sonnynice

Membres

Afficher le profil Afficher son activité

Compteur de contenus
5
Inscription
le 8 septembre 2008
Dernière visite
le 12 septembre 2008

sonnynice's Achievements

Junior Member (3/12)

Réputation sur la communauté

trojan spy win32 greenscreen et bankfraud

sonnynice a répondu à un(e) sujet de sonnynice dans Analyses et éradication malwares

ComboFix 08-09-05.03 - bilou 2008-09-11 10:31:56.2 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1271 [GMT 2:00] Endroit: C:\Users\bilou\Desktop\Nabil\Logiciels\ComboFix.exe Command switches used :: C:\Users\bilou\Desktop\CFScript.txt * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\ProgramData\apisysweb C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Conditions générales.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Confidentialité.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Désinstaller.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\InternetGameBox.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InternetGameBox\Website.url C:\ProgramData\mxsbmzcd C:\ProgramData\ShGen C:\Windows\system32\WinService.exe F:\Autorun.inf . ((((((((((((((((((((((((((((( Fichiers créés 2008-08-11 to 2008-09-11 )))))))))))))))))))))))))))))))))))) . Pas de nouveau fichier créé dans cet espace de temps . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-11 08:16 --------- d-----w C:\Program Files\Common Files\Akamai 2008-09-11 08:14 970,752 ----a-w C:\Windows\WD90VM.DLL 2008-09-11 08:14 565,248 ----a-w C:\Windows\WD90IMG.DLL 2008-09-11 08:14 417,792 ----a-w C:\Windows\WD90COM.DLL 2008-09-11 08:14 394,752 ----a-w C:\Windows\WD90STD.DLL 2008-09-11 08:14 1,539,584 ----a-w C:\Windows\WD90OBJ.DLL 2008-09-10 18:53 --------- d-----w C:\Users\bilou\AppData\Roaming\GrabIt 2008-09-10 17:41 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-09-09 07:35 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-09-07 22:11 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys 2008-09-07 22:11 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys 2008-09-07 16:35 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-09-07 16:35 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-09-07 16:25 --------- d-----w C:\Users\bilou\AppData\Roaming\Malwarebytes 2008-09-07 16:25 --------- d-----w C:\ProgramData\Malwarebytes 2008-09-07 16:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-09-07 16:00 --------- d-----w C:\Program Files\Norton Security Scan 2008-09-05 16:40 --------- d-----w C:\Program Files\Google 2008-09-05 13:30 --------- d-----w C:\Users\bilou\AppData\Roaming\Azureus 2008-09-03 07:39 --------- d-----w C:\Program Files\Windows Live 2008-09-02 17:26 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition 2008-09-02 17:25 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-09-02 17:22 --------- d-----w C:\ProgramData\WLInstaller 2008-08-31 19:22 --------- d-----w C:\Program Files\TVAnts 2008-08-31 18:05 --------- d-----w C:\Program Files\SopCast 2008-08-30 11:49 --------- d-----w C:\Program Files\POINTDECROIX 2008-08-28 20:33 --------- d-----w C:\Users\bilou\AppData\Roaming\Skype 2008-08-28 16:33 --------- d-----w C:\Users\bilou\AppData\Roaming\skypePM 2008-08-26 16:13 --------- d-----w C:\Users\bilou\AppData\Roaming\Ubisoft 2008-08-26 16:01 --------- d-----w C:\ProgramData\Ubisoft 2008-08-26 15:53 --------- d-----w C:\Program Files\HomePlayer 2008-08-26 15:33 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-26 15:33 --------- d-----w C:\Program Files\Ubisoft 2008-08-26 15:29 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-08-26 14:25 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys 2008-08-26 14:24 --------- d-----w C:\Users\bilou\AppData\Roaming\DAEMON Tools 2008-08-26 14:20 --------- d-----w C:\Users\bilou\AppData\Roaming\ImgBurn 2008-08-26 13:41 --------- d-----w C:\Program Files\ImgBurn 2008-08-26 12:56 --------- d-----w C:\Program Files\IKEA HomePlanner 2008-08-26 12:55 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-08-26 07:52 --------- d-----w C:\Program Files\iTunes 2008-08-26 07:52 --------- d-----w C:\Program Files\iPod 2008-08-26 07:51 --------- d-----w C:\ProgramData\Apple Computer 2008-08-26 07:50 --------- d-----w C:\Program Files\QuickTime Alternative 2008-08-26 07:50 --------- d-----w C:\Program Files\Bonjour 2008-08-26 07:45 --------- d-----w C:\Program Files\Safari 2008-08-25 19:48 --------- d-----w C:\Program Files\Windows Mail 2008-08-25 14:02 --------- d-----w C:\Program Files\EMME 2008-08-25 13:58 --------- d-----w C:\Program Files\Kirikou Demo 2008-08-25 13:28 --------- d-----w C:\Program Files\elawael 2008-08-11 21:14 462,848 ----a-w C:\Windows\WD90PRN.DLL 2008-08-11 21:14 454,709 ----a-w C:\Windows\WD90PDF.DLL 2008-08-11 21:14 446,464 ----a-w C:\Windows\WD90XML.DLL 2008-08-11 21:14 352,256 ----a-w C:\Windows\WD90ETAT.DLL 2008-08-11 21:14 307,200 ----a-w C:\Windows\WD90HTML.DLL 2008-08-11 21:14 303,104 ----a-w C:\Windows\WD90ZIP.DLL 2008-08-11 21:14 155,648 ----a-w C:\Windows\WD90RTF.DLL 2008-08-11 21:14 --------- d-----w C:\Program Files\CV-GEN 1.0.1 2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll 2008-08-02 01:01 625,152 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys 2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll 2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-07-21 20:48 --------- d-----w C:\Users\bilou\AppData\Roaming\Vista Start Menu 2008-07-20 16:35 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys 2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe 2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll 2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll 2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll 2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll 2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll 2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll 2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll 2008-07-18 20:07 210,976 ----a-w C:\Windows\System32\muweb.dll 2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe 2008-07-18 18:39 587,264 ----a-w C:\Windows\WLXPGSS.SCR 2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll 2008-07-14 15:29 --------- d-----w C:\Program Files\Unlock Codes Calculator (by Crux) 2008-07-11 18:13 --------- d-----w C:\Program Files\Torrent Searcher 5 2008-07-11 07:11 --------- d-----w C:\ProgramData\ma-config.com 2008-07-11 07:11 --------- d-----w C:\Program Files\ma-config.com 2008-07-02 15:07 174 --sha-w C:\Program Files\desktop.ini 2008-07-02 07:56 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-07-02 07:56 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll 2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll 2008-06-26 03:29 565,248 ----a-w C:\Windows\System32\emdmgmt.dll 2008-06-26 03:29 45,056 ----a-w C:\Windows\System32\dataclen.dll 2008-06-26 03:29 303,616 ----a-w C:\Windows\System32\wmpeffects.dll 2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll 2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll 2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL 2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-05-20 10:50 56 ---ha-w C:\Users\All Users\ezsidmv.dat 2008-05-20 10:50 56 ---ha-w C:\ProgramData\ezsidmv.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040] "ADSL_MENARA"="C:\Windows\adsl.exe" [2007-08-18 2652489] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide de Microsoft Office OneNote 2003.lnk] backup=C:\Windows\pss\Lancement rapide de Microsoft Office OneNote 2003.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard.lnk] backup=C:\Windows\pss\NETGEAR WG111v2 Smart Wizard.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^bilou^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^APO Usb Autorun.lnk] backup=C:\Windows\pss\APO Usb Autorun.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^bilou^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CCC.lnk] backup=C:\Windows\pss\CCC.lnk.Startup backupExtension=.Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSL_MENARA] --a------ 2007-08-18 12:25 2652489 C:\Windows\adsl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti Mosquito] --a------ 2001-12-19 18:02 258048 C:\Users\bilou\Desktop\anti_mosquito(2)\Anti Mosquito.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElcomSoft Distributed Agent] --a------ 2007-10-19 17:19 591120 C:\Program Files\ Password Recovery\esda.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElcomSoft DPR Server] --a------ 2007-10-25 20:01 333584 C:\Program Files\ Password Recovery\esdprs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] --a------ 2006-11-10 16:19 1051648 C:\Program Files\Nero\Nero 7\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2004-04-17 12:41 196608 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2004-04-13 06:07 69632 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync] --a------ 2008-03-26 18:41 1232896 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] --a------ 2008-04-16 12:53 1079808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Podmailing] --a------ 2008-06-06 15:48 173056 C:\Program Files\Podmailing\podmailing.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2008-03-15 01:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] --a------ 2008-01-19 09:33 1233920 C:\Program Files\Windows Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-05-30 15:54 21718312 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] --a------ 2006-11-22 17:31 630784 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition] --a------ 2008-01-19 09:33 49664 C:\Windows\Speech\Common\sapisvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] --a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2008-05-28 10:33 1506544 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-05-13 10:15 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2008-01-19 09:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management] --a------ 2007-01-24 12:21 563080 C:\Windows\WindowsMobile\wmdc.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-990662089-4116917764-2737683841-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{3408BE23-CC58-4B87-B808-A781562FFAD4}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{403F357B-2E6D-43CA-90DF-47F389619F79}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "TCP Query User{D281B8BF-5ACB-4B71-9878-1892735AAD0D}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{E9BFB4E8-A65D-4326-AE0B-46B780CC32C7}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "{25976F7D-2340-4CFF-AB48-8196B76B04BD}"= C:\Program Files\Skype\Phone\Skype.exe:Skype "{0D4D7F1A-E2C3-46D9-BD7E-C1180DEF3117}"= UDP:C:\Windows\System32\rserver30\rserver3.exe:Radmin Server 3 "{E9E499BC-FC03-4509-B453-427964CCD964}"= TCP:C:\Windows\System32\rserver30\rserver3.exe:Radmin Server 3 "TCP Query User{09CE43F5-2A87-4721-968C-E6898E6383CD}C:\\program files\\adsltv\\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv "UDP Query User{B15EC1FC-47D0-48BD-A903-F3F5003EBA51}C:\\program files\\adsltv\\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv "{7213EAA2-CF12-4671-9236-0480E090015D}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp "{453982A6-342B-440E-BBD6-AB1F5243DE88}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp "{4F8129D0-3388-4676-8723-F03D9F914D2F}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice "{F29612AC-8937-4C7A-AE1F-F64712F80F87}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice "TCP Query User{C6207188-A3CE-4DFE-9F96-9A19E5930886}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{4E0C24DB-FD79-4590-8F1C-1A2DDB39914A}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{A4FDA7DF-7258-490A-862B-79F7DC05C842}"= UDP:C:\Program Files\Podmailing\podmailing.exe:Podmailing Beta "{C508F146-E0EC-407E-B481-9C012F7CC8A5}"= TCP:C:\Program Files\Podmailing\podmailing.exe:Podmailing Beta "TCP Query User{6F84F9D3-07DF-4B7D-B0B7-475328890240}C:\\program files\\samy soft\\samy soft tv 2.0\\samy soft tv 2.0.exe"= UDP:C:\program files\samy soft\samy soft tv 2.0\samy soft tv 2.0.exe:Samy Soft TV 2.0 "UDP Query User{68C825E8-7463-4A4E-ACC0-EC8B1921093D}C:\\program files\\samy soft\\samy soft tv 2.0\\samy soft tv 2.0.exe"= TCP:C:\program files\samy soft\samy soft tv 2.0\samy soft tv 2.0.exe:Samy Soft TV 2.0 "{0402D364-CFDB-4E09-8158-060635AD60B4}"= UDP:C:\Program Files\ Password Recovery\esdprs.exe:ElcomSoft Distributed Password Recovery Server "{38EAE579-7543-4BCF-945D-CCAEAA1B65B7}"= TCP:C:\Program Files\ Password Recovery\esdprs.exe:ElcomSoft Distributed Password Recovery Server "{9119E40B-33E7-4A05-B603-C258825FD733}"= UDP:C:\Program Files\ Password Recovery\esdprs.exe:ElcomSoft Distributed Password Recovery Server "{D79A614C-26F4-4B06-922E-7D48AA92A291}"= TCP:C:\Program Files\ Password Recovery\esdprs.exe:ElcomSoft Distributed Password Recovery Server "{A0B0738D-2ADE-453E-B6FF-EF1E365CE5E6}"= UDP:C:\Program Files\ Password Recovery\esdpr.exe:Elcomsoft Distributed Password Recovery Console "{5128D1D9-B9DB-4572-B9A7-7CD734E1E8D1}"= TCP:C:\Program Files\ Password Recovery\esdpr.exe:Elcomsoft Distributed Password Recovery Console "{C8846ECD-0CC6-4485-B970-0A2E15D6B53F}"= UDP:C:\Program Files\ Password Recovery\esdpr.exe:Elcomsoft Distributed Password Recovery Console "{8190D186-CA98-4D27-9C42-BEFC69AFB4CF}"= TCP:C:\Program Files\ Password Recovery\esdpr.exe:Elcomsoft Distributed Password Recovery Console "{7D5598BD-89BE-41C9-9A03-DCCDC6F35E92}"= UDP:C:\Program Files\ Password Recovery\esda.exe:ElcomSoft Distributed Agent "{E254B1C8-98E2-4F44-89DC-A710906C6BAF}"= TCP:C:\Program Files\ Password Recovery\esda.exe:ElcomSoft Distributed Agent "{7018580D-A9C3-4DB2-8E57-762E7A53588E}"= UDP:C:\Program Files\ Password Recovery\esda.exe:ElcomSoft Distributed Agent "{A635E9B9-F393-4798-A801-532C7BE1F62B}"= TCP:C:\Program Files\ Password Recovery\esda.exe:ElcomSoft Distributed Agent "TCP Query User{86A0711D-32DB-49CB-95EC-A17AE3DCA264}C:\\program files\\ password recovery\\esdprs.exe"= UDP:C:\program files\ password recovery\esdprs.exe:Elcomsoft Distributed Password Recovery Server "UDP Query User{6D362958-1FFE-4376-9DCE-A7C3B2075F5D}C:\\program files\\ password recovery\\esdprs.exe"= TCP:C:\program files\ password recovery\esdprs.exe:Elcomsoft Distributed Password Recovery Server "{CA0CDEBB-C1D5-4DB4-8A11-18CDAFAFF358}"= UDP:9420:Akamai Network Manager "{1D1C5E1D-9B72-456D-B724-CB052C0B9506}"= TCP:5000:Akamai Network Manager "TCP Query User{F9B5B37B-8689-4507-96AD-32D85B488E1F}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter "UDP Query User{A75ED1D6-713D-4A02-AB97-3EB32F51D8C1}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter "TCP Query User{3C7D2FC6-FBBA-4407-83BF-50A2F179D32D}C:\\windows\\adsl.exe"= UDP:C:\windows\adsl.exe:MAROC TELECOM "UDP Query User{7CEB54A0-4D95-452E-A41B-9B83A3DD3174}C:\\windows\\adsl.exe"= TCP:C:\windows\adsl.exe:MAROC TELECOM "TCP Query User{66BA25C4-EA74-49CC-B2B4-B591DB39CD0B}C:\\program files\\webcamxp\\webcamxp.exe"= UDP:C:\program files\webcamxp\webcamxp.exe:webcamXP 2008 "UDP Query User{F4DECBBA-F04E-43A9-85B3-17C068878627}C:\\program files\\webcamxp\\webcamxp.exe"= TCP:C:\program files\webcamxp\webcamxp.exe:webcamXP 2008 "TCP Query User{92A7B04F-D395-4782-8486-D3E6EDFDAE3D}C:\\program files\\wlitewebcamxp\\wlite.exe"= UDP:C:\program files\wlitewebcamxp\wlite.exe:webcamXP "UDP Query User{81F3920A-E3FB-4D76-B99D-F614C47C4D7B}C:\\program files\\wlitewebcamxp\\wlite.exe"= TCP:C:\program files\wlitewebcamxp\wlite.exe:webcamXP "TCP Query User{C39FACA2-4EDC-49A6-8980-42D143CFDA67}C:\\program files\\www file share pro\\plugins\\chat room\\chatroom.exe"= UDP:C:\program files\www file share pro\plugins\chat room\chatroom.exe:ChatRoom "UDP Query User{8FF81E3E-B34B-4668-87B5-C5D02DD590AF}C:\\program files\\www file share pro\\plugins\\chat room\\chatroom.exe"= TCP:C:\program files\www file share pro\plugins\chat room\chatroom.exe:ChatRoom "TCP Query User{F1CB90AF-1EC1-4CB4-9FED-194C5365A8FA}C:\\program files\\www file share pro\\wwwfilesharepro.exe"= UDP:C:\program files\www file share pro\wwwfilesharepro.exe:WWWFileSharePro "UDP Query User{6AAEBBD1-DF15-406C-858F-F047258D61E8}C:\\program files\\www file share pro\\wwwfilesharepro.exe"= TCP:C:\program files\www file share pro\wwwfilesharepro.exe:WWWFileSharePro "TCP Query User{0E7E1627-A42B-4FC9-87C6-CA07E1528905}C:\\program files\\torrent searcher 5\\gift\\giftl.exe"= UDP:C:\program files\torrent searcher 5\gift\giftl.exe:giFT Loader for Torrent Searcher (http://www.torrent-searcher.com'>http://www.torrent-searcher.com'>http://www.torrent-searcher.com'>http://www.torrent-searcher.com) "UDP Query User{085CBE03-E7F5-4727-9DB0-310E4EE50B33}C:\\program files\\torrent searcher 5\\gift\\giftl.exe"= TCP:C:\program files\torrent searcher 5\gift\giftl.exe:giFT Loader for Torrent Searcher (http://www.torrent-searcher.com) "TCP Query User{9006A4B4-2060-4479-B058-06D3D73414E6}C:\\program files\\torrent searcher 9.0\\gift\\giftl.exe"= UDP:C:\program files\torrent searcher 9.0\gift\giftl.exe:giFT Loader for Torrent Searcher (http://www.torrent-searcher.com) "UDP Query User{B096166E-53D9-4EAC-A5F0-363EDA5ED05A}C:\\program files\\torrent searcher 9.0\\gift\\giftl.exe"= TCP:C:\program files\torrent searcher 9.0\gift\giftl.exe:giFT Loader for Torrent Searcher (http://www.torrent-searcher.com) "{A19121F1-3F70-4DB0-B40F-BBA6C100DE6F}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{80467313-1C0E-4FC9-BA2A-F1DB4E7DD471}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{A3769083-566B-4577-B1C3-99EDDB493C53}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{BDA65EDB-2788-444F-81DB-6AEF79A1BEF3}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "TCP Query User{443DBC15-F992-4F40-B3FD-69CDDCB1E5D5}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{BE57261C-D3DF-4744-8EE2-A7E86D29A83E}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "TCP Query User{B973DB14-738A-487F-B3FA-08A4C3CD3CEA}C:\\program files\\homeplayer\\homeplayer.exe"= UDP:C:\program files\homeplayer\homeplayer.exe:HomePlayer "UDP Query User{E0175E5E-A2ED-4047-9196-1A6B4229476E}C:\\program files\\homeplayer\\homeplayer.exe"= TCP:C:\program files\homeplayer\homeplayer.exe:HomePlayer "{D23E72C5-E20E-4215-B929-D97E762DA229}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{C20C3869-1546-4736-96EF-7789C7F3F138}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{E16DECC3-C0E8-4CEC-853B-9FC4BC7598CB}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{F5E4CAC1-2ED2-42A7-ADE4-C5D4305D1B02}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{9C114BA1-5B71-4EE1-89B9-C8D8E6FAF2F7}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update "{D4246C81-A81F-4C59-BCAA-669961BDD173}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update "TCP Query User{9E9325D0-B102-438D-BA14-D755C3E32F96}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver "UDP Query User{5417DF61-F161-42B4-8F89-933D0CBFAB2C}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver "TCP Query User{F0836315-2F41-49C5-8CB1-A1928FEFC782}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application "UDP Query User{4D4869AF-A357-4BAA-97BE-F3B6FFCC93FF}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application "TCP Query User{D44077CF-8175-409C-B99E-84D23996F882}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts "UDP Query User{5A18EBAF-E101-46FB-A086-027520EBDC48}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts "{E3783855-858D-42F2-AF1E-4396FAE3AD60}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys [2007-01-18 21728] R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416] R1 raddrvv3;raddrvv3;C:\Windows\system32\rserver30\raddrvv3.sys [2008-04-24 45848] R2 Akamai;Akamai;C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280] R2 RServer3;Radmin Server V3;C:\Windows\system32\rserver30\RServer3.exe [2008-04-24 1238344] R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2007-02-07 24576] R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-06 2411520] R3 mirrorv3;mirrorv3;C:\Windows\system32\DRIVERS\rminiv3.sys [2006-11-01 3328] R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\system32\DRIVERS\wg111v2.sys [2007-02-06 206336] R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-02-13 1245056] S2 SCM_Service;SCM_Service;C:\Windows\System32\WinService.exe [ ] S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-01-31 256000] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr Akamai REG_MULTI_SZ Akamai [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e9df630-2086-11dd-ac23-806e6f6e6963}] \shell\AutoRun\command - F:\setupSNK.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-11 10:35:17 Windows 6.0.6001 Service Pack 1 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-09-11 10:36:51 ComboFix-quarantined-files.txt 2008-09-11 08:36:45 ComboFix2.txt 2008-09-07 19:59:38 Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application. Post-Run: 65,592,553,472 octets libres 321 --- E O F --- 2008-09-10 21:31:08
- le 11 septembre 2008
- 8 réponses
trojan spy win32 greenscreen et bankfraud

sonnynice a répondu à un(e) sujet de sonnynice dans Analyses et éradication malwares

Petit up ! Que dois-je faire svp Merci d'avance
- le 10 septembre 2008
- 8 réponses
trojan spy win32 greenscreen et bankfraud

sonnynice a répondu à un(e) sujet de sonnynice dans Analyses et éradication malwares

Rapport Malwarebytes Malwarebytes' Anti-Malware 1.27 Version de la base de données: 1131 Windows 6.0.6001 Service Pack 1 09/09/2008 09:39:35 mbam-log-2008-09-09 (09-39-35).txt Type de recherche: Examen rapide Eléments examinés: 42430 Temps écoulé: 3 minute(s), 19 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 3 Valeur(s) du Registre infectée(s): 4 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 3 Fichier(s) infecté(s): 4 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\CLSID\{3c6bd996-ed93-4024-e804-0213e9d0bea0} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\monmsgsrv (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dbapien (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\chksys (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\srvsyschk (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Program Files\opswdzb (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. C:\ProgramData\dbapien (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. C:\ProgramData\chksys (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Program Files\opswdzb\MonMsgSrv.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. C:\ProgramData\dbapien\rwfunitk.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. C:\ProgramData\chksys\rejojcps.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. C:\Windows\System32\tqbudsxe.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. Rapport RSIT log Logfile of random's system information tool (written by random/random) Run by bilou at 2008-09-09 09:41:33 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1 System drive C: has 62 GB (40%) free of 153 GB Total RAM: 2047 MB (64% free) Scheduled tasks folder C:\Windows\tasks\GoogleUpdateTaskUser.job C:\Windows\tasks\Norton Security Scan.job C:\Windows\tasks\RegCure Program Check.job C:\Windows\tasks\RegCure.job C:\Windows\tasks\User_Feed_Synchronization-{17FB5E8F-73A2-421D-8541-340691D3C430}.job Registry dump [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{259F616C-A300-44F5-B04A-ED001A26C85C}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-05-13 370296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}] VMN Toolbar - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL [2007-08-21 1895896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}] IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2008-03-13 110592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - VMN Toolbar - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL [2007-08-21 1895896] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008] "ADSL_MENARA"=C:\Windows\adsl.exe [2007-08-18 2652489] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040] "QuickTime Task"=C:\Program Files\QuickTime Alternative\QTTask.exe [2008-05-27 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "ZOtahgavRR"=C:\ProgramData\mxsbmzcd\yfurkxer.exe [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952] "Google Update"=C:\Users\bilou\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 133104] "ShGen"=C:\ProgramData\ShGen\ghmzajqt.exe [2008-09-07 98304] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "ZOtahgavRR"=C:\ProgramData\mxsbmzcd\yfurkxer.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\acgskke] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSL_MENARA] C:\Windows\adsl.exe [2007-08-18 2652489] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti Mosquito] C:\Users\bilou\Desktop\anti_mosquito(2)\Anti Mosquito.exe [2001-12-19 258048] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElcomSoft Distributed Agent] C:\Program Files\ Password Recovery\esda.exe [2007-10-19 591120] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElcomSoft DPR Server] C:\Program Files\ Password Recovery\esdprs.exe [2007-10-25 333584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2006-11-10 1051648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-04-17 196608] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-04-13 69632] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcgmaa] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe [2008-03-26 1232896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [2008-04-16 1079808] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Podmailing] C:\Program Files\Podmailing\Podmailing.exe [2008-06-06 173056] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [2008-03-15 233472] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe [2008-05-30 21718312] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe [2008-01-19 49664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-05-28 1506544] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-13 185896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdc.exe [2007-01-24 563080] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide de Microsoft Office OneNote 2003.lnk] C:\PROGRA~1\MICROS~2\OFFICE11\ONENOTEM.EXE [2007-04-19 64864] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard.lnk] C:\PROGRA~1\NETGEAR\WG111v2\WG111v2.exe [2007-05-14 1261568] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^bilou^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^APO Usb Autorun.lnk] C:\PROGRA~1\APOUSB~1\USB_AU~1.EXE [2006-11-03 284160] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^bilou^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CCC.lnk] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-S~1\CCC.exe [2006-09-29 49152] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a4896bf-2997-11dd-8bd5-806e6f6e6963}] shell\AutoRun\command - F:\Boulenger.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{769729d2-23de-11dd-9415-001e8c4f542d}] shell\AutoRun\command - pa39xth.cmd shell\explore\command - pa39xth.cmd shell\open\command - pa39xth.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e9df630-2086-11dd-ac23-806e6f6e6963}] shell\AutoRun\command - F:\setupSNK.exe List of files/folders created in the last three months 2008-09-08 21:34:16 ----D---- C:\rsit 2008-09-07 21:59:38 ----A---- C:\ComboFix.txt 2008-09-07 21:56:02 ----A---- C:\Windows\PSEXESVC.EXE 2008-09-07 21:54:51 ----D---- C:\Windows\erdnt 2008-09-07 21:54:09 ----D---- C:\ComboFix 2008-09-07 21:54:06 ----A---- C:\Windows\swreg.exe 2008-09-07 20:21:00 ----A---- C:\Windows\Nircmd.exe 2008-09-07 20:20:59 ----A---- C:\Windows\zip.exe 2008-09-07 20:20:59 ----A---- C:\Windows\VFind.exe 2008-09-07 20:20:59 ----A---- C:\Windows\swsc.exe 2008-09-07 20:20:59 ----A---- C:\Windows\sed.exe 2008-09-07 20:20:59 ----A---- C:\Windows\grep.exe 2008-09-07 20:20:59 ----A---- C:\Windows\fdsv.exe 2008-09-07 20:20:47 ----A---- C:\Windows\swxcacls.exe 2008-09-07 18:34:13 ----D---- C:\ProgramData\ShGen 2008-09-07 18:25:16 ----D---- C:\Users\bilou\AppData\Roaming\Malwarebytes 2008-09-07 18:25:13 ----D---- C:\ProgramData\Malwarebytes 2008-09-07 18:25:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-07 11:27:47 ----D---- C:\ProgramData\apisysweb 2008-09-06 15:08:26 ----D---- C:\ProgramData\Spybot - Search & Destroy 2008-09-06 15:08:26 ----D---- C:\Program Files\Spybot - Search & Destroy 2008-09-06 14:52:40 ----D---- C:\ProgramData\mxsbmzcd 2008-09-02 19:26:01 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition 2008-09-02 19:23:12 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller 2008-09-02 19:23:03 ----D---- C:\Program Files\Windows Live 2008-09-02 19:22:19 ----D---- C:\ProgramData\WLInstaller 2008-08-31 21:22:28 ----D---- C:\Program Files\TVAnts 2008-08-31 20:05:11 ----D---- C:\Program Files\SopCast 2008-08-30 13:49:51 ----D---- C:\Program Files\POINTDECROIX 2008-08-27 20:22:21 ----A---- C:\Windows\system32\msshooks.dll 2008-08-27 20:22:21 ----A---- C:\Windows\system32\msscb.dll 2008-08-27 20:22:17 ----A---- C:\Windows\system32\thawbrkr.dll 2008-08-27 20:22:17 ----A---- C:\Windows\system32\srchadmin.dll 2008-08-27 20:22:17 ----A---- C:\Windows\system32\SearchFilterHost.exe 2008-08-27 20:22:17 ----A---- C:\Windows\system32\propsys.dll 2008-08-27 20:22:17 ----A---- C:\Windows\system32\propdefs.dll 2008-08-27 20:22:17 ----A---- C:\Windows\system32\msstrc.dll 2008-08-27 20:22:17 ----A---- C:\Windows\system32\mssprxy.dll 2008-08-27 20:22:17 ----A---- C:\Windows\system32\mssitlb.dll 2008-08-27 20:22:17 ----A---- C:\Windows\system32\msshsq.dll 2008-08-27 20:22:17 ----A---- C:\Windows\system32\korwbrkr.dll 2008-08-27 20:22:16 ----A---- C:\Windows\system32\xmlfilter.dll 2008-08-27 20:22:16 ----A---- C:\Windows\system32\wsepno.dll 2008-08-27 20:22:16 ----A---- C:\Windows\system32\rtffilt.dll 2008-08-27 20:22:16 ----A---- C:\Windows\system32\offfilt.dll 2008-08-27 20:22:16 ----A---- C:\Windows\system32\nlhtml.dll 2008-08-27 20:22:16 ----A---- C:\Windows\system32\msscntrs.dll 2008-08-27 20:22:16 ----A---- C:\Windows\system32\mimefilt.dll 2008-08-27 20:22:16 ----A---- C:\Windows\system32\chsbrkr.dll 2008-08-27 20:22:15 ----A---- C:\Windows\system32\tquery.dll 2008-08-27 20:22:15 ----A---- C:\Windows\system32\SearchProtocolHost.exe 2008-08-27 20:22:15 ----A---- C:\Windows\system32\SearchIndexer.exe 2008-08-27 20:22:15 ----A---- C:\Windows\system32\mssvp.dll 2008-08-27 20:22:15 ----A---- C:\Windows\system32\mssrch.dll 2008-08-27 20:22:15 ----A---- C:\Windows\system32\chtbrkr.dll 2008-08-27 20:22:14 ----A---- C:\Windows\system32\mssphtb.dll 2008-08-27 20:22:14 ----A---- C:\Windows\system32\mssph.dll 2008-08-26 18:13:56 ----D---- C:\Users\bilou\AppData\Roaming\Ubisoft 2008-08-26 18:01:19 ----D---- C:\ProgramData\Ubisoft 2008-08-26 17:51:05 ----D---- C:\Program Files\HomePlayer 2008-08-26 17:33:09 ----D---- C:\Program Files\Ubisoft 2008-08-26 17:29:28 ----D---- C:\Program Files\DAEMON Tools Lite 2008-08-26 16:24:52 ----D---- C:\Users\bilou\AppData\Roaming\DAEMON Tools 2008-08-26 16:23:07 ----D---- C:\Assassin's creed 2008-08-26 16:20:38 ----D---- C:\Users\bilou\AppData\Roaming\ImgBurn 2008-08-26 15:41:09 ----D---- C:\Program Files\ImgBurn 2008-08-26 14:56:05 ----D---- C:\Program Files\IKEA HomePlanner 2008-08-26 11:15:35 ----A---- C:\Windows\system32\wups2.dll 2008-08-26 11:15:35 ----A---- C:\Windows\system32\wuauclt.exe 2008-08-26 11:15:34 ----A---- C:\Windows\system32\wucltux.dll 2008-08-26 11:15:34 ----A---- C:\Windows\system32\wuaueng.dll 2008-08-26 11:15:09 ----A---- C:\Windows\system32\wups.dll 2008-08-26 11:15:09 ----A---- C:\Windows\system32\wudriver.dll 2008-08-26 11:15:09 ----A---- C:\Windows\system32\wuapi.dll 2008-08-26 11:14:59 ----A---- C:\Windows\system32\wuwebv.dll 2008-08-26 11:14:59 ----A---- C:\Windows\system32\wuapp.exe 2008-08-26 09:52:02 ----D---- C:\Program Files\iPod 2008-08-26 09:51:58 ----D---- C:\Program Files\iTunes 2008-08-26 09:50:42 ----D---- C:\Program Files\Bonjour 2008-08-26 09:45:07 ----D---- C:\Program Files\Safari 2008-08-25 21:52:39 ----A---- C:\Windows\system32\tzres.dll 2008-08-25 15:33:50 ----A---- C:\Windows\system32\es.dll 2008-08-25 15:33:48 ----A---- C:\Windows\system32\IPSECSVC.DLL 2008-08-25 15:33:37 ----A---- C:\Windows\system32\mshtml.dll 2008-08-25 15:33:35 ----A---- C:\Windows\system32\ieframe.dll 2008-08-25 15:33:33 ----A---- C:\Windows\system32\wininet.dll 2008-08-25 15:33:32 ----A---- C:\Windows\system32\urlmon.dll 2008-08-25 15:33:30 ----A---- C:\Windows\system32\mstime.dll 2008-08-25 15:33:28 ----A---- C:\Windows\system32\jsproxy.dll 2008-08-25 15:33:06 ----A---- C:\Windows\system32\inetcomm.dll 2008-07-29 13:05:13 ----D---- C:\Windows\DESKTOP 2008-07-29 13:04:55 ----D---- C:\BARBIE 2008-07-29 13:04:39 ----A---- C:\Windows\UNINST16.EXE 2008-07-11 19:55:16 ----D---- C:\My Shared Folder 2008-07-11 19:55:15 ----D---- C:\Program Files\Torrent Searcher 5 2008-07-11 09:30:10 ----A---- C:\Windows\system32\NlsLexicons0007.dll 2008-07-11 09:30:06 ----A---- C:\Windows\system32\NlsLexicons0009.dll 2008-07-11 09:29:47 ----A---- C:\Windows\system32\NaturalLanguage6.dll 2008-07-10 15:43:18 ----D---- C:\Program Files\Microsoft Reader 2008-07-10 15:43:18 ----A---- C:\Windows\DASShp.dll 2008-07-09 19:54:34 ----D---- C:\Program Files\WWW File Share Pro 2008-07-09 18:40:21 ----D---- C:\Program Files\soil 2008-07-09 18:40:01 ----A---- C:\Windows\ST5UNST.EXE 2008-07-09 16:52:24 ----D---- C:\Program Files\Accent OFFICE Password Recovery 2008-07-09 11:08:41 ----D---- C:\Program Files\wLiteWEBCAMXP 2008-07-09 09:59:51 ----A---- C:\Windows\system32\shell32.dll 2008-07-09 09:34:43 ----A---- C:\Windows\system32\rpcrt4.dll 2008-07-09 09:34:42 ----A---- C:\Windows\system32\ntkrnlpa.exe 2008-07-09 09:34:41 ----A---- C:\Windows\system32\ntoskrnl.exe 2008-07-09 09:34:41 ----A---- C:\Windows\system32\emdmgmt.dll 2008-07-09 09:34:40 ----A---- C:\Windows\system32\pacerprf.dll 2008-07-09 09:30:21 ----A---- C:\Windows\system32\vbscript.dll 2008-07-09 09:30:20 ----A---- C:\Windows\system32\wshext.dll 2008-07-09 09:30:20 ----A---- C:\Windows\system32\wscript.exe 2008-07-09 09:30:20 ----A---- C:\Windows\system32\scrrun.dll 2008-07-09 09:30:20 ----A---- C:\Windows\system32\scrobj.dll 2008-07-09 09:30:20 ----A---- C:\Windows\system32\jscript.dll 2008-07-09 09:30:20 ----A---- C:\Windows\system32\cscript.exe 2008-07-09 01:34:40 ----D---- C:\Program Files\webcamXP 2008-07-09 00:32:09 ----AD---- C:\ProgramData\TEMP 2008-07-09 00:31:19 ----D---- C:\Program Files\Active Data Recovery Software 2008-07-08 23:39:58 ----D---- C:\Program Files\Axialis 2008-07-08 23:08:07 ----A---- C:\Windows\adsl.exe 2008-07-08 23:08:06 ----A---- C:\Windows\WD90ZIP.DLL 2008-07-08 23:08:06 ----A---- C:\Windows\WD90XML.DLL 2008-07-08 23:08:06 ----A---- C:\Windows\WD90STD.DLL 2008-07-08 23:08:06 ----A---- C:\Windows\WD90RTF.DLL 2008-07-08 23:08:06 ----A---- C:\Windows\WD90PRN.DLL 2008-07-08 23:08:06 ----A---- C:\Windows\WD90PDF.DLL 2008-07-08 23:08:06 ----A---- C:\Windows\WD90OBJ.DLL 2008-07-08 23:08:06 ----A---- C:\Windows\WD90IMG.DLL 2008-07-08 23:08:06 ----A---- C:\Windows\WD90HTML.DLL 2008-07-08 23:08:06 ----A---- C:\Windows\WD90ETAT.DLL 2008-07-08 23:08:06 ----A---- C:\Windows\WD90COM.DLL 2008-07-08 23:08:05 ----A---- C:\Windows\WD90VM.DLL 2008-07-08 23:08:03 ----D---- C:\Program Files\CV-GEN 1.0.1 2008-07-08 21:56:11 ----D---- C:\Program Files\xp-Iso-Builder 2008-07-04 21:56:02 ----D---- C:\Program Files\EMME 2008-07-04 19:54:22 ----D---- C:\Program Files\Kirikou Demo 2008-07-03 15:35:27 ----D---- C:\Program Files\Conduit 2008-07-03 15:35:26 ----D---- C:\Program Files\elawael 2008-07-03 11:24:56 ----D---- C:\Program Files\Total Video Converter 2008-07-02 16:46:43 ----D---- C:\PerfLogs 2008-07-01 19:21:56 ----D---- C:\Program Files\WhereIsIP 2008-07-01 19:21:56 ----A---- C:\Windows\system32\UNWISE.INI 2008-07-01 19:21:56 ----A---- C:\Windows\system32\UNWISE.EXE 2008-06-30 18:19:43 ----D---- C:\Program Files\ABBYY ScanTo Office 1.0 2008-06-30 17:54:59 ----D---- C:\Program Files\1st AutoRun Express 2008-06-30 17:46:20 ----D---- C:\Users\bilou\AppData\Roaming\Vista Start Menu 2008-06-30 17:46:16 ----D---- C:\Program Files\Vista Start Menu 2008-06-29 19:29:45 ----D---- C:\Users\bilou\AppData\Roaming\SolidDocuments 2008-06-29 19:28:30 ----D---- C:\ProgramData\SolidDocuments 2008-06-27 15:42:15 ----D---- C:\Output 2008-06-27 15:38:48 ----D---- C:\Program Files\All Office Converter Pro 2008-06-27 10:43:19 ----D---- C:\Users\bilou\AppData\Roaming\InfraRecorder 2008-06-27 10:43:17 ----D---- C:\Program Files\InfraRecorder 2008-06-24 11:32:54 ----D---- C:\Program Files\Google SketchUp 6 2008-06-23 17:31:14 ----D---- C:\Program Files\NAVIGON GmbH 2008-06-23 15:38:59 ----D---- C:\Users\bilou\AppData\Roaming\INAC 2008-06-23 15:38:59 ----D---- C:\ProgramData\INAC 2008-06-23 15:32:29 ----D---- C:\Program Files\INAC 2008-06-22 20:59:10 ----D---- C:\Users\bilou\AppData\Roaming\AVS4YOU 2008-06-22 20:59:07 ----D---- C:\ProgramData\AVS4YOU 2008-06-22 20:58:22 ----D---- C:\Program Files\Common Files\AVSMedia 2008-06-22 20:57:48 ----D---- C:\Program Files\AVS4YOU 2008-06-22 20:57:48 ----A---- C:\Windows\system32\msxml3a.dll 2008-06-22 20:57:48 ----A---- C:\Windows\system32\msvcr70.dll 2008-06-22 20:57:48 ----A---- C:\Windows\system32\msvcp70.dll 2008-06-22 20:57:48 ----A---- C:\Windows\system32\mfc70.dll 2008-06-22 20:38:37 ----D---- C:\Users\bilou\AppData\Roaming\STOIK 2008-06-22 20:37:53 ----D---- C:\Program Files\STOIK Imaging 2008-06-19 19:17:00 ----D---- C:\Program Files\Unlock Codes Calculator (by Crux) 2008-06-19 18:42:52 ----D---- C:\Program Files\NokiaFREE Unlock Codes Calculator 2008-06-19 13:36:06 ----D---- C:\Program Files\FLV Player 2008-06-19 11:38:16 ----D---- C:\Program Files\MediaCoder 2008-06-19 09:15:12 ----A---- C:\Windows\NeroDigital.ini 2008-06-19 09:15:07 ----D---- C:\Users\bilou\AppData\Roaming\Metacafe 2008-06-19 09:14:25 ----D---- C:\Program Files\Common Files\Akamai 2008-06-19 09:14:16 ----D---- C:\ProgramData\Metacafe 2008-06-19 09:14:15 ----D---- C:\Program Files\Metacafe 2008-06-18 15:46:42 ----SHD---- C:\Windows\ftpcache 2008-06-18 13:37:21 ----D---- C:\ADCDTEMP 2008-06-18 11:54:43 ----D---- C:\Program Files\Live-Player 2008-06-17 17:30:00 ----D---- C:\tmpDownload 2008-06-17 16:43:26 ----D---- C:\tmp 2008-06-17 16:27:13 ----D---- C:\YoutubeGet 2008-06-16 12:45:26 ----D---- C:\Program Files\RM to MP3 Converter 2008-06-16 11:43:21 ----D---- C:\Program Files\MemoriesOnTV4 2008-06-15 20:08:53 ----D---- C:\Users\bilou\AppData\Roaming\Thinstall 2008-06-15 19:06:06 ----D---- C:\Program Files\Flash Memory Toolkit 2008-06-15 17:38:38 ----D---- C:\Program Files\ElcomSoft 2008-06-15 17:38:38 ----D---- C:\Program Files\ Password Recovery 2008-06-14 10:02:44 ----A---- C:\Windows\system32\psisdecd.dll 2008-06-14 10:02:44 ----A---- C:\Windows\system32\EncDec.dll 2008-06-13 19:23:30 ----D---- C:\Program Files\Virtual Earth 3D 2008-06-13 18:51:59 ----D---- C:\ProgramData\SUPERAntiSpyware.com 2008-06-13 18:51:31 ----D---- C:\Users\bilou\AppData\Roaming\SUPERAntiSpyware.com 2008-06-13 18:51:31 ----D---- C:\Program Files\SUPERAntiSpyware 2008-06-13 18:50:53 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-13 18:02:35 ----D---- C:\Windows\system32\shell 2008-06-13 18:02:34 ----D---- C:\Program Files\Samy Soft 2008-06-13 12:35:50 ----D---- C:\Windows\Sun 2008-06-13 12:34:48 ----D---- C:\Users\bilou\AppData\Roaming\Megaupload 2008-06-13 12:32:21 ----D---- C:\Program Files\Megaupload 2008-06-12 09:27:37 ----D---- C:\Users\bilou\AppData\Roaming\Notepad++ 2008-06-12 09:27:37 ----D---- C:\Program Files\Notepad++ 2008-06-11 15:23:15 ----A---- C:\Windows\system32\quartz.dll List of drivers R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-07-19 23152] R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-07-19 42912] R1 InCDPass;InCDPass; C:\Windows\system32\drivers\InCDPass.sys [2006-11-10 31360] R1 raddrvv3;raddrvv3; \??\C:\Windows\system32\rserver30\raddrvv3.sys [2008-04-24 45848] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2008-05-28 8944] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2008-05-28 55024] R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-03-14 46652] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280] R2 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160] R2 mbmiodrvr;mbmiodrvr; \??\C:\Windows\system32\mbmiodrvr.sys [2004-04-10 2944] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-03-26 766464] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-06 2411520] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208] R3 ElbyDelay;ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [2007-02-16 11984] R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168] R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] R3 mirrorv3;mirrorv3; C:\Windows\system32\DRIVERS\rminiv3.sys [2006-11-01 3328] R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-19 18432] R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2007-07-31 7680] R3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys [2006-10-02 10368] R3 RTL8023xp;Pilote Realtek 10/100 NIC Family NDIS x86; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104] R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver; C:\Windows\system32\DRIVERS\wg111v2.sys [2007-02-06 206336] R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272] R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam; C:\Windows\System32\Drivers\StkCMini.sys [2007-02-13 1245056] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] R4 InCDfs;InCD File System; C:\Windows\system32\drivers\InCDFs.sys [2006-11-10 102912] S1 incdrm;InCD Reader; C:\Windows\system32\drivers\InCDRm.sys [2006-11-10 33792] S3 awce3kyr;awce3kyr; C:\Windows\system32\drivers\awce3kyr.sys [] S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2006-11-02 19456] S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160] S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160] S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\Windows\system32\DRIVERS\HPZius12.sys [2006-04-13 21568] S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 netr73;RT73 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2007-01-31 256000] S3 NETw3v32;Intel® PRO/Wireless 3945BG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760] S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-10-14 4422560] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632] S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664] S3 RT73;RT73 USB Wireless LAN Card Driver; C:\Windows\system32\DRIVERS\rt73.sys [2005-08-02 232192] S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544] S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408] S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2006-11-02 41064] S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328] S3 WINUSB;Pilote WinUsb; C:\Windows\system32\DRIVERS\WinUSB.SYS [2008-01-19 31616] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936] S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\system32\drivers\wmiacpi.sys [] List of services R2 Akamai;Akamai; C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040] R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-03-06 565248] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2006-11-10 859136] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 RServer3;Radmin Server V3; C:\Windows\system32\rserver30\RServer3.exe [2008-04-24 1238344] R2 SCM_Service;SCM_Service; C:\Windows\System32\WinService.exe [2007-03-29 180224] R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service; C:\Windows\System32\StkCSrv.exe [2007-02-07 24576] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344] R3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] -----------------EOF----------------- Rapport Info: info.txt logfile of random's system information tool 2008-09-08 21:34:36 Uninstall list -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Windows\NuNInst.exe /UNINSTALL -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL 1st AutoRun Express 2.0 (Free)-->"C:\Program Files\1st AutoRun Express\unins000.exe" Accent OFFICE Password Recovery 2.40-->C:\Program Files\Accent OFFICE Password Recovery\uninst.exe Active@ Disk Image TRIAL-->"C:\Program Files\Active Data Recovery Software\Active Disk Image\UNWISE.EXE" "C:\Program Files\Active Data Recovery Software\Active Disk Image\INSTALL.LOG" Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003} Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log adsl TV-->C:\Program Files\adslTV\Uninstal.exe All Office Converter Pro 5.1-->"C:\Program Files\All Office Converter Pro\unins000.exe" APO Usb Autorun-->C:\Program Files\APO Usb Autorun\uninstall.exe Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3} Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x040c -removeonly Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Atheros Driver Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x40c -removeonly avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe" AVS4YOU Software Navigator 1.2-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe" Azureus-->C:\Program Files\Azureus\Uninstall.exe Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} ccc-Branding-->MsiExec.exe /I{6E32B134-CA8D-49DD-B94C-0DB155CE70B5} CloneDVD2-->"C:\Program Files\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\CloneDVD2" Codec Pack - All In 1 6.0.3.0-->C:\Windows\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini" CV-GEN 1.0.1-->C:\Program Files\CV-GEN 1.0.1\uninstall.exe Distributed Password Recovery-->C:\Program Files\ Password Recovery\uninstall.exe Driver Genius Professional Edition 2007-->"C:\Program Files\Driver-Soft\DriverGenius\unins000.exe" EVEREST Ultimate Edition v4.50-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe" Favorit-->c:\users\bilou\appdata\local\ismoj.bat Favorit-->c:\users\bilou\appdata\local\mcgmaa.bat FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe" Flash Memory Toolkit 1.20-->"C:\Program Files\Flash Memory Toolkit\unins000.exe" FLV Player 2.0, build 24-->C:\Program Files\FLV Player\uninst.exe Free Internet Eraser 2.30-->"C:\Program Files\PrivacyEraser Computing\Free Internet Eraser\unins000.exe" FTP Expert 3-->"C:\Program Files\Visicom Media\FTP Expert 3\uninst-ftp.exe" FTP freebox 1.6-->"C:\Program Files\FTP freebox V1.6\unins000.exe" Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068} Gestionnaire pour appareils Windows Mobile-->MsiExec.exe /I{1F2A5DF9-40E1-4644-ADBD-D80F347BA6C8} Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3} Google Gears-->MsiExec.exe /I{552171BC-30F8-3B29-9C4F-E3FE590B7CAC} Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x40c -removeonly GrabIt 1.7.1 Beta (build 960)-->"C:\Program Files\GrabIt\unins000.exe" HijackThis 2.0.2-->"C:\Users\bilou\Desktop\HijackThis.exe" /uninstall HomePlayer 1.5.6-->C:\Program Files\HomePlayer\uninst.exe HP USB Disk Storage Format Tool-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9 anything IKEA Home Planner-->MsiExec.exe /I{A987FEC8-5616-49BD-BCA6-ACFFFE7403FE} ImgBurn 2.3.2.0 Fr-->"C:\Program Files\ImgBurn\unins000.exe" Incomedia WebSite X5 Evolution-->C:\Windows\system32\iwpsetup.exe Uninst /Evolution /FR /C:\Program Files\WebSite X5 Evolution InfraRecorder-->C:\Program Files\InfraRecorder\uninstall.exe iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E} Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} K-Lite Codec Pack 3.9.0 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Lauyan TOWeb V2-->"C:\Program Files\Lauyan\TOWeb V2\unins000.exe" Live-Player-->C:\Program Files\Live-Player\uninst.exe Lizardtech DjVu Control-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{105CFC7C-6992-11D5-BD9D-000102C10FD8}\Setup.exe" -l0x40c Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" MediaCoder 0.6.0-->C:\Program Files\MediaCoder\uninst.exe Mega Manager-->C:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly MemoriesOnTV 4.0.4-->"C:\Program Files\MemoriesOnTV4\unins000.exe" Metacafe-->C:\Program Files\Metacafe\uninstaller.exe Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{9084040C-6000-11D3-8CFE-0150048383C9} Microsoft Office OneNote 2003-->MsiExec.exe /I{90A1040C-6000-11D3-8CFE-0150048383C9} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9} Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x40c Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mise à jour du pilote du Gestionnaire pour appareils Windows Mobile-->MsiExec.exe /X{CB8CA439-DA83-419C-A4CF-5A0A50025144} Motherboard Monitor 5-->"C:\Program Files\Motherboard Monitor 5\unins000.exe" Motorola SM56 Speakerphone Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} My Drivers 3.31-->"C:\Program Files\My Drivers\unins000.exe" Navman SmartST Desktop Version 3 for iCN500 Series-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17C4BEEA-D6E8-4975-B2CC-53F6F5CE9959}\expand.exe" -l0x40c NCK 5.0-->MsiExec.exe /I{4427A842-A770-43BA-846D-FBE6AC00613D} Nero 7 Ultra Edition-->MsiExec.exe /I{235BBFC6-D863-4066-A01A-3BD504C31036} NETGEAR WG111v2 wireless USB 2.0 adapter-->C:\Program Files\InstallShield Installation Information\{4102037D-E8E0-48E0-B203-E521D194FB71}\setup.exe -runfromtemp -l0x0009 -removeonly Nokia Connectivity Cable Driver-->MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1} Nokia PC Suite-->C:\ProgramData\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Nokia_PC_Suite_rel_6_86_9_3_fre.exe Nokia PC Suite-->MsiExec.exe /I{9C05FA75-0337-4523-AA57-9D3511018887} NokiaFREE Unlock Codes Calculator-->"C:\Program Files\NokiaFREE Unlock Codes Calculator\uninst.exe" Norton Security Scan-->MsiExec.exe /I{1A8A214F-6BAC-4E01-A27D-25C19A484908} Notepad++-->C:\Program Files\Notepad++\uninstall.exe Package de pilotes Windows - Nokia Modem (03/05/2008 3.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ce5ad925\nokia_bluetooth.inf Package de pilotes Windows - Nokia Modem (03/13/2008 6.86.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_674398ba\nokbtmdm.inf Package de pilotes Windows - Nokia Modem (08/03/2007 6.84.0.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_7837a5db\nokbtmdm.inf Package de pilotes Windows - Nokia Modem (10/12/2007 3.6)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ee12375f\nokia_bluetooth.inf Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930} PhotoFiltre Studio-->"C:\Program Files\PhotoFiltre Studio\Uninst.exe" Pocket Controller-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC9EA2BC-BCFA-4DEA-8F5F-1E1032567673}\Setup.exe" -l0x9 Podmailing Beta 0.10.0-->C:\Program Files\Podmailing\uninstall.exe Point De Croix-->C:\PROGRA~1\POINTD~1\UNWISE.EXE C:\PROGRA~1\POINTD~1\INSTALL.LOG PowerISO-->"C:\Program Files\PowerISO\uninstall.exe" QuickTime Alternative 2.5.1-->"C:\Program Files\QuickTime Alternative\unins000.exe" QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175} Radmin Server 3.2-->MsiExec.exe /X{ED87EE42-C14B-4119-8686-C3A630F2A463} RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 RegCure-->"C:\Windows\RegCure\uninstall.exe" "/U:C:\Program Files\RegCure\Uninstall\uninstall.xml" Registry Easy v4.2-->"C:\Program Files\Registry Easy\unins000.exe" RM to MP3 Converter 1.48-->"C:\Program Files\RM to MP3 Converter\unins000.exe" Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868} Samy Soft TV 2.0-->MsiExec.exe /I{0568801A-94CE-448B-A9FB-093C2ECB2132} SDFormatter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A347920-4AFC-11D5-9FB0-800649886934}\setup.exe" Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} soil-->C:\Windows\ST5UNST.EXE -n "C:\Program Files\soil\ST5UNST.LOG" SopCast 3.0.1-->C:\Program Files\SopCast\uninst.exe StartUp Manager-->C:\Program Files\INAC\StartUp Manager\uninstall.exe STOIK Video Converter 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8DF8593-F619-47DE-AD27-BCABF233433A}\setup.exe" -l0x9 SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} Total Video Converter 3.12 080330-->"C:\Program Files\Total Video Converter\unins000.exe" TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG Unlock Codes Calculator (remove only)-->"C:\Program Files\Unlock Codes Calculator (by Crux)\uninst.exe" USB2.0 1.3M WebCam-->C:\Windows\StkUnist.exe VideoLAN VLC media player 0.8.6f-->C:\Program Files\VideoLAN\VLC\uninstall.exe Virtual Earth 3D (Beta)-->MsiExec.exe /I{39CE3C17-846D-4D9B-8B3E-C01A4B90FB73} Vista Start Menu-->C:\Program Files\Vista Start Menu\uninstall.exe webcamXP 2008-->"C:\Program Files\webcamXP\wxp-uninst.exe" webcamXP Lite-->"C:\Program Files\wLiteWEBCAMXP\wl-uninst.exe" WhereIsIP-->C:\Windows\System32\UNWISE.EXE C:\Windows\System32\INSTALL.LOG Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390} Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65} Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} WinFuture xp-Iso-Builder 3.0.3-->"C:\Program Files\xp-Iso-Builder\unins000.exe" WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe WWW File Share Pro 5.30-->"C:\Program Files\WWW File Share Pro\unins000.exe" YoutubeGet 4-->"c:\YoutubeGet\unins000.exe" Hosts File 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com Security center information AV: avast! antivirus 4.8.1229 [VPS 080908-0] AS: Windows Defender AS: SUPERAntiSpyware (disabled) AS: avast! antivirus 4.8.1229 [VPS 080908-0] Environment variables "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime Alternative\QTSystem "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "NUMBER_OF_PROCESSORS"=2 "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip -----------------EOF----------------- Mon antivirus me dit que Malwarebytes est un virus par la méthode heuristique... que dois je faire ? Quand je lance RSIT il me demande si je veux lancer un fichier.exe , je n'accepte jamais. C'est normal ? Merci d'avance
- le 9 septembre 2008
- 8 réponses
trojan spy win32 greenscreen et bankfraud

sonnynice a répondu à un(e) sujet de sonnynice dans Analyses et éradication malwares

Logfile of random's system information tool (written by random/random) Run by bilou at 2008-09-08 21:34:16 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1 System drive C: has 62 GB (40%) free of 153 GB Total RAM: 2047 MB (55% free) Scheduled tasks folder C:\Windows\tasks\GoogleUpdateTaskUser.job C:\Windows\tasks\Norton Security Scan.job C:\Windows\tasks\RegCure Program Check.job C:\Windows\tasks\RegCure.job C:\Windows\tasks\User_Feed_Synchronization-{17FB5E8F-73A2-421D-8541-340691D3C430}.job Registry dump [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{259F616C-A300-44F5-B04A-ED001A26C85C}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-05-13 370296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}] VMN Toolbar - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL [2007-08-21 1895896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}] IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2008-03-13 110592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - VMN Toolbar - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL [2007-08-21 1895896] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008] "ADSL_MENARA"=C:\Windows\adsl.exe [2007-08-18 2652489] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040] "QuickTime Task"=C:\Program Files\QuickTime Alternative\QTTask.exe [2008-05-27 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "ZOtahgavRR"=C:\ProgramData\mxsbmzcd\yfurkxer.exe [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952] "Google Update"=C:\Users\bilou\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 133104] "dbapien"=C:\ProgramData\dbapien\rwfunitk.exe [2008-09-06 86016] "chksys"=C:\ProgramData\chksys\rejojcps.exe [2008-09-07 90112] "ShGen"=C:\ProgramData\ShGen\ghmzajqt.exe [2008-09-07 98304] "srvsyschk"=C:\Windows\system32\tqbudsxe.exe [2008-09-07 94208] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "ZOtahgavRR"=C:\ProgramData\mxsbmzcd\yfurkxer.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\acgskke] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSL_MENARA] C:\Windows\adsl.exe [2007-08-18 2652489] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti Mosquito] C:\Users\bilou\Desktop\anti_mosquito(2)\Anti Mosquito.exe [2001-12-19 258048] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElcomSoft Distributed Agent] C:\Program Files\ Password Recovery\esda.exe [2007-10-19 591120] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElcomSoft DPR Server] C:\Program Files\ Password Recovery\esdprs.exe [2007-10-25 333584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2006-11-10 1051648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-04-17 196608] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-04-13 69632] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcgmaa] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe [2008-03-26 1232896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [2008-04-16 1079808] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Podmailing] C:\Program Files\Podmailing\Podmailing.exe [2008-06-06 173056] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [2008-03-15 233472] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe [2008-05-30 21718312] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe [2008-01-19 49664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-05-28 1506544] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-13 185896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdc.exe [2007-01-24 563080] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide de Microsoft Office OneNote 2003.lnk] C:\PROGRA~1\MICROS~2\OFFICE11\ONENOTEM.EXE [2007-04-19 64864] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard.lnk] C:\PROGRA~1\NETGEAR\WG111v2\WG111v2.exe [2007-05-14 1261568] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^bilou^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^APO Usb Autorun.lnk] C:\PROGRA~1\APOUSB~1\USB_AU~1.EXE [2006-11-03 284160] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^bilou^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CCC.lnk] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-S~1\CCC.exe [2006-09-29 49152] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] MonMsgSrv - {3C6BD996-ED93-4024-E804-0213E9D0BEA0} - C:\Program Files\opswdzb\MonMsgSrv.dll [2008-09-07 106496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a4896bf-2997-11dd-8bd5-806e6f6e6963}] shell\AutoRun\command - F:\Boulenger.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{769729d2-23de-11dd-9415-001e8c4f542d}] shell\AutoRun\command - pa39xth.cmd shell\explore\command - pa39xth.cmd shell\open\command - pa39xth.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e9df630-2086-11dd-ac23-806e6f6e6963}] shell\AutoRun\command - F:\setupSNK.exe List of files/folders created in the last three months 2008-09-08 21:34:16 ----D---- C:\rsit 2008-09-07 22:11:15 ----D---- C:\Program Files\opswdzb 2008-09-07 22:11:06 ----A---- C:\Windows\system32\tqbudsxe.exe 2008-09-07 21:59:38 ----A---- C:\ComboFix.txt 2008-09-07 21:56:02 ----A---- C:\Windows\PSEXESVC.EXE 2008-09-07 21:54:51 ----D---- C:\Windows\erdnt 2008-09-07 21:54:09 ----D---- C:\ComboFix 2008-09-07 21:54:06 ----A---- C:\Windows\swreg.exe 2008-09-07 20:21:00 ----A---- C:\Windows\Nircmd.exe 2008-09-07 20:20:59 ----A---- C:\Windows\zip.exe 2008-09-07 20:20:59 ----A---- C:\Windows\VFind.exe 2008-09-07 20:20:59 ----A---- C:\Windows\swsc.exe 2008-09-07 20:20:59 ----A---- C:\Windows\sed.exe 2008-09-07 20:20:59 ----A---- C:\Windows\grep.exe 2008-09-07 20:20:59 ----A---- C:\Windows\fdsv.exe 2008-09-07 20:20:47 ----A---- C:\Windows\swxcacls.exe 2008-09-07 18:34:13 ----D---- C:\ProgramData\ShGen 2008-09-07 18:25:16 ----D---- C:\Users\bilou\AppData\Roaming\Malwarebytes 2008-09-07 18:25:13 ----D---- C:\ProgramData\Malwarebytes 2008-09-07 18:25:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-07 13:19:31 ----D---- C:\ProgramData\chksys 2008-09-07 11:27:47 ----D---- C:\ProgramData\apisysweb 2008-09-06 15:08:26 ----D---- C:\ProgramData\Spybot - Search & Destroy 2008-09-06 15:08:26 ----D---- C:\Program Files\Spybot - Search & Destroy 2008-09-06 14:52:40 ----D---- C:\ProgramData\mxsbmzcd 2008-09-06 14:52:38 ----D---- C:\ProgramData\dbapien 2008-09-02 19:26:01 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition 2008-09-02 19:23:12 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller 2008-09-02 19:23:03 ----D---- C:\Program Files\Windows Live 2008-09-02 19:22:19 ----D---- C:\ProgramData\WLInstaller 2008-08-31 21:22:28 ----D---- C:\Program Files\TVAnts 2008-08-31 20:05:11 ----D---- C:\Program Files\SopCast 2008-08-30 13:49:51 ----D---- C:\Program Files\POINTDECROIX 2008-08-27 20:22:21 ----A---- C:\Windows\system32\msshooks.dll 2008-08-27 20:22:21 ----A---- C:\Windows\system32\msscb.dll 2008-08-27 20:22:17 ----A---- C:\Windows\system32\thawbrkr.dll 2008-08-27 20:22:17 ----A---- C:\Windows\system32\srchadmin.dll 2008-08-27 20:22:17 ----A---- C:\Windows\system32\SearchFilterHost.exe 2008-08-27 20:22:17 ----A---- C:\Windows\system32\propsys.dll 2008-08-27 20:22:17 ----A---- C:\Windows\system32\propdefs.dll 2008-08-27 20:22:17 ----A---- C:\Windows\system32\msstrc.dll 2008-08-27 20:22:17 ----A---- C:\Windows\system32\mssprxy.dll 2008-08-27 20:22:17 ----A---- C:\Windows\system32\mssitlb.dll 2008-08-27 20:22:17 ----A---- C:\Windows\system32\msshsq.dll 2008-08-27 20:22:17 ----A---- C:\Windows\system32\korwbrkr.dll 2008-08-27 20:22:16 ----A---- C:\Windows\system32\xmlfilter.dll 2008-08-27 20:22:16 ----A---- C:\Windows\system32\wsepno.dll 2008-08-27 20:22:16 ----A---- C:\Windows\system32\rtffilt.dll 2008-08-27 20:22:16 ----A---- C:\Windows\system32\offfilt.dll 2008-08-27 20:22:16 ----A---- C:\Windows\system32\nlhtml.dll 2008-08-27 20:22:16 ----A---- C:\Windows\system32\msscntrs.dll 2008-08-27 20:22:16 ----A---- C:\Windows\system32\mimefilt.dll 2008-08-27 20:22:16 ----A---- C:\Windows\system32\chsbrkr.dll 2008-08-27 20:22:15 ----A---- C:\Windows\system32\tquery.dll 2008-08-27 20:22:15 ----A---- C:\Windows\system32\SearchProtocolHost.exe 2008-08-27 20:22:15 ----A---- C:\Windows\system32\SearchIndexer.exe 2008-08-27 20:22:15 ----A---- C:\Windows\system32\mssvp.dll 2008-08-27 20:22:15 ----A---- C:\Windows\system32\mssrch.dll 2008-08-27 20:22:15 ----A---- C:\Windows\system32\chtbrkr.dll 2008-08-27 20:22:14 ----A---- C:\Windows\system32\mssphtb.dll 2008-08-27 20:22:14 ----A---- C:\Windows\system32\mssph.dll 2008-08-26 18:13:56 ----D---- C:\Users\bilou\AppData\Roaming\Ubisoft 2008-08-26 18:01:19 ----D---- C:\ProgramData\Ubisoft 2008-08-26 17:51:05 ----D---- C:\Program Files\HomePlayer 2008-08-26 17:33:09 ----D---- C:\Program Files\Ubisoft 2008-08-26 17:29:28 ----D---- C:\Program Files\DAEMON Tools Lite 2008-08-26 16:24:52 ----D---- C:\Users\bilou\AppData\Roaming\DAEMON Tools 2008-08-26 16:23:07 ----D---- C:\Assassin's creed 2008-08-26 16:20:38 ----D---- C:\Users\bilou\AppData\Roaming\ImgBurn 2008-08-26 15:41:09 ----D---- C:\Program Files\ImgBurn 2008-08-26 14:56:05 ----D---- C:\Program Files\IKEA HomePlanner 2008-08-26 11:15:35 ----A---- C:\Windows\system32\wups2.dll 2008-08-26 11:15:35 ----A---- C:\Windows\system32\wuauclt.exe 2008-08-26 11:15:34 ----A---- C:\Windows\system32\wucltux.dll 2008-08-26 11:15:34 ----A---- C:\Windows\system32\wuaueng.dll 2008-08-26 11:15:09 ----A---- C:\Windows\system32\wups.dll 2008-08-26 11:15:09 ----A---- C:\Windows\system32\wudriver.dll 2008-08-26 11:15:09 ----A---- C:\Windows\system32\wuapi.dll 2008-08-26 11:14:59 ----A---- C:\Windows\system32\wuwebv.dll 2008-08-26 11:14:59 ----A---- C:\Windows\system32\wuapp.exe 2008-08-26 09:52:02 ----D---- C:\Program Files\iPod 2008-08-26 09:51:58 ----D---- C:\Program Files\iTunes 2008-08-26 09:50:42 ----D---- C:\Program Files\Bonjour 2008-08-26 09:45:07 ----D---- C:\Program Files\Safari 2008-08-25 21:52:39 ----A---- C:\Windows\system32\tzres.dll 2008-08-25 15:33:50 ----A---- C:\Windows\system32\es.dll 2008-08-25 15:33:48 ----A---- C:\Windows\system32\IPSECSVC.DLL 2008-08-25 15:33:37 ----A---- C:\Windows\system32\mshtml.dll 2008-08-25 15:33:35 ----A---- C:\Windows\system32\ieframe.dll 2008-08-25 15:33:33 ----A---- C:\Windows\system32\wininet.dll 2008-08-25 15:33:32 ----A---- C:\Windows\system32\urlmon.dll 2008-08-25 15:33:30 ----A---- C:\Windows\system32\mstime.dll 2008-08-25 15:33:28 ----A---- C:\Windows\system32\jsproxy.dll 2008-08-25 15:33:06 ----A---- C:\Windows\system32\inetcomm.dll 2008-07-29 13:05:13 ----D---- C:\Windows\DESKTOP 2008-07-29 13:04:55 ----D---- C:\BARBIE 2008-07-29 13:04:39 ----A---- C:\Windows\UNINST16.EXE 2008-07-11 19:55:16 ----D---- C:\My Shared Folder 2008-07-11 19:55:15 ----D---- C:\Program Files\Torrent Searcher 5 2008-07-11 09:30:10 ----A---- C:\Windows\system32\NlsLexicons0007.dll 2008-07-11 09:30:06 ----A---- C:\Windows\system32\NlsLexicons0009.dll 2008-07-11 09:29:47 ----A---- C:\Windows\system32\NaturalLanguage6.dll 2008-07-10 15:43:18 ----D---- C:\Program Files\Microsoft Reader 2008-07-10 15:43:18 ----A---- C:\Windows\DASShp.dll 2008-07-09 19:54:34 ----D---- C:\Program Files\WWW File Share Pro 2008-07-09 18:40:21 ----D---- C:\Program Files\soil 2008-07-09 18:40:01 ----A---- C:\Windows\ST5UNST.EXE 2008-07-09 16:52:24 ----D---- C:\Program Files\Accent OFFICE Password Recovery 2008-07-09 11:08:41 ----D---- C:\Program Files\wLiteWEBCAMXP 2008-07-09 09:59:51 ----A---- C:\Windows\system32\shell32.dll 2008-07-09 09:34:43 ----A---- C:\Windows\system32\rpcrt4.dll 2008-07-09 09:34:42 ----A---- C:\Windows\system32\ntkrnlpa.exe 2008-07-09 09:34:41 ----A---- C:\Windows\system32\ntoskrnl.exe 2008-07-09 09:34:41 ----A---- C:\Windows\system32\emdmgmt.dll 2008-07-09 09:34:40 ----A---- C:\Windows\system32\pacerprf.dll 2008-07-09 09:30:21 ----A---- C:\Windows\system32\vbscript.dll 2008-07-09 09:30:20 ----A---- C:\Windows\system32\wshext.dll 2008-07-09 09:30:20 ----A---- C:\Windows\system32\wscript.exe 2008-07-09 09:30:20 ----A---- C:\Windows\system32\scrrun.dll 2008-07-09 09:30:20 ----A---- C:\Windows\system32\scrobj.dll 2008-07-09 09:30:20 ----A---- C:\Windows\system32\jscript.dll 2008-07-09 09:30:20 ----A---- C:\Windows\system32\cscript.exe 2008-07-09 01:34:40 ----D---- C:\Program Files\webcamXP 2008-07-09 00:32:09 ----AD---- C:\ProgramData\TEMP 2008-07-09 00:31:19 ----D---- C:\Program Files\Active Data Recovery Software 2008-07-08 23:39:58 ----D---- C:\Program Files\Axialis 2008-07-08 23:08:07 ----A---- C:\Windows\adsl.exe 2008-07-08 23:08:06 ----A---- C:\Windows\WD90ZIP.DLL 2008-07-08 23:08:06 ----A---- C:\Windows\WD90XML.DLL 2008-07-08 23:08:06 ----A---- C:\Windows\WD90STD.DLL 2008-07-08 23:08:06 ----A---- C:\Windows\WD90RTF.DLL 2008-07-08 23:08:06 ----A---- C:\Windows\WD90PRN.DLL 2008-07-08 23:08:06 ----A---- C:\Windows\WD90PDF.DLL 2008-07-08 23:08:06 ----A---- C:\Windows\WD90OBJ.DLL 2008-07-08 23:08:06 ----A---- C:\Windows\WD90IMG.DLL 2008-07-08 23:08:06 ----A---- C:\Windows\WD90HTML.DLL 2008-07-08 23:08:06 ----A---- C:\Windows\WD90ETAT.DLL 2008-07-08 23:08:06 ----A---- C:\Windows\WD90COM.DLL 2008-07-08 23:08:05 ----A---- C:\Windows\WD90VM.DLL 2008-07-08 23:08:03 ----D---- C:\Program Files\CV-GEN 1.0.1 2008-07-08 21:56:11 ----D---- C:\Program Files\xp-Iso-Builder 2008-07-04 21:56:02 ----D---- C:\Program Files\EMME 2008-07-04 19:54:22 ----D---- C:\Program Files\Kirikou Demo 2008-07-03 15:35:27 ----D---- C:\Program Files\Conduit 2008-07-03 15:35:26 ----D---- C:\Program Files\elawael 2008-07-03 11:24:56 ----D---- C:\Program Files\Total Video Converter 2008-07-02 16:46:43 ----D---- C:\PerfLogs 2008-07-01 19:21:56 ----D---- C:\Program Files\WhereIsIP 2008-07-01 19:21:56 ----A---- C:\Windows\system32\UNWISE.INI 2008-07-01 19:21:56 ----A---- C:\Windows\system32\UNWISE.EXE 2008-06-30 18:19:43 ----D---- C:\Program Files\ABBYY ScanTo Office 1.0 2008-06-30 17:54:59 ----D---- C:\Program Files\1st AutoRun Express 2008-06-30 17:46:20 ----D---- C:\Users\bilou\AppData\Roaming\Vista Start Menu 2008-06-30 17:46:16 ----D---- C:\Program Files\Vista Start Menu 2008-06-29 19:29:45 ----D---- C:\Users\bilou\AppData\Roaming\SolidDocuments 2008-06-29 19:28:30 ----D---- C:\ProgramData\SolidDocuments 2008-06-27 15:42:15 ----D---- C:\Output 2008-06-27 15:38:48 ----D---- C:\Program Files\All Office Converter Pro 2008-06-27 10:43:19 ----D---- C:\Users\bilou\AppData\Roaming\InfraRecorder 2008-06-27 10:43:17 ----D---- C:\Program Files\InfraRecorder 2008-06-24 11:32:54 ----D---- C:\Program Files\Google SketchUp 6 2008-06-23 17:31:14 ----D---- C:\Program Files\NAVIGON GmbH 2008-06-23 15:38:59 ----D---- C:\Users\bilou\AppData\Roaming\INAC 2008-06-23 15:38:59 ----D---- C:\ProgramData\INAC 2008-06-23 15:32:29 ----D---- C:\Program Files\INAC 2008-06-22 20:59:10 ----D---- C:\Users\bilou\AppData\Roaming\AVS4YOU 2008-06-22 20:59:07 ----D---- C:\ProgramData\AVS4YOU 2008-06-22 20:58:22 ----D---- C:\Program Files\Common Files\AVSMedia 2008-06-22 20:57:48 ----D---- C:\Program Files\AVS4YOU 2008-06-22 20:57:48 ----A---- C:\Windows\system32\msxml3a.dll 2008-06-22 20:57:48 ----A---- C:\Windows\system32\msvcr70.dll 2008-06-22 20:57:48 ----A---- C:\Windows\system32\msvcp70.dll 2008-06-22 20:57:48 ----A---- C:\Windows\system32\mfc70.dll 2008-06-22 20:38:37 ----D---- C:\Users\bilou\AppData\Roaming\STOIK 2008-06-22 20:37:53 ----D---- C:\Program Files\STOIK Imaging 2008-06-19 19:17:00 ----D---- C:\Program Files\Unlock Codes Calculator (by Crux) 2008-06-19 18:42:52 ----D---- C:\Program Files\NokiaFREE Unlock Codes Calculator 2008-06-19 13:36:06 ----D---- C:\Program Files\FLV Player 2008-06-19 11:38:16 ----D---- C:\Program Files\MediaCoder 2008-06-19 09:15:12 ----A---- C:\Windows\NeroDigital.ini 2008-06-19 09:15:07 ----D---- C:\Users\bilou\AppData\Roaming\Metacafe 2008-06-19 09:14:25 ----D---- C:\Program Files\Common Files\Akamai 2008-06-19 09:14:16 ----D---- C:\ProgramData\Metacafe 2008-06-19 09:14:15 ----D---- C:\Program Files\Metacafe 2008-06-18 15:46:42 ----SHD---- C:\Windows\ftpcache 2008-06-18 13:37:21 ----D---- C:\ADCDTEMP 2008-06-18 11:54:43 ----D---- C:\Program Files\Live-Player 2008-06-17 17:30:00 ----D---- C:\tmpDownload 2008-06-17 16:43:26 ----D---- C:\tmp 2008-06-17 16:27:13 ----D---- C:\YoutubeGet 2008-06-16 12:45:26 ----D---- C:\Program Files\RM to MP3 Converter 2008-06-16 11:43:21 ----D---- C:\Program Files\MemoriesOnTV4 2008-06-15 20:08:53 ----D---- C:\Users\bilou\AppData\Roaming\Thinstall 2008-06-15 19:06:06 ----D---- C:\Program Files\Flash Memory Toolkit 2008-06-15 17:38:38 ----D---- C:\Program Files\ElcomSoft 2008-06-15 17:38:38 ----D---- C:\Program Files\ Password Recovery 2008-06-14 10:02:44 ----A---- C:\Windows\system32\psisdecd.dll 2008-06-14 10:02:44 ----A---- C:\Windows\system32\EncDec.dll 2008-06-13 19:23:30 ----D---- C:\Program Files\Virtual Earth 3D 2008-06-13 18:51:59 ----D---- C:\ProgramData\SUPERAntiSpyware.com 2008-06-13 18:51:31 ----D---- C:\Users\bilou\AppData\Roaming\SUPERAntiSpyware.com 2008-06-13 18:51:31 ----D---- C:\Program Files\SUPERAntiSpyware 2008-06-13 18:50:53 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-13 18:02:35 ----D---- C:\Windows\system32\shell 2008-06-13 18:02:34 ----D---- C:\Program Files\Samy Soft 2008-06-13 12:35:50 ----D---- C:\Windows\Sun 2008-06-13 12:34:48 ----D---- C:\Users\bilou\AppData\Roaming\Megaupload 2008-06-13 12:32:21 ----D---- C:\Program Files\Megaupload 2008-06-12 09:27:37 ----D---- C:\Users\bilou\AppData\Roaming\Notepad++ 2008-06-12 09:27:37 ----D---- C:\Program Files\Notepad++ 2008-06-11 15:23:15 ----A---- C:\Windows\system32\quartz.dll 2008-06-09 20:29:05 ----D---- C:\Program Files\SlySoft 2008-06-09 16:21:00 ----D---- C:\Program Files\Podmailing List of drivers R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-07-19 23152] R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-07-19 42912] R1 InCDPass;InCDPass; C:\Windows\system32\drivers\InCDPass.sys [2006-11-10 31360] R1 raddrvv3;raddrvv3; \??\C:\Windows\system32\rserver30\raddrvv3.sys [2008-04-24 45848] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2008-05-28 8944] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2008-05-28 55024] R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-03-14 46652] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280] R2 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160] R2 mbmiodrvr;mbmiodrvr; \??\C:\Windows\system32\mbmiodrvr.sys [2004-04-10 2944] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-03-26 766464] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-06 2411520] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208] R3 ElbyDelay;ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [2007-02-16 11984] R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168] R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] R3 mirrorv3;mirrorv3; C:\Windows\system32\DRIVERS\rminiv3.sys [2006-11-01 3328] R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-19 18432] R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2007-07-31 7680] R3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys [2006-10-02 10368] R3 RTL8023xp;Pilote Realtek 10/100 NIC Family NDIS x86; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104] R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver; C:\Windows\system32\DRIVERS\wg111v2.sys [2007-02-06 206336] R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272] R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam; C:\Windows\System32\Drivers\StkCMini.sys [2007-02-13 1245056] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] R4 InCDfs;InCD File System; C:\Windows\system32\drivers\InCDFs.sys [2006-11-10 102912] S1 incdrm;InCD Reader; C:\Windows\system32\drivers\InCDRm.sys [2006-11-10 33792] S3 a306zrt8;a306zrt8; C:\Windows\system32\drivers\a306zrt8.sys [] S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2006-11-02 19456] S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160] S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160] S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\Windows\system32\DRIVERS\HPZius12.sys [2006-04-13 21568] S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 netr73;RT73 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2007-01-31 256000] S3 NETw3v32;Intel® PRO/Wireless 3945BG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760] S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-10-14 4422560] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632] S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664] S3 RT73;RT73 USB Wireless LAN Card Driver; C:\Windows\system32\DRIVERS\rt73.sys [2005-08-02 232192] S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544] S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408] S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2006-11-02 41064] S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328] S3 WINUSB;Pilote WinUsb; C:\Windows\system32\DRIVERS\WinUSB.SYS [2008-01-19 31616] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936] S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\system32\drivers\wmiacpi.sys [] List of services R2 Akamai;Akamai; C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040] R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-03-06 565248] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2006-11-10 859136] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 RServer3;Radmin Server V3; C:\Windows\system32\rserver30\RServer3.exe [2008-04-24 1238344] R2 SCM_Service;SCM_Service; C:\Windows\System32\WinService.exe [2007-03-29 180224] R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service; C:\Windows\System32\StkCSrv.exe [2007-02-07 24576] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344] R3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] -----------------EOF----------------- info.txt logfile of random's system information tool 2008-09-08 21:34:36 Uninstall list -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Windows\NuNInst.exe /UNINSTALL -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL 1st AutoRun Express 2.0 (Free)-->"C:\Program Files\1st AutoRun Express\unins000.exe" Accent OFFICE Password Recovery 2.40-->C:\Program Files\Accent OFFICE Password Recovery\uninst.exe Active@ Disk Image TRIAL-->"C:\Program Files\Active Data Recovery Software\Active Disk Image\UNWISE.EXE" "C:\Program Files\Active Data Recovery Software\Active Disk Image\INSTALL.LOG" Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003} Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log adsl TV-->C:\Program Files\adslTV\Uninstal.exe All Office Converter Pro 5.1-->"C:\Program Files\All Office Converter Pro\unins000.exe" APO Usb Autorun-->C:\Program Files\APO Usb Autorun\uninstall.exe Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3} Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x040c -removeonly Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Atheros Driver Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x40c -removeonly avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe" AVS4YOU Software Navigator 1.2-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe" Azureus-->C:\Program Files\Azureus\Uninstall.exe Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} ccc-Branding-->MsiExec.exe /I{6E32B134-CA8D-49DD-B94C-0DB155CE70B5} CloneDVD2-->"C:\Program Files\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\CloneDVD2" Codec Pack - All In 1 6.0.3.0-->C:\Windows\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini" CV-GEN 1.0.1-->C:\Program Files\CV-GEN 1.0.1\uninstall.exe Distributed Password Recovery-->C:\Program Files\ Password Recovery\uninstall.exe Driver Genius Professional Edition 2007-->"C:\Program Files\Driver-Soft\DriverGenius\unins000.exe" EVEREST Ultimate Edition v4.50-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe" Favorit-->c:\users\bilou\appdata\local\ismoj.bat Favorit-->c:\users\bilou\appdata\local\mcgmaa.bat FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe" Flash Memory Toolkit 1.20-->"C:\Program Files\Flash Memory Toolkit\unins000.exe" FLV Player 2.0, build 24-->C:\Program Files\FLV Player\uninst.exe Free Internet Eraser 2.30-->"C:\Program Files\PrivacyEraser Computing\Free Internet Eraser\unins000.exe" FTP Expert 3-->"C:\Program Files\Visicom Media\FTP Expert 3\uninst-ftp.exe" FTP freebox 1.6-->"C:\Program Files\FTP freebox V1.6\unins000.exe" Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068} Gestionnaire pour appareils Windows Mobile-->MsiExec.exe /I{1F2A5DF9-40E1-4644-ADBD-D80F347BA6C8} Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3} Google Gears-->MsiExec.exe /I{552171BC-30F8-3B29-9C4F-E3FE590B7CAC} Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x40c -removeonly GrabIt 1.7.1 Beta (build 960)-->"C:\Program Files\GrabIt\unins000.exe" HijackThis 2.0.2-->"C:\Users\bilou\Desktop\HijackThis.exe" /uninstall HomePlayer 1.5.6-->C:\Program Files\HomePlayer\uninst.exe HP USB Disk Storage Format Tool-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9 anything IKEA Home Planner-->MsiExec.exe /I{A987FEC8-5616-49BD-BCA6-ACFFFE7403FE} ImgBurn 2.3.2.0 Fr-->"C:\Program Files\ImgBurn\unins000.exe" Incomedia WebSite X5 Evolution-->C:\Windows\system32\iwpsetup.exe Uninst /Evolution /FR /C:\Program Files\WebSite X5 Evolution InfraRecorder-->C:\Program Files\InfraRecorder\uninstall.exe iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E} Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} K-Lite Codec Pack 3.9.0 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Lauyan TOWeb V2-->"C:\Program Files\Lauyan\TOWeb V2\unins000.exe" Live-Player-->C:\Program Files\Live-Player\uninst.exe Lizardtech DjVu Control-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{105CFC7C-6992-11D5-BD9D-000102C10FD8}\Setup.exe" -l0x40c Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" MediaCoder 0.6.0-->C:\Program Files\MediaCoder\uninst.exe Mega Manager-->C:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly MemoriesOnTV 4.0.4-->"C:\Program Files\MemoriesOnTV4\unins000.exe" Metacafe-->C:\Program Files\Metacafe\uninstaller.exe Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{9084040C-6000-11D3-8CFE-0150048383C9} Microsoft Office OneNote 2003-->MsiExec.exe /I{90A1040C-6000-11D3-8CFE-0150048383C9} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9} Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x40c Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mise à jour du pilote du Gestionnaire pour appareils Windows Mobile-->MsiExec.exe /X{CB8CA439-DA83-419C-A4CF-5A0A50025144} Motherboard Monitor 5-->"C:\Program Files\Motherboard Monitor 5\unins000.exe" Motorola SM56 Speakerphone Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} My Drivers 3.31-->"C:\Program Files\My Drivers\unins000.exe" Navman SmartST Desktop Version 3 for iCN500 Series-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17C4BEEA-D6E8-4975-B2CC-53F6F5CE9959}\expand.exe" -l0x40c NCK 5.0-->MsiExec.exe /I{4427A842-A770-43BA-846D-FBE6AC00613D} Nero 7 Ultra Edition-->MsiExec.exe /I{235BBFC6-D863-4066-A01A-3BD504C31036} NETGEAR WG111v2 wireless USB 2.0 adapter-->C:\Program Files\InstallShield Installation Information\{4102037D-E8E0-48E0-B203-E521D194FB71}\setup.exe -runfromtemp -l0x0009 -removeonly Nokia Connectivity Cable Driver-->MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1} Nokia PC Suite-->C:\ProgramData\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Nokia_PC_Suite_rel_6_86_9_3_fre.exe Nokia PC Suite-->MsiExec.exe /I{9C05FA75-0337-4523-AA57-9D3511018887} NokiaFREE Unlock Codes Calculator-->"C:\Program Files\NokiaFREE Unlock Codes Calculator\uninst.exe" Norton Security Scan-->MsiExec.exe /I{1A8A214F-6BAC-4E01-A27D-25C19A484908} Notepad++-->C:\Program Files\Notepad++\uninstall.exe Package de pilotes Windows - Nokia Modem (03/05/2008 3.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ce5ad925\nokia_bluetooth.inf Package de pilotes Windows - Nokia Modem (03/13/2008 6.86.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_674398ba\nokbtmdm.inf Package de pilotes Windows - Nokia Modem (08/03/2007 6.84.0.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_7837a5db\nokbtmdm.inf Package de pilotes Windows - Nokia Modem (10/12/2007 3.6)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ee12375f\nokia_bluetooth.inf Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930} PhotoFiltre Studio-->"C:\Program Files\PhotoFiltre Studio\Uninst.exe" Pocket Controller-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC9EA2BC-BCFA-4DEA-8F5F-1E1032567673}\Setup.exe" -l0x9 Podmailing Beta 0.10.0-->C:\Program Files\Podmailing\uninstall.exe Point De Croix-->C:\PROGRA~1\POINTD~1\UNWISE.EXE C:\PROGRA~1\POINTD~1\INSTALL.LOG PowerISO-->"C:\Program Files\PowerISO\uninstall.exe" QuickTime Alternative 2.5.1-->"C:\Program Files\QuickTime Alternative\unins000.exe" QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175} Radmin Server 3.2-->MsiExec.exe /X{ED87EE42-C14B-4119-8686-C3A630F2A463} RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 RegCure-->"C:\Windows\RegCure\uninstall.exe" "/U:C:\Program Files\RegCure\Uninstall\uninstall.xml" Registry Easy v4.2-->"C:\Program Files\Registry Easy\unins000.exe" RM to MP3 Converter 1.48-->"C:\Program Files\RM to MP3 Converter\unins000.exe" Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868} Samy Soft TV 2.0-->MsiExec.exe /I{0568801A-94CE-448B-A9FB-093C2ECB2132} SDFormatter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A347920-4AFC-11D5-9FB0-800649886934}\setup.exe" Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} soil-->C:\Windows\ST5UNST.EXE -n "C:\Program Files\soil\ST5UNST.LOG" SopCast 3.0.1-->C:\Program Files\SopCast\uninst.exe StartUp Manager-->C:\Program Files\INAC\StartUp Manager\uninstall.exe STOIK Video Converter 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8DF8593-F619-47DE-AD27-BCABF233433A}\setup.exe" -l0x9 SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} Total Video Converter 3.12 080330-->"C:\Program Files\Total Video Converter\unins000.exe" TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG Unlock Codes Calculator (remove only)-->"C:\Program Files\Unlock Codes Calculator (by Crux)\uninst.exe" USB2.0 1.3M WebCam-->C:\Windows\StkUnist.exe VideoLAN VLC media player 0.8.6f-->C:\Program Files\VideoLAN\VLC\uninstall.exe Virtual Earth 3D (Beta)-->MsiExec.exe /I{39CE3C17-846D-4D9B-8B3E-C01A4B90FB73} Vista Start Menu-->C:\Program Files\Vista Start Menu\uninstall.exe webcamXP 2008-->"C:\Program Files\webcamXP\wxp-uninst.exe" webcamXP Lite-->"C:\Program Files\wLiteWEBCAMXP\wl-uninst.exe" WhereIsIP-->C:\Windows\System32\UNWISE.EXE C:\Windows\System32\INSTALL.LOG Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390} Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65} Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} WinFuture xp-Iso-Builder 3.0.3-->"C:\Program Files\xp-Iso-Builder\unins000.exe" WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe WWW File Share Pro 5.30-->"C:\Program Files\WWW File Share Pro\unins000.exe" YoutubeGet 4-->"c:\YoutubeGet\unins000.exe" Hosts File 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com Security center information AV: avast! antivirus 4.8.1229 [VPS 080908-0] AS: Windows Defender AS: SUPERAntiSpyware (disabled) AS: avast! antivirus 4.8.1229 [VPS 080908-0] Environment variables "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime Alternative\QTSystem "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "NUMBER_OF_PROCESSORS"=2 "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip -----------------EOF-----------------
- le 8 septembre 2008
- 8 réponses
trojan spy win32 greenscreen et bankfraud

sonnynice a posté un sujet dans Analyses et éradication malwares

Comme l'indique mon titre je suis infecté par ces deux trojans. J'ai besoin d'aide svp Merci d'avance
- le 8 septembre 2008
- 8 réponses

Connexion

sonnynice

Compteur de contenus

Inscription

Dernière visite

sonnynice's Achievements

Junior Member (3/12)

Réputation sur la communauté

trojan spy win32 greenscreen et bankfraud

trojan spy win32 greenscreen et bankfraud

trojan spy win32 greenscreen et bankfraud

trojan spy win32 greenscreen et bankfraud

trojan spy win32 greenscreen et bankfraud

Zebulon

Outils en ligne

Naviguer