[4]-Submit_2007-09-20@22.07.zip ///// Et voici le rapport. Merci, JC ComboFix 07-09-20.1 - "Jean-Christophe" 2007-09-20 22:07:57.2 - FAT32x86 Microsoft Windows XP ?dition familiale 5.1.2600.2.1252.1.1036.18.71 [GMT 2:00] Command switches used :: C:\Documents and Settings\Jean-Christophe\Bureau\Mes telechargement\Debug\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\system32\WinAvXX.exe C:\WINDOWS\system32\printer.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\printer.exe C:\WINDOWS\system32\prn64.dll C:\WINDOWS\system32\WinAvXX.exe . ((((((((((((((((((((((((((((( Fichiers créés 2007-08-20 to 2007-09-20 )))))))))))))))))))))))))))))))))))) . 2007-09-20 21:19 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-19 22:09 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-09-19 16:53 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-09-19 16:00 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-09-19 16:00 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-09-19 13:02 <REP> d-------- C:\Program Files\CCleaner 2007-09-19 12:46 <REP> d-------- C:\Program Files\a-squared Free 2007-09-19 10:56 <REP> d-------- C:\Program Files\RegCleaner 2007-09-19 07:26 <REP> d-------- C:\WINDOWS\report 2007-09-19 07:25 86,094 --a------ C:\WINDOWS\BPMNT.dll 2007-09-19 07:25 71,749 --a------ C:\WINDOWS\hcextoutput.dll 2007-09-19 07:25 267,845 --a------ C:\WINDOWS\tsc.exe 2007-09-19 07:25 1,163,344 --a------ C:\WINDOWS\vsapi32.dll 2007-09-19 07:25 <REP> d-------- C:\WINDOWS\AU_Backup 2007-09-19 07:23 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2007-09-19 07:23 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2007-09-19 07:23 286,720 --a------ C:\WINDOWS\PATCH.EXE 2007-09-19 07:23 <REP> d-------- C:\WINDOWS\AU_Temp 2007-09-19 07:23 <REP> d-------- C:\WINDOWS\AU_Log 2007-09-18 23:31 883,694 --a------ C:\SmitfraudFix.exe 2007-09-18 23:08 <REP> d-------- C:\SmitfraudFix 2007-09-18 22:39 3,394 --a------ C:\WINDOWS\system32\tmp.reg 2007-09-18 21:10 <REP> d-------- C:\Program Files\Navilog1 2007-09-18 20:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-09-17 21:10 <REP> dr------- C:\DOCUME~1\Elyan\Mes documents 2007-09-17 21:10 <REP> dr------- C:\DOCUME~1\Elyan\Favoris 2007-09-14 21:08 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-09-14 14:05 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-09-14 12:59 <REP> dr------- C:\DOCUME~1\ADMINI~1\Mes documents 2007-09-14 12:59 <REP> dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer 2007-09-14 12:59 <REP> dr------- C:\DOCUME~1\ADMINI~1\Favoris 2007-09-14 12:59 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau 2007-09-14 12:59 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression 2007-09-14 12:59 <REP> d--h----- C:\DOCUME~1\ADMINI~1\ModŠles 2007-09-14 12:59 <REP> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS 2007-09-14 12:59 <REP> d-------- C:\DOCUME~1\ADMINI~1\Bureau 2007-09-14 12:59 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\InterTrust 2007-09-01 15:57 1,268 --a------ C:\WINDOWS\mozver.dat 2007-08-21 20:28 0 --a------ C:\WINDOWS\nsreg.dat . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-14 21:11 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2007-09-14 21:11 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-09-06 12:09 801144 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-09-06 12:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-06 12:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-06 12:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-09-06 12:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-09-06 12:00 95608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-09-06 12:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll 2007-07-29 17:57 --------- d-------- C:\Program Files\Alwil Software 2007-07-29 17:07 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-07-29 16:24 --------- d-------- C:\Program Files\Realtek Sound Manager 2007-07-29 16:24 --------- d-------- C:\Program Files\AvRack 2007-07-29 16:24 --------- d-------- C:\DOCUME~1\ELYAN\APPLIC~1\Real 2007-07-29 16:24 --------- d-------- C:\DOCUME~1\ELYAN\APPLIC~1\InterTrust 2007-07-29 16:24 --------- d-------- C:\DOCUME~1\ELYAN\APPLIC~1\ICQ 2007-07-29 16:24 --------- d-------- C:\DOCUME~1\ELYAN\APPLIC~1\FUJIFILM 2007-07-26 17:25 --------- d-------- C:\DOCUME~1\OLGA\APPLIC~1\WebCallDirect 2007-07-19 08:58 3583488 --------- C:\WINDOWS\system32\dllcache\mshtml.dll 2007-07-13 01:30 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll 2007-06-27 15:24 823808 --------- C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-27 15:24 671232 --------- C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-27 15:24 477696 --------- C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-27 15:24 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll 2007-06-27 15:24 193024 --------- C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-27 15:24 1152000 --------- C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-27 15:24 105984 --------- C:\WINDOWS\system32\dllcache\url.dll 2007-06-27 15:24 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll 2007-06-27 15:23 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-06-27 15:23 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-06-27 15:23 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-06-27 15:23 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll 2007-06-27 15:23 27648 --------- C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-27 15:23 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-06-27 15:22 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-06-27 15:22 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-06-27 15:22 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-06-27 15:22 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-06-27 15:22 132608 --------- C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-27 15:22 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll 2007-06-27 10:28 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe 2007-06-27 10:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-06-27 10:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-06-27 09:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll 2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll 2005-07-21 15:12 457 --a------ C:\Program Files\INSTALL.LOG . ((((((((((((((((((((((((((((( snapshot_2007-09-20_212949.73 ))))))))))))))))))))))))))))))))))))))))) . ----a-w 16,384 2007-09-20 20:12:28 C:\WINDOWS\Temp\Perflib_Perfdata_528.dat . . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2003-09-23 09:09 C:\WINDOWS\SOUNDMAN.EXE] "Disk Monitor"="C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe" [2003-06-18 11:57] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 22:05] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-10-11 22:02] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-06-24 15:16] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-06 21:12] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32] "ExtraFilmHemmaAgent"="C:\Program Files\Extrafilm FotoFacil\Agent.exe" [2006-10-03 09:40] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25] "WinAVX"="C:\WINDOWS\system32\WinAvXX.exe" [2007-09-13 11:06] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24] "NetAppel"="C:\program files\netappel\netappel.exe" [2007-09-15 13:19] "WinAVX"="C:\WINDOWS\system32\WinAvXX.exe" [2007-09-13 11:06] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=1 (0x1) "DisableTaskMgr"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=1 (0x1) "DisableTaskMgr"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoControlPanel"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoControlPanel"=1 (0x1) "NoWindowsUpdate"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Shell"="Explorer.exe C:\WINDOWS\system32\printer.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify] PCANotify.dll 2003-05-29 11:00 8704 C:\WINDOWS\system32\PCANotify.dll R3 C4C_BSC2;C4C_BSC2;C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS S2 vdo_326d-6b44;vdo_326d-6b44;\??\C:\WINDOWS\system32\vdo_326d-6b44.sys S3 PIXMC10;JVC Communication PIX-MC10 Driver;C:\WINDOWS\system32\Drivers\pixmc10c.sys S3 PIXMC10A;JVC PIX-MC10 Audio Capture;C:\WINDOWS\system32\Drivers\pixmc10a.sys S3 PIXMC10V;JVC PIX-MC10 Video Capture;C:\WINDOWS\system32\Drivers\pixmc10v.sys S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-20 22:13:38 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-20 22:17:04 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-09-20 22:17 C:\ComboFix2.txt ... 2007-09-20 21:30 . --- E O F --- -
Warning! potential spyware operation
lesandre a répondu à un(e) sujet de lesandre dans Analyses et éradication malwares
Thanks a lot! JC