

elnino
Membres-
Compteur de contenus
9 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par elnino
-
eradication de trojan digital protection
elnino a répondu à un(e) sujet de elnino dans Analyses et éradication malwares
bonsoir, est ce que je peux avoir une réponse? -
eradication de trojan digital protection
elnino a répondu à un(e) sujet de elnino dans Analyses et éradication malwares
reboujour GOF, je m'excuse de déranger c'est vrai que je suis pas un habitué de ces forums, en général j'essaie de me débrouiller tout seul, mais la j'étais pris de panique. pour les rapports de Tdskiller les voila: 14:15:35:558 4456 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04 14:15:35:558 4456 ================================================================================ 14:15:35:558 4456 SystemInfo: 14:15:35:558 4456 OS Version: 6.0.6002 ServicePack: 2.0 14:15:35:558 4456 Product type: Workstation 14:15:35:558 4456 ComputerName: PC-DE-SAHBI 14:15:35:558 4456 UserName: sahbi 14:15:35:558 4456 Windows directory: C:\Windows 14:15:35:558 4456 Processor architecture: Intel x86 14:15:35:558 4456 Number of processors: 2 14:15:35:558 4456 Page size: 0x1000 14:15:35:558 4456 Boot type: Normal boot 14:15:35:558 4456 ================================================================================ 14:15:35:558 4456 UnloadDriverW: NtUnloadDriver error 2 14:15:35:558 4456 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2 14:16:05:728 4456 wfopen_ex: Trying to open file C:\Windows\system32\config\system 14:16:05:728 4456 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 14:16:05:728 4456 wfopen_ex: Trying to KLMD file open 14:16:05:728 4456 wfopen_ex: File opened ok (Flags 2) 14:16:05:728 4456 wfopen_ex: Trying to open file C:\Windows\system32\config\software 14:16:05:744 4456 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 14:16:05:744 4456 wfopen_ex: Trying to KLMD file open 14:16:05:744 4456 wfopen_ex: File opened ok (Flags 2) 14:16:05:744 4456 Initialize success 14:16:05:744 4456 14:16:05:744 4456 Scanning Services ... 14:16:07:772 4456 Raw services enum returned 450 services 14:16:07:787 4456 14:16:07:803 4456 Scanning Kernel memory ... 14:16:07:803 4456 Devices to scan: 1 14:16:07:803 4456 14:16:07:803 4456 Driver Name: atapi 14:16:07:803 4456 IRP_MJ_CREATE : 867A5140 14:16:07:803 4456 IRP_MJ_CREATE_NAMED_PIPE : 824DC787 14:16:07:803 4456 IRP_MJ_CLOSE : 867A5140 14:16:07:803 4456 IRP_MJ_READ : 824DC787 14:16:07:803 4456 IRP_MJ_WRITE : 824DC787 14:16:07:803 4456 IRP_MJ_QUERY_INFORMATION : 824DC787 14:16:07:803 4456 IRP_MJ_SET_INFORMATION : 824DC787 14:16:07:803 4456 IRP_MJ_QUERY_EA : 824DC787 14:16:07:803 4456 IRP_MJ_SET_EA : 824DC787 14:16:07:803 4456 IRP_MJ_FLUSH_BUFFERS : 824DC787 14:16:07:803 4456 IRP_MJ_QUERY_VOLUME_INFORMATION : 824DC787 14:16:07:803 4456 IRP_MJ_SET_VOLUME_INFORMATION : 824DC787 14:16:07:803 4456 IRP_MJ_DIRECTORY_CONTROL : 824DC787 14:16:07:803 4456 IRP_MJ_FILE_SYSTEM_CONTROL : 824DC787 14:16:07:803 4456 IRP_MJ_DEVICE_CONTROL : 86793A5A 14:16:07:803 4456 IRP_MJ_INTERNAL_DEVICE_CONTROL : 86793A2C 14:16:07:803 4456 IRP_MJ_SHUTDOWN : 824DC787 14:16:07:803 4456 IRP_MJ_LOCK_CONTROL : 824DC787 14:16:07:803 4456 IRP_MJ_CLEANUP : 824DC787 14:16:07:803 4456 IRP_MJ_CREATE_MAILSLOT : 824DC787 14:16:07:803 4456 IRP_MJ_QUERY_SECURITY : 824DC787 14:16:07:803 4456 IRP_MJ_SET_SECURITY : 824DC787 14:16:07:803 4456 IRP_MJ_POWER : 86793A88 14:16:07:803 4456 IRP_MJ_SYSTEM_CONTROL : 867A0B70 14:16:07:803 4456 IRP_MJ_DEVICE_CHANGE : 824DC787 14:16:07:803 4456 IRP_MJ_QUERY_QUOTA : 824DC787 14:16:07:803 4456 IRP_MJ_SET_QUOTA : 824DC787 14:16:07:818 4456 C:\Windows\system32\drivers\atapi.sys - Verdict: 1 14:16:07:818 4456 14:16:07:818 4456 Completed 14:16:07:818 4456 14:16:07:818 4456 Results: 14:16:07:818 4456 Memory objects infected / cured / cured on reboot: 0 / 0 / 0 14:16:07:818 4456 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 14:16:07:818 4456 File objects infected / cured / cured on reboot: 0 / 0 / 0 14:16:07:818 4456 14:16:07:818 4456 fclose_ex: Trying to close file C:\Windows\system32\config\system 14:16:07:818 4456 fclose_ex: Trying to close file C:\Windows\system32\config\software 14:16:07:818 4456 KLMD(ARK) unloaded successfully et les 2 autres d'hier: 20:33:20:953 4140 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04 20:33:20:953 4140 ================================================================================ 20:33:20:953 4140 SystemInfo: 20:33:20:953 4140 OS Version: 6.0.6002 ServicePack: 2.0 20:33:20:953 4140 Product type: Workstation 20:33:20:953 4140 ComputerName: PC-DE-SAHBI 20:33:20:953 4140 UserName: sahbi 20:33:20:953 4140 Windows directory: C:\Windows 20:33:20:953 4140 Processor architecture: Intel x86 20:33:20:953 4140 Number of processors: 2 20:33:20:953 4140 Page size: 0x1000 20:33:20:953 4140 Boot type: Normal boot 20:33:20:953 4140 ================================================================================ 20:33:20:968 4140 UnloadDriverW: NtUnloadDriver error 2 20:33:20:968 4140 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2 20:33:21:031 4140 wfopen_ex: Trying to open file C:\Windows\system32\config\system 20:33:21:031 4140 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 20:33:21:031 4140 wfopen_ex: Trying to KLMD file open 20:33:21:046 4140 wfopen_ex: File opened ok (Flags 2) 20:33:21:062 4140 wfopen_ex: Trying to open file C:\Windows\system32\config\software 20:33:21:062 4140 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 20:33:21:062 4140 wfopen_ex: Trying to KLMD file open 20:33:21:062 4140 wfopen_ex: File opened ok (Flags 2) 20:33:21:062 4140 Initialize success 20:33:21:062 4140 20:33:21:062 4140 Scanning Services ... 20:33:23:605 4140 Raw services enum returned 448 services 20:33:23:620 4140 20:33:23:636 4140 Scanning Kernel memory ... 20:33:23:636 4140 Devices to scan: 1 20:33:23:636 4140 20:33:23:636 4140 Driver Name: atapi 20:33:23:636 4140 IRP_MJ_CREATE : 8679E140 20:33:23:636 4140 IRP_MJ_CREATE_NAMED_PIPE : 82492787 20:33:23:636 4140 IRP_MJ_CLOSE : 8679E140 20:33:23:636 4140 IRP_MJ_READ : 82492787 20:33:23:636 4140 IRP_MJ_WRITE : 82492787 20:33:23:636 4140 IRP_MJ_QUERY_INFORMATION : 82492787 20:33:23:636 4140 IRP_MJ_SET_INFORMATION : 82492787 20:33:23:636 4140 IRP_MJ_QUERY_EA : 82492787 20:33:23:636 4140 IRP_MJ_SET_EA : 82492787 20:33:23:636 4140 IRP_MJ_FLUSH_BUFFERS : 82492787 20:33:23:636 4140 IRP_MJ_QUERY_VOLUME_INFORMATION : 82492787 20:33:23:636 4140 IRP_MJ_SET_VOLUME_INFORMATION : 82492787 20:33:23:636 4140 IRP_MJ_DIRECTORY_CONTROL : 82492787 20:33:23:636 4140 IRP_MJ_FILE_SYSTEM_CONTROL : 82492787 20:33:23:636 4140 IRP_MJ_DEVICE_CONTROL : 8678CA5A 20:33:23:636 4140 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8678CA2C 20:33:23:636 4140 IRP_MJ_SHUTDOWN : 82492787 20:33:23:636 4140 IRP_MJ_LOCK_CONTROL : 82492787 20:33:23:636 4140 IRP_MJ_CLEANUP : 82492787 20:33:23:636 4140 IRP_MJ_CREATE_MAILSLOT : 82492787 20:33:23:636 4140 IRP_MJ_QUERY_SECURITY : 82492787 20:33:23:636 4140 IRP_MJ_SET_SECURITY : 82492787 20:33:23:636 4140 IRP_MJ_POWER : 8678CA88 20:33:23:636 4140 IRP_MJ_SYSTEM_CONTROL : 86799B70 20:33:23:636 4140 IRP_MJ_DEVICE_CHANGE : 82492787 20:33:23:636 4140 IRP_MJ_QUERY_QUOTA : 82492787 20:33:23:636 4140 IRP_MJ_SET_QUOTA : 82492787 20:33:23:651 4140 C:\Windows\system32\drivers\atapi.sys - Verdict: 1 20:33:23:651 4140 20:33:23:651 4140 Completed 20:33:23:651 4140 20:33:23:651 4140 Results: 20:33:23:651 4140 Memory objects infected / cured / cured on reboot: 0 / 0 / 0 20:33:23:651 4140 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 20:33:23:651 4140 File objects infected / cured / cured on reboot: 0 / 0 / 0 20:33:23:651 4140 20:33:23:651 4140 fclose_ex: Trying to close file C:\Windows\system32\config\system 20:33:23:651 4140 fclose_ex: Trying to close file C:\Windows\system32\config\software 20:33:23:761 4140 MyDeleteFileW: MyNtCreateFile (C:\Windows\system32\drivers\klmd.sys) error 32 20:33:23:761 4140 KLMD(ARK) unloaded successfully et: 20:30:44:791 4384 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04 20:30:44:791 4384 ================================================================================ 20:30:44:791 4384 SystemInfo: 20:30:44:791 4384 OS Version: 6.0.6002 ServicePack: 2.0 20:30:44:791 4384 Product type: Workstation 20:30:44:791 4384 ComputerName: PC-DE-SAHBI 20:30:44:791 4384 UserName: sahbi 20:30:44:791 4384 Windows directory: C:\Windows 20:30:44:791 4384 Processor architecture: Intel x86 20:30:44:791 4384 Number of processors: 2 20:30:44:791 4384 Page size: 0x1000 20:30:44:807 4384 Boot type: Normal boot 20:30:44:807 4384 ================================================================================ 20:30:45:446 4384 UnloadDriverW: NtUnloadDriver error 2 20:30:45:446 4384 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2 20:30:51:125 4384 wfopen_ex: Trying to open file C:\Windows\system32\config\system 20:30:51:125 4384 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 20:30:51:125 4384 wfopen_ex: Trying to KLMD file open 20:30:51:125 4384 wfopen_ex: File opened ok (Flags 2) 20:30:51:140 4384 wfopen_ex: Trying to open file C:\Windows\system32\config\software 20:30:51:140 4384 wfopen_ex: MyNtCreateFileW error 32 (C0000043) 20:30:51:140 4384 wfopen_ex: Trying to KLMD file open 20:30:51:140 4384 wfopen_ex: File opened ok (Flags 2) 20:30:51:140 4384 Initialize success 20:30:51:140 4384 20:30:51:140 4384 Scanning Services ... 20:30:53:948 4384 Raw services enum returned 448 services 20:30:53:964 4384 20:30:53:964 4384 Scanning Kernel memory ... 20:30:53:979 4384 Devices to scan: 1 20:30:53:979 4384 20:30:53:979 4384 Driver Name: atapi 20:30:53:979 4384 IRP_MJ_CREATE : 8679E140 20:30:53:979 4384 IRP_MJ_CREATE_NAMED_PIPE : 82492787 20:30:53:979 4384 IRP_MJ_CLOSE : 8679E140 20:30:53:979 4384 IRP_MJ_READ : 82492787 20:30:53:979 4384 IRP_MJ_WRITE : 82492787 20:30:53:979 4384 IRP_MJ_QUERY_INFORMATION : 82492787 20:30:53:979 4384 IRP_MJ_SET_INFORMATION : 82492787 20:30:53:979 4384 IRP_MJ_QUERY_EA : 82492787 20:30:53:979 4384 IRP_MJ_SET_EA : 82492787 20:30:53:979 4384 IRP_MJ_FLUSH_BUFFERS : 82492787 20:30:53:979 4384 IRP_MJ_QUERY_VOLUME_INFORMATION : 82492787 20:30:53:979 4384 IRP_MJ_SET_VOLUME_INFORMATION : 82492787 20:30:53:979 4384 IRP_MJ_DIRECTORY_CONTROL : 82492787 20:30:53:979 4384 IRP_MJ_FILE_SYSTEM_CONTROL : 82492787 20:30:53:979 4384 IRP_MJ_DEVICE_CONTROL : 8678CA5A 20:30:53:979 4384 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8678CA2C 20:30:53:979 4384 IRP_MJ_SHUTDOWN : 82492787 20:30:53:979 4384 IRP_MJ_LOCK_CONTROL : 82492787 20:30:53:979 4384 IRP_MJ_CLEANUP : 82492787 20:30:53:979 4384 IRP_MJ_CREATE_MAILSLOT : 82492787 20:30:53:979 4384 IRP_MJ_QUERY_SECURITY : 82492787 20:30:53:979 4384 IRP_MJ_SET_SECURITY : 82492787 20:30:53:979 4384 IRP_MJ_POWER : 8678CA88 20:30:53:979 4384 IRP_MJ_SYSTEM_CONTROL : 86799B70 20:30:53:979 4384 IRP_MJ_DEVICE_CHANGE : 82492787 20:30:53:979 4384 IRP_MJ_QUERY_QUOTA : 82492787 20:30:53:979 4384 IRP_MJ_SET_QUOTA : 82492787 20:30:53:995 4384 C:\Windows\system32\drivers\atapi.sys - Verdict: 1 20:30:53:995 4384 20:30:53:995 4384 Completed 20:30:53:995 4384 20:30:53:995 4384 Results: 20:30:53:995 4384 Memory objects infected / cured / cured on reboot: 0 / 0 / 0 20:30:53:995 4384 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 20:30:54:011 4384 File objects infected / cured / cured on reboot: 0 / 0 / 0 20:30:54:011 4384 20:30:54:011 4384 fclose_ex: Trying to close file C:\Windows\system32\config\system 20:30:54:011 4384 fclose_ex: Trying to close file C:\Windows\system32\config\software 20:30:54:120 4384 MyDeleteFileW: MyNtCreateFile (C:\Windows\system32\drivers\klmd.sys) error 32 20:30:54:120 4384 KLMD(ARK) unloaded successfully pour les symptomes je sais pas ce que je dois chercher exactement mais quand j'ai redémarré l'ordi il est un peu lent mais il y a plus de ce digital protection seulement une fenetre me parait disant que windows a bloqué certains programmes de démarrage. Enfin j'ai utilisé avant plein d'antivirus kaspersky, AVG... que j'ai eu du mal a effacer parfois, hier j'ai téléchargé avast et spyhunter 4 croyant qu'ils vont éliminer digital protection. Pour les proxy, oui j'utilisais avant des proxys pour me connecter mais maintenant je sais pas , je necrois pas , en fait je dois faire quoi pour voir si je me connecte avec un proxy ou pas? Dsl encore pour le dérangement et merci. -
eradication de trojan digital protection
elnino a répondu à un(e) sujet de elnino dans Analyses et éradication malwares
bonjour, j'ai posté en haut le rapport combo fix, que dois je faire apres? et Merci -
eradication de trojan digital protection
elnino a répondu à un(e) sujet de elnino dans Analyses et éradication malwares
voila le rapport: ComboFix 10-05-01.02 - sahbi 05/02/2010 1:27.1.2 - x86 Microsoft® Windows Vista™ Edition Familiale Premium 6.0.6002.2.1256.216.1036.18.1013.310 [GMT 2:00] Running from: c:\users\sahbi\Desktop\ComboFix.exe AV: Rising Antivirus *On-access scanning disabled* (Outdated) {234E4A88-48FA-4220-A994-5323706FF524} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500 c:\$recycle.bin\S-1-5-21-2256296683-2490543695-1737019047-500 c:\$recycle.bin\S-1-5-21-4229330736-3838111969-3694359616-500 c:\program files\Search Settings c:\program files\Search Settings\kb127\SearchSettings.dll c:\program files\Search Settings\kb127\SearchSettingsRes409.dll c:\program files\Search Settings\SearchSettings.exe c:\temp\1cb c:\temp\1cb\syscheck.log c:\users\sahbi\AppData\Roaming\Desktopicon c:\users\sahbi\AppData\Roaming\Desktopicon\config.ini c:\users\sahbi\AppData\Roaming\tazebama . ((((((((((((((((((((((((( Files Created from 2010-04-01 to 2010-05-01 ))))))))))))))))))))))))))))))) . 2010-05-01 23:45 . 2010-05-01 23:47 -------- d-----w- c:\users\sahbi\AppData\Local\temp 2010-05-01 23:45 . 2010-05-01 23:45 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-05-01 18:54 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-01 18:54 . 2010-05-01 18:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-01 18:54 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-01 18:30 . 2010-05-01 18:33 36488 ----a-w- c:\windows\system32\drivers\klmd.sys 2010-05-01 18:30 . 2010-05-01 18:33 -------- d-----w- C:\tdsskiller 2010-05-01 15:46 . 2010-05-01 15:46 -------- d-----w- c:\users\sahbi\AppData\Roaming\Malwarebytes 2010-05-01 15:46 . 2010-05-01 15:46 -------- d-----w- c:\programdata\Malwarebytes 2010-05-01 13:56 . 2010-05-01 13:56 -------- d-----w- C:\sh4ldr 2010-05-01 13:56 . 2010-05-01 13:56 -------- d-----w- c:\program files\Enigma Software Group 2010-05-01 13:55 . 2010-05-01 14:40 -------- d-----w- c:\windows\61D3AAE1D5214CD7939B37813DE8F955.TMP 2010-05-01 13:55 . 2010-05-01 13:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-05-01 02:43 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-05-01 02:43 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-05-01 02:43 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-05-01 02:43 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-05-01 02:43 . 2010-04-14 16:31 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2010-05-01 02:40 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr 2010-05-01 02:40 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe 2010-05-01 02:39 . 2010-05-01 02:39 -------- d-----w- c:\programdata\Alwil Software 2010-05-01 02:39 . 2010-05-01 02:39 -------- d-----w- c:\program files\Alwil Software 2010-04-28 09:06 . 2010-04-28 09:06 -------- d-----w- c:\program files\Common Files\Skype 2010-04-27 11:54 . 2010-04-27 11:54 -------- d-----w- c:\users\sahbi\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 2010-04-27 11:53 . 2010-04-27 11:53 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-04-22 19:49 . 2010-04-22 19:49 -------- d-----w- c:\programdata\TVU Networks 2010-04-19 16:46 . 2010-04-19 16:46 -------- d-----w- c:\program files\QuickTime 2010-04-19 16:45 . 2010-04-19 16:45 -------- d-----w- c:\programdata\Apple Computer 2010-04-19 01:26 . 2010-04-19 01:26 -------- d-----w- c:\program files\Windows Portable Devices 2010-04-19 01:07 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2010-04-19 01:07 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2010-04-19 01:07 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2010-04-19 01:05 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2010-04-19 01:04 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2010-04-19 01:04 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll 2010-04-19 01:04 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2010-04-18 17:58 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll 2010-04-18 17:58 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-04-18 17:58 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2010-04-18 12:37 . 2010-04-18 12:37 -------- d-----w- c:\windows\system32\ca-ES 2010-04-18 12:37 . 2010-04-18 12:37 -------- d-----w- c:\windows\system32\eu-ES 2010-04-18 12:36 . 2010-04-18 12:37 -------- d-----w- c:\windows\system32\vi-VN 2010-04-18 11:58 . 2010-04-18 11:58 -------- d-----w- c:\windows\system32\EventProviders 2010-04-17 13:41 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-04-17 13:25 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-04-17 13:25 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-04-17 13:25 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-04-17 13:25 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-04-17 13:25 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-04-17 13:15 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-04-17 13:15 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll 2010-04-17 13:15 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys 2010-04-17 12:39 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll 2010-04-17 12:38 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll 2010-04-14 23:04 . 2010-04-14 23:04 -------- d-----w- c:\users\sahbi\AppData\Roaming\Move Networks 2010-04-14 22:01 . 2009-02-17 18:38 112128 ----a-w- c:\windows\system32\drivers\ewusbnet.sys 2010-04-14 22:01 . 2008-12-30 09:57 103040 ----a-w- c:\windows\system32\drivers\ewusbfake.sys 2010-04-14 22:01 . 2008-12-13 09:27 102784 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys 2010-04-14 22:01 . 2008-04-14 07:36 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys 2010-04-14 22:01 . 2007-08-09 02:06 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys 2010-04-14 22:00 . 2010-04-14 22:02 -------- d-----w- c:\program files\Internet 3G+ Bouygues Telecom . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-01 23:50 . 2009-12-03 12:04 36446240 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-05-01 23:39 . 2008-11-30 23:55 -------- d-----w- c:\program files\Common Files\Akamai 2010-05-01 18:38 . 2009-12-03 12:04 424712 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-05-01 15:17 . 2010-04-01 01:00 443912 ----a-w- c:\users\sahbi\AppData\Roaming\Real\Update\setup3.11\setup.exe 2010-05-01 13:56 . 2010-05-01 13:56 110080 ----a-r- c:\users\sahbi\AppData\Roaming\Microsoft\Installer\{61D3AAE1-D521-4CD7-939B-37813DE8F955}\IconF7A21AF7.exe 2010-05-01 13:56 . 2010-05-01 13:56 110080 ----a-r- c:\users\sahbi\AppData\Roaming\Microsoft\Installer\{61D3AAE1-D521-4CD7-939B-37813DE8F955}\IconD7F16134.exe 2010-05-01 13:31 . 2006-11-02 15:48 659180 ----a-w- c:\windows\system32\perfh00C.dat 2010-05-01 13:31 . 2006-11-02 15:48 122976 ----a-w- c:\windows\system32\perfc00C.dat 2010-04-30 23:51 . 2008-05-08 19:07 -------- d-----w- c:\users\sahbi\AppData\Roaming\Skype 2010-04-30 22:03 . 2008-05-08 19:09 -------- d-----w- c:\users\sahbi\AppData\Roaming\skypePM 2010-04-27 11:50 . 2010-04-27 11:54 38784 ----a-w- c:\users\sahbi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-04-27 11:50 . 2010-04-27 11:53 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-04-22 19:49 . 2008-12-17 21:52 -------- d-----w- c:\program files\TVUPlayer 2010-04-20 18:46 . 2008-12-17 20:43 -------- d-----w- c:\program files\Veetle 2010-04-19 17:20 . 2008-11-30 23:56 -------- d-----w- c:\users\sahbi\AppData\Roaming\Metacafe 2010-04-19 01:26 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2010-04-19 01:26 . 2010-04-19 01:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2010-04-19 01:23 . 2010-04-19 01:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2010-04-18 12:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2010-04-18 12:38 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-04-18 12:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2010-04-18 12:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2010-04-18 12:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2010-04-18 12:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2010-04-18 12:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2010-04-18 01:12 . 2007-03-27 08:41 -------- d-----w- c:\programdata\Microsoft Help 2010-04-14 23:04 . 2010-04-14 23:04 143973 ----a-w- c:\users\sahbi\AppData\Roaming\Move Networks\uninstall.exe 2010-04-14 23:04 . 2009-09-24 21:45 5644224 ----a-w- c:\users\sahbi\AppData\Roaming\Move Networks\plugins\npqmp071700000016.dll 2010-04-07 18:21 . 2010-04-07 18:21 118784 ----a-w- c:\users\sahbi\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\compat.dll 2010-03-28 18:37 . 2006-12-18 10:23 -------- d-----w- c:\program files\Common Files\Adobe 2010-03-28 18:28 . 2010-03-28 18:28 -------- d-----w- c:\programdata\McAfee 2010-03-09 01:40 . 2010-03-09 01:40 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll 2010-03-09 01:40 . 2010-03-09 01:40 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll 2010-03-09 01:40 . 2010-03-09 01:40 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll 2010-03-09 01:40 . 2010-03-09 01:40 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll 2010-03-09 01:40 . 2010-03-09 01:40 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll 2010-03-09 01:40 . 2010-03-09 01:40 329312 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll 2010-03-09 01:40 . 2010-03-09 01:40 300616 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll 2010-03-09 01:40 . 2010-03-09 01:40 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll 2010-03-09 01:40 . 2009-03-27 16:25 -------- d-----w- c:\program files\Common Files\Real 2010-03-09 01:39 . 2009-03-27 16:25 -------- d-----w- c:\program files\Real 2010-03-09 01:39 . 2010-03-09 01:39 -------- d-----w- c:\program files\Common Files\xing shared 2010-03-07 08:43 . 2010-03-07 08:43 -------- d-----w- c:\users\sahbi\AppData\Roaming\Sony Corporation 2010-03-07 08:37 . 2006-12-18 08:12 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-03-07 08:35 . 2010-03-07 08:35 -------- d-----w- c:\program files\Sony 2010-03-07 08:34 . 2010-03-07 08:34 10134 ----a-r- c:\users\sahbi\AppData\Roaming\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe 2010-03-07 08:34 . 2010-03-07 08:34 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2010-03-07 08:33 . 2010-03-07 08:33 -------- d-----w- c:\users\sahbi\AppData\Roaming\InstallShield 2010-03-04 19:59 . 2010-03-04 19:59 443912 ----a-w- c:\users\sahbi\AppData\Roaming\Real\Update\setup3.10\setup.exe 2010-03-03 13:46 . 2009-04-08 19:56 -------- d-----w- c:\users\sahbi\AppData\Roaming\TVU networks 2010-02-26 06:06 . 2010-02-26 06:06 2626360 ----a-w- c:\users\sahbi\AppData\Roaming\Mozilla\Firefox\Profiles\i7siw8fg.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll 2010-02-24 16:46 . 2007-03-22 21:17 113488 ----a-w- c:\users\sahbi\AppData\Local\GDIPFONTCACHEV1.DAT 2010-02-24 08:16 . 2010-02-03 23:36 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-23 06:39 . 2010-04-06 19:36 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-23 06:33 . 2010-04-06 19:36 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-02-23 06:33 . 2010-04-06 19:36 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-02-23 04:55 . 2010-04-06 19:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-02-20 23:06 . 2010-03-12 02:02 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-02-20 23:05 . 2010-03-12 02:02 30720 ----a-w- c:\windows\system32\httpapi.dll 2010-02-20 20:53 . 2010-03-12 02:02 411648 ----a-w- c:\windows\system32\drivers\http.sys 2010-02-12 10:48 . 2010-03-18 02:02 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-02-04 11:41 . 2007-03-22 21:16 1356 ----a-w- c:\users\sahbi\AppData\Local\d3d9caps.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Device Detector"="DevDetect.exe -autorun" [X] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "swg"="c:\program files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [2007-04-01 155896] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Device Detector"="DevDetect.exe -autorun" [X] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-14 411768] "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2006-12-14 493688] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-11 530552] "NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-07 90191] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-07 7766016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-07 81920] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104] "RtHDVCpl"="RtHDVCpl.exe" [2006-11-07 3772416] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416] "NDSTray.exe"="NDSTray.exe" [bU] "topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 577536] "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2006-12-13 554640] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-09 202256] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] c:\users\sahbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2009-2-17 145736] Outil de d‚tection de support PMB.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-3-7 333088] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-3-27 110592] Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2009-2-17 145736] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-6-4 389120] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):59,22,38,0c,f5,de,ca,01 R2 gupdate1c9aef834940c90;خدمة تحديث Google (gupdate1c9aef834940c90);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-27 133104] R2 RsVScanner;Rising Vista Scanner;c:\program files\Rising\Rav\scannerd.exe [x] R3 camfilt2;camfilt2;c:\windows\system32\DRIVERS\camfilt2.sys [2008-02-27 98432] R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-12-30 103040] R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\DRIVERS\neti1634.sys [2008-06-26 197888] R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys [x] S1 aswSP;aswSP; [x] S2 Akamai;Akamai;c:\windows\System32\svchost.exe [2008-01-19 21504] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-04-14 51792] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-19 7168] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder 2010-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-27 16:22] 2010-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-27 16:22] 2010-05-01 c:\windows\Tasks\User_Feed_Synchronization-{2FC916E7-B1AE-4D9D-B316-276B9FE7D1BC}.job - c:\windows\system32\msfeedssync.exe [2010-04-06 04:54] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - hxxp://iptv.zgzcw.com/pCastCtl_1.0.0.89_20080808.cab FF - ProfilePath - c:\users\sahbi\AppData\Roaming\Mozilla\Firefox\Profiles\i7siw8fg.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.http - 174.142.24.201 FF - prefs.js: network.proxy.http_port - 3128 FF - prefs.js: network.proxy.type - 1 FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Veetle\Player\npvlc.dll FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\sahbi\AppData\Roaming\Move Networks\plugins\npqmp071700000016.dll FF - plugin: c:\users\sahbi\AppData\Roaming\Mozilla\Firefox\Profiles\i7siw8fg.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - ORPHANS REMOVED - - - - HKCU-Run-TOSCDSPD - TOSCDSPD.EXE HKCU-Run-ares - c:\program files\Ares\Ares.exe HKCU-Run-WebCallDirect - c:\program files\WebCallDirect.com\WebCallDirect\WebCallDirect.exe HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe HKLM-Run-FixCamera - c:\windows\FixCamera.exe HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe ShellExecuteHooks-{EB338DB6-EC2C-456B-B5AD-ED97FB489684} - c:\windows\system32\tuvWPIyA.dll SafeBoot-PskSvcRetail AddRemove-WinButler - c:\users\sahbi\AppData\Roaming\WinButler\WinBuninstaller.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-02 01:47 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.032" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.ani" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.apd" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.bay" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.bmp" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.bw" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.cr2" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.crw" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.cs1" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.cur" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.dcr" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.dcx" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.dib" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.djv" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.djvu" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.dng" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.emf" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.eps" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.erf" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.fff" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.fpx" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.gif" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.icl" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.icn" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.ico" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.iff" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.ilbm" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.int" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.inta" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.iw4" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.j2c" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.j2k" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.jfif" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.jif" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.jp2" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.jpc" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.jpe" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.jpeg" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.jpg" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.jpk" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.jpx" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.lbm" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.mos" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.mrw" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.nef" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.orf" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.pbm" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.pcd" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.pct" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.pcx" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.pef" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.pgm" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.pic" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.pict" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.pix" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.png" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.ppm" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.psd" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.psp" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.raf" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.ras" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.raw" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.rgb" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.rgba" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.rle" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.rsb" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.sgi" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.sr2" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.srf" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.tga" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.thm" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.tif" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.tiff" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.ttc" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.ttf" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9o\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.v9o" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9p\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.v9p" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9pf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.v9pf" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.wbm" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.wbmp" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.wmf" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.xbm" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.xif" [HKEY_USERS\S-1-5-21-911086027-3368314669-2528303969-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee 9.0.xpm" [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2010-05-02 01:58:13 ComboFix-quarantined-files.txt 2010-05-01 23:58 Pre-Run: 7,376,019,456 octets libres Post-Run: 10,489,839,616 octets libres - - End Of File - - D292F2535AF279680C472E2902AC8124 -
eradication de trojan digital protection
elnino a répondu à un(e) sujet de elnino dans Analyses et éradication malwares
personne ne peux m'aider? -
eradication de trojan digital protection
elnino a répondu à un(e) sujet de elnino dans Analyses et éradication malwares
ya quelqu'un pour m'aider? -
eradication de trojan digital protection
elnino a répondu à un(e) sujet de elnino dans Analyses et éradication malwares
alors rapport rkill: This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as sahbi on 05/01/2010 at 20:49:05. Processes terminated by Rkill or while it was running: C:\Users\sahbi\AppData\Local\Temp\asrkn_pfu.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\sahbi\Desktop\rkill.com C:\Windows\System32\wsqmcons.exe Rkill completed on 05/01/2010 at 20:49:10. Rapport mbam: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4057 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 01-05-2010 22:52:26 mbam-log-2010-05-01 (22-52-26).txt Type d'examen: Examen complet (C:\|E:\|F:\|) Elément(s) analysé(s): 261386 Temps écoulé: 1 heure(s), 56 minute(s), 52 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) -
eradication de trojan digital protection
elnino a posté un sujet dans Analyses et éradication malwares
re bonsoir, alors je venais vous dire par digital protection et par d'autres trojans. j'ai essayé de l'effacer mais sans succes. La j'ai lu vos conseils sur ce sujet , j'ai téléchargé rkill et Mbam. la je suis en train de faire le scan avec Mbam ( je l'ai déja utilisé 1 fois deja et il m'a effacé le trojan , j'ai cru que c'étais fini mais non il est tjs la). je vais vous envoyer les rapports dès la fin du scan. Merci -
[RESOLU] Aide contre "Digital Protection"
elnino a répondu à un(e) sujet de inbearsuits dans Analyses et éradication malwares
bonsoir, je suis toujours infecté par Digital Protection et Windows Security Center. jé suivi les memes démarches conseillés à inbearsuits . la je suis en train de faire le scan avec MBAM. Si quelquin peut m'aider ca serait tres gentil