Warning! potential spyware operation

[lesandre]

Salut,

 

Je te fais tout cela et reviens vers toi avec toutes les infos demandées. Je n'avais plus accés au tuto après redémarrage et je n'ai ouvert qu'Internet Explorer sur le FW.

 

Merci encore,

 

JC

[lesandre]

Re,

 

Et voici les infos demandees:

 

Fichier demandant l'acces a Internet durant Combofix: NirCmd.cfexe

 

Fenetre revenant sans arret (ttes les 2-3 minutes):

/////// (petite fenetre window type avec croix banche sur fond rouge en haut a gauche de la fenetre) - Voici son texte exact

Windows Security Alert

Warning! Potential Spyware Operation!

 

Your computer is making unauthorized copies of your system and Internet files. Run full scan now to pervent any unathorised access to your files! Click YES to download spyware remover ...

 

Oui Non

 

///////

 

Internet OK (c'etait ma faute)

 

Rapports ci-apres (j'ai fait un combofix ce matin).

 

Merci encore,

 

Lesandre

 

Rapport SmitFraudFix de ce matin:

 

SmitFraudFix v2.227

 

Rapport fait à 9:09:29,03, 23/09/2007

Executé à partir de C:\Documents and Settings\Jean-Christophe\Bureau\Mes telechargement\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est FAT32

Fix executé en mode sans echec

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

192.168.200.3 ad.doubleclick.net

192.168.200.3 ad.fastclick.net

192.168.200.3 ads.fastclick.net

192.168.200.3 ar.atwola.com

192.168.200.3 atdmt.com

192.168.200.3 avp.ch

192.168.200.3 avp.com

192.168.200.3 avp.ru

192.168.200.3 awaps.net

192.168.200.3 banner.fastclick.net

192.168.200.3 banners.fastclick.net

192.168.200.3 ca.com

192.168.200.3 click.atdmt.com

192.168.200.3 clicks.atdmt.com

192.168.200.3 customer.symantec.com

192.168.200.3 dispatch.mcafee.com

192.168.200.3 download.mcafee.com

192.168.200.3 downloads-us1.kaspersky-labs.com

192.168.200.3 downloads-us2.kaspersky-labs.com

192.168.200.3 downloads-us3.kaspersky-labs.com

192.168.200.3 downloads1.kaspersky-labs.com

192.168.200.3 downloads2.kaspersky-labs.com

192.168.200.3 downloads3.kaspersky-labs.com

192.168.200.3 downloads4.kaspersky-labs.com

192.168.200.3 engine.awaps.net

192.168.200.3 f-secure.com

192.168.200.3 fastclick.net

192.168.200.3 ftp.avp.ch

192.168.200.3 ftp.downloads1.kaspersky-labs.com

192.168.200.3 ftp.downloads2.kaspersky-labs.com

192.168.200.3 ftp.downloads3.kaspersky-labs.com

192.168.200.3 ftp.f-secure.com

192.168.200.3 ftp.kasperskylab.ru

192.168.200.3 ftp.sophos.com

192.168.200.3 ids.kaspersky-labs.com

192.168.200.3 kaspersky-labs.com

192.168.200.3 kaspersky.com

192.168.200.3 liveupdate.symantec.com

192.168.200.3 liveupdate.symantecliveupdate.com

192.168.200.3 mast.mcafee.com

192.168.200.3 mcafee.com

192.168.200.3 media.fastclick.net

192.168.200.3 my-etrust.com

192.168.200.3 nai.com

192.168.200.3 networkassociates.com

192.168.200.3 norton.com

192.168.200.3 phx.corporate-ir.net

192.168.200.3 rads.mcafee.com

192.168.200.3 secure.nai.com

192.168.200.3 securityresponse.symantec.com

192.168.200.3 service1.symantec.com

192.168.200.3 sophos.com

192.168.200.3 spd.atdmt.com

192.168.200.3 symantec.com

192.168.200.3 trendmicro.com

192.168.200.3 update.symantec.com

192.168.200.3 updates.symantec.com

192.168.200.3 updates1.kaspersky-labs.com

192.168.200.3 updates2.kaspersky-labs.com

192.168.200.3 updates3.kaspersky-labs.com

192.168.200.3 updates4.kaspersky-labs.com

192.168.200.3 updates5.kaspersky-labs.com

192.168.200.3 us.mcafee.com

192.168.200.3 vil.nai.com

192.168.200.3 viruslist.com

192.168.200.3 viruslist.ru

192.168.200.3 virusscan.jotti.org

192.168.200.3 virustotal.com

192.168.200.3 www.avp.ch

192.168.200.3 www.avp.com

192.168.200.3 www.avp.ru

192.168.200.3 www.awaps.net

192.168.200.3 www.ca.com

192.168.200.3 www.f-secure.com

192.168.200.3 www.fastclick.net

192.168.200.3 www.grisoft.com

192.168.200.3 www.kaspersky-labs.com

192.168.200.3 www.kaspersky.com

192.168.200.3 www.kaspersky.ru

192.168.200.3 www.mcafee.com

192.168.200.3 www.my-etrust.com

192.168.200.3 www.nai.com

192.168.200.3 www.networkassociates.com

192.168.200.3 www.sophos.com

192.168.200.3 www.symantec.com

192.168.200.3 www.symantec.com

192.168.200.3 www.trendmicro.com

192.168.200.3 www.viruslist.com

192.168.200.3 www.viruslist.ru

192.168.200.3 www.virustotal.com

192.168.200.3 www3.ca.com

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{81260026-7663-40F1-88CE-7C27A0FBAA76}: DhcpNameServer=192.168.1.254

HKLM\SYSTEM\CS1\Services\Tcpip\..\{81260026-7663-40F1-88CE-7C27A0FBAA76}: DhcpNameServer=192.168.1.254

HKLM\SYSTEM\CS2\Services\Tcpip\..\{81260026-7663-40F1-88CE-7C27A0FBAA76}: DhcpNameServer=192.168.1.254

HKLM\SYSTEM\CS3\Services\Tcpip\..\{81260026-7663-40F1-88CE-7C27A0FBAA76}: DhcpNameServer=192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

 

Nettoyage terminé.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

 

 

 

Rapport Combofix de ce matin:

 

ComboFix 07-09-20.1 - "Jean-Christophe" 2007-09-23 8:57:07.8 - FAT32x86

Microsoft Windows XP ?dition familiale 5.1.2600.2.1252.1.1036.18.64 [GMT 2:00]

* Created a new restore point

 

FILE::

C:\WINDOWS\system32\WinAvXX.exe

C:\WINDOWS\system32\printer.exe

C:\WINDOWS\system32\systems.txt

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\autorun.exe

C:\Documents and Settings\Jean-Christophe\Menu Démarrer\Programmes\Démarrage\system.exe

C:\WINDOWS\system32\vtr.dll

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\printer.exe

C:\WINDOWS\system32\WinAvXX.exe

 

.

((((((((((((((((((((((((((((( Fichiers créés 2007-08-23 to 2007-09-23 ))))))))))))))))))))))))))))))))))))

.

 

2007-09-22 19:20 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat

2007-09-22 19:20 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier

2007-09-22 19:17 <REP> d-------- C:\WINDOWS\Internet Logs

2007-09-20 21:19 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-09-19 13:02 <REP> d-------- C:\Program Files\CCleaner

2007-09-19 12:46 <REP> d-------- C:\Program Files\a-squared Free

2007-09-19 10:56 <REP> d-------- C:\Program Files\RegCleaner

2007-09-19 07:26 <REP> d-------- C:\WINDOWS\report

2007-09-19 07:25 86,094 --a------ C:\WINDOWS\BPMNT.dll

2007-09-19 07:25 71,749 --a------ C:\WINDOWS\hcextoutput.dll

2007-09-19 07:25 267,845 --a------ C:\WINDOWS\tsc.exe

2007-09-19 07:25 1,163,344 --a------ C:\WINDOWS\vsapi32.dll

2007-09-19 07:25 <REP> d-------- C:\WINDOWS\AU_Backup

2007-09-19 07:23 69,689 --a------ C:\WINDOWS\UNZIP.DLL

2007-09-19 07:23 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL

2007-09-19 07:23 286,720 --a------ C:\WINDOWS\PATCH.EXE

2007-09-19 07:23 <REP> d-------- C:\WINDOWS\AU_Temp

2007-09-19 07:23 <REP> d-------- C:\WINDOWS\AU_Log

2007-09-18 23:31 883,694 --a------ C:\SmitfraudFix.exe

2007-09-18 23:08 <REP> d-------- C:\SmitfraudFix

2007-09-18 22:39 3,398 --a------ C:\WINDOWS\system32\tmp.reg

2007-09-18 21:10 <REP> d-------- C:\Program Files\Navilog1

2007-09-18 20:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

2007-09-17 21:10 <REP> dr------- C:\DOCUME~1\Elyan\Mes documents

2007-09-17 21:10 <REP> dr------- C:\DOCUME~1\Elyan\Favoris

2007-09-14 21:08 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

2007-09-14 14:05 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-09-14 12:59 <REP> dr------- C:\DOCUME~1\ADMINI~1\Mes documents

2007-09-14 12:59 <REP> dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer

2007-09-14 12:59 <REP> dr------- C:\DOCUME~1\ADMINI~1\Favoris

2007-09-14 12:59 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau

2007-09-14 12:59 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression

2007-09-14 12:59 <REP> d--h----- C:\DOCUME~1\ADMINI~1\ModŠles

2007-09-14 12:59 <REP> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS

2007-09-14 12:59 <REP> d-------- C:\DOCUME~1\ADMINI~1\Bureau

2007-09-14 12:59 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\InterTrust

2007-09-01 15:57 1,268 --a------ C:\WINDOWS\mozver.dat

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-09-22 21:52 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2007-09-22 21:52 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2007-09-22 19:19 75932 --a------ C:\WINDOWS\system32\drivers\klick.dat

2007-09-22 19:19 74396 --a------ C:\WINDOWS\system32\drivers\klin.dat

2007-09-14 21:11 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys

2007-09-14 21:11 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys

2007-09-06 12:09 801144 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-09-06 12:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-09-06 12:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-09-06 12:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-09-06 12:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-09-06 12:00 95608 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-09-06 12:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll

2007-07-29 17:57 --------- d-------- C:\Program Files\Alwil Software

2007-07-29 17:07 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

2007-07-29 16:24 --------- d-------- C:\Program Files\Realtek Sound Manager

2007-07-29 16:24 --------- d-------- C:\Program Files\AvRack

2007-07-29 16:24 --------- d-------- C:\DOCUME~1\ELYAN\APPLIC~1\Real

2007-07-29 16:24 --------- d-------- C:\DOCUME~1\ELYAN\APPLIC~1\InterTrust

2007-07-29 16:24 --------- d-------- C:\DOCUME~1\ELYAN\APPLIC~1\ICQ

2007-07-29 16:24 --------- d-------- C:\DOCUME~1\ELYAN\APPLIC~1\FUJIFILM

2007-07-26 17:25 --------- d-------- C:\DOCUME~1\OLGA\APPLIC~1\WebCallDirect

2007-07-19 08:58 3583488 --------- C:\WINDOWS\system32\dllcache\mshtml.dll

2007-07-13 01:30 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll

2007-06-27 15:24 823808 --------- C:\WINDOWS\system32\dllcache\wininet.dll

2007-06-27 15:24 671232 --------- C:\WINDOWS\system32\dllcache\mstime.dll

2007-06-27 15:24 477696 --------- C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-06-27 15:24 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll

2007-06-27 15:24 193024 --------- C:\WINDOWS\system32\dllcache\msrating.dll

2007-06-27 15:24 1152000 --------- C:\WINDOWS\system32\dllcache\urlmon.dll

2007-06-27 15:24 105984 --------- C:\WINDOWS\system32\dllcache\url.dll

2007-06-27 15:24 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll

2007-06-27 15:23 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll

2007-06-27 15:23 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-06-27 15:23 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-06-27 15:23 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll

2007-06-27 15:23 27648 --------- C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-06-27 15:23 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll

2007-06-27 15:22 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll

2007-06-27 15:22 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-06-27 15:22 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll

2007-06-27 15:22 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll

2007-06-27 15:22 132608 --------- C:\WINDOWS\system32\dllcache\extmgr.dll

2007-06-27 15:22 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll

2007-06-27 10:28 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe

2007-06-27 10:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe

2007-06-27 10:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-06-27 09:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll

2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll

2005-07-21 15:12 457 --a------ C:\Program Files\INSTALL.LOG

.

 

((((((((((((((((((((((((((((( snapshot_2007-09-20_212949.73 )))))))))))))))))))))))))))))))))))))))))

.

----a-w 75,248 2007-06-21 19:54:48 C:\WINDOWS\zllsputility.exe

----a-w 42,384 2007-06-21 19:55:32 C:\WINDOWS\zllsputility_loc040c.dll

----a-w 394,984 2007-06-21 19:54:52 C:\WINDOWS\system32\vsdatant.sys

----a-w 83,432 2007-06-21 19:54:30 C:\WINDOWS\system32\vsdata.dll

----a-w 472,552 2007-06-21 19:54:34 C:\WINDOWS\system32\vsutil.dll

----a-w 103,912 2007-06-21 19:54:32 C:\WINDOWS\system32\vsmonapi.dll

----a-w 275,944 2007-06-21 19:54:32 C:\WINDOWS\system32\vspubapi.dll

----a-w 157,160 2007-06-21 19:54:32 C:\WINDOWS\system32\vsinit.dll

----a-w 46,568 2007-06-21 19:54:34 C:\WINDOWS\system32\vswmi.dll

----a-w 99,816 2007-06-21 19:54:34 C:\WINDOWS\system32\vsxml.dll

----a-w 1,086,952 2007-06-21 19:54:40 C:\WINDOWS\system32\zpeng24.dll

----a-w 71,144 2007-06-21 19:54:34 C:\WINDOWS\system32\zlcommdb.dll

----a-w 83,432 2007-06-21 19:54:34 C:\WINDOWS\system32\zlcomm.dll

----a-w 71,144 2007-06-21 19:54:32 C:\WINDOWS\system32\vsregexp.dll

----a-w 11,264 2004-04-27 02:40:52 C:\WINDOWS\system32\SpOrder.dll

----a-w 212,480 2006-12-01 03:20:32 C:\WINDOWS\system32\swxcacls.exe

----a-w 370,688 2006-11-29 15:21:30 C:\WINDOWS\system32\swsc.exe

----a-w 796,048 2007-06-21 19:54:26 C:\WINDOWS\system32\libeay32_0.9.6l.dll

----a-w 54,672 2007-06-21 19:55:30 C:\WINDOWS\system32\vsutil_loc040c.dll

----a-w 21,904 2007-06-21 19:55:28 C:\WINDOWS\system32\imsinstall_loc040c.dll

----a-w 17,808 2007-06-21 19:55:28 C:\WINDOWS\system32\imslsp_install_loc040c.dll

----a-w 119,576 2007-05-30 22:03:50 C:\WINDOWS\system32\drivers\klif.sys

----a-w 110,360 2007-05-30 22:03:48 C:\WINDOWS\system32\drivers\kl1.sys

----a-w 79,336 2007-06-21 19:54:30 C:\WINDOWS\system32\ZoneLabs\vsdb.dll

----a-w 75,304 2007-06-21 19:54:46 C:\WINDOWS\system32\ZoneLabs\vsmon.exe

----a-w 2,024,936 2007-06-21 19:54:32 C:\WINDOWS\system32\ZoneLabs\vsmondll.dll

----a-w 456,168 2007-06-21 19:54:28 C:\WINDOWS\system32\ZoneLabs\ssleay32.dll

----a-w 108,008 2007-06-21 19:54:30 C:\WINDOWS\system32\ZoneLabs\vsavpro.dll

----a-w 1,345,000 2007-06-21 19:54:32 C:\WINDOWS\system32\ZoneLabs\vsruledb.dll

----a-w 128,480 2007-06-21 19:54:24 C:\WINDOWS\system32\ZoneLabs\fbl.dll

----a-w 38,376 2007-06-21 19:54:26 C:\WINDOWS\system32\ZoneLabs\featuremap.dll

----a-w 120,296 2007-06-21 19:54:36 C:\WINDOWS\system32\ZoneLabs\zlupdate.dll

----a-w 833,520 2006-10-28 01:03:16 C:\WINDOWS\system32\ZoneLabs\updating.dll

----a-w 177,640 2007-06-21 19:54:36 C:\WINDOWS\system32\ZoneLabs\zlparser.dll

----a-w 173,544 2007-06-21 19:54:28 C:\WINDOWS\system32\ZoneLabs\scheduler.dll

----a-w 243,176 2007-06-21 19:54:34 C:\WINDOWS\system32\ZoneLabs\vsvault.dll

----a-w 714,472 2007-06-11 10:43:50 C:\WINDOWS\system32\ZoneLabs\qrbase.dll

----a-w 79,344 2007-06-21 19:54:36 C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll

----a-w 366,112 2007-06-21 19:54:24 C:\WINDOWS\system32\ZoneLabs\av.dll

----a-w 503,875 2006-09-04 18:59:14 C:\WINDOWS\system32\ZoneLabs\upd_core.dll

----a-w 286,787 2007-01-11 15:31:06 C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll

----a-w 321,016 2007-06-21 19:54:26 C:\WINDOWS\system32\ZoneLabs\imsecure.dll

----a-w 378,344 2007-06-21 19:54:36 C:\WINDOWS\system32\ZoneLabs\zlsre.dll

----a-w 788,200 2007-06-11 10:43:52 C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll

----a-w 1,496,808 2007-06-11 10:43:56 C:\WINDOWS\system32\ZoneLabs\srescan.dll

----a-w 2,432,259 2007-01-11 09:12:08 C:\WINDOWS\system32\ZoneLabs\spyware.dat

----a-w 2,432,259 2007-01-11 09:12:08 C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat

----a-w 50,416 2007-06-11 10:44:10 C:\WINDOWS\system32\ZoneLabs\srescan.sys

----a-w 99,816 2007-06-21 19:54:24 C:\WINDOWS\system32\ZoneLabs\camupd.dll

----a-w 144,936 2007-06-21 19:54:46 C:\WINDOWS\system32\ZoneLabs\updclient.exe

----a-w 17,808 2007-06-21 19:55:30 C:\WINDOWS\system32\ZoneLabs\scheduler_loc040c.dll

----a-w 17,808 2007-06-21 19:55:30 C:\WINDOWS\system32\ZoneLabs\vsdb_loc040c.dll

----a-w 46,480 2007-06-21 19:55:30 C:\WINDOWS\system32\ZoneLabs\vsmon_loc040c.dll

----a-w 198,032 2007-06-21 19:55:30 C:\WINDOWS\system32\ZoneLabs\vsruledb_loc040c.dll

----a-w 17,808 2007-06-21 19:55:30 C:\WINDOWS\system32\ZoneLabs\vsvault_loc040c.dll

----a-w 75,152 2007-06-21 19:55:30 C:\WINDOWS\system32\ZoneLabs\updClient_loc040c.dll

----a-w 21,904 2007-06-21 19:55:32 C:\WINDOWS\system32\ZoneLabs\zlsre_loc040c.dll

----a-w 17,808 2007-06-21 19:55:32 C:\WINDOWS\system32\ZoneLabs\zlquarantine_loc040c.dll

----a-w 26,000 2007-06-21 19:55:28 C:\WINDOWS\system32\ZoneLabs\imsecure_loc040c.dll

----a-w 26,000 2007-06-21 19:55:26 C:\WINDOWS\system32\ZoneLabs\av_loc040c.dll

----a-w 17,808 2007-06-21 19:55:26 C:\WINDOWS\system32\ZoneLabs\camupd_loc040c.dll

----a-w 813,568 2004-01-30 10:35:08 C:\WINDOWS\system32\ZoneLabs\dbghelp.dll

----a-w 26,000 2007-06-21 19:54:54 C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll

----a-w 1,361,296 2007-06-21 19:54:54 C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll

----a-w 71,056 2007-06-21 19:54:54 C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll

----a-w 288,144 2007-06-21 19:55:26 C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard_loc040c.zip.dll

----a-w 152,976 2007-06-21 19:55:28 C:\WINDOWS\system32\ZoneLabs\lib\LicenseUI_loc040c.zip.dll

----a-w 30,184 2007-06-21 19:56:16 C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll

----a-w 30,216 2007-06-21 19:56:16 C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll

----a-w 3,229,176 2007-06-21 19:56:18 C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll

----a-w 26,000 2007-06-21 19:55:28 C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp_loc040c.dll

----a-w 210,432 2007-06-21 19:56:16 C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll

----a-w 118,784 2007-05-30 22:03:18 C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe

----a-w 258,048 2007-05-30 22:03:16 C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll

----a-w 38,400 2007-05-30 22:03:16 C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll

----a-w 184,320 2007-05-30 22:03:18 C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll

----a-w 208,960 2006-09-19 21:12:14 C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll

----a-w 90,112 2007-05-30 22:03:22 C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll

----a-w 548,864 2007-05-30 22:03:20 C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll

----a-w 626,688 2007-05-30 22:03:20 C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll

----a-w 77,824 2007-05-30 22:03:16 C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll

----a-w 110,592 2007-05-30 22:03:16 C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll

----a-w 331,776 2007-05-30 22:03:16 C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll

----a-w 1,093,632 2006-12-19 16:13:52 C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll

----a-w 200,704 2006-12-19 16:13:52 C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll

----a-w 65,248 2007-05-30 22:03:30 C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat

----a-w 21,568 2006-06-30 12:47:36 C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll

----a-w 16,384 2007-09-23 06:46:20 C:\WINDOWS\Temp\Perflib_Perfdata_6c8.dat

.

----a-w 40,960 2006-01-09 08:36:06 C:\WINDOWS\system32\swsc.exe

----a-w 79,360 2006-12-01 04:20:34 C:\WINDOWS\system32\swxcacls.exe

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2003-09-23 09:09 C:\WINDOWS\SOUNDMAN.EXE]

"Disk Monitor"="C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe" [2003-06-18 11:57]

"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 22:05]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-10-11 22:02]

"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-06-24 15:16]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-06 21:12]

"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32]

"ExtraFilmHemmaAgent"="C:\Program Files\Extrafilm FotoFacil\Agent.exe" [2006-10-03 09:40]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]

"NetAppel"="C:\program files\netappel\netappel.exe" [2007-09-15 13:19]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]

PCANotify.dll 2003-05-29 11:00 8704 C:\WINDOWS\system32\PCANotify.dll

 

R3 C4C_BSC2;C4C_BSC2;C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

S2 vdo_326d-6b44;vdo_326d-6b44;\??\C:\WINDOWS\system32\vdo_326d-6b44.sys

S3 PIXMC10;JVC Communication PIX-MC10 Driver;C:\WINDOWS\system32\Drivers\pixmc10c.sys

S3 PIXMC10A;JVC PIX-MC10 Audio Capture;C:\WINDOWS\system32\Drivers\pixmc10a.sys

S3 PIXMC10V;JVC PIX-MC10 Video Capture;C:\WINDOWS\system32\Drivers\pixmc10v.sys

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys

 

.

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-09-23 09:01:49

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-09-23 9:04:00

C:\ComboFix-quarantined-files.txt ... 2007-09-23 09:04

C:\ComboFix3.txt ... 2007-09-22 19:42

C:\ComboFix2.txt ... 2007-09-22 19:51

.

--- E O F ---

[lesandre]

Re,

 

==> Une precision: je n'ai toujours pas acces au parametre de config, gestionnaire des taches...

 

Donc il doit toujours rester une saloperie en quelque part.

 

Merci,

 

Lesandre

[Thanos]

re!

 

nombreuses demandes d'accés à Internet durant Combo: toutes refusées....

Fichier demandant l'acces a Internet durant Combofix: NirCmd.cfexe

Il fallati le laisser accéder à internet, mais c'est ma faute! je ne te l'ai pas précisé. Pas grave

 

On va réinitialiser le fichier Hosts >

 

-Télécharge et dézippe=> HostsXpert de ToadBee et dézippe le sur ton bureau :

• Un dossier Hoster va se créer sur le bureau.
  
• Ouvre le dossier et clique sur le fichier HostsXpert.exe
  
• Clique sur le bouton "Restore MS Hosts File" >
  
• Au message qui s'affiche,clique sur le bouton OK
  
• à présent quitte le programme .
  

Rééssaie ceci après l'utilisation de HostsXpert >

 

Rend toi à cette adresse => http://www.virustotal.com/

 

Tu as une case nommée "Parcourir": tu cliques dessus et une fenêtre s'ouvre=> parcours ton disque dur , et recherche le fichier vdo_326d-6b44.sys que tu trouveras en allant dans le dossier C:\WINDOWS\System32

 

Tu cliques une fois sur le fichier vdo_326d-6b44.sys (il prend une couleur bleue!) puis tu cliques sur "ouvrir" en bas de la fenêtre puis sur "Envoyer le fichier". Le scan de ce fichier va débuter. Tu n'as plus qu'à sélectionner puis copier /coller l'analyse .

Note: les fichiers uploadés sont mis en attente, car le virusscan est sollicité! patiente (un message t'indique le temps que ce prendra pour faire analyser)

 

Il est possible que ce fichier soit caché et que tu ne le vois pas : si c'est le cas, fais au préalable >

 

Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :

Cocher la case : Afficher les fichiers et dossiers cachés

Décocher la case : Masquer les extensions des fichiers dont le type est connu

Décocher la case : Masquer les fichiers protégés du système d'exploitation

cliquer sur "Appliquer"

cliquer sur le bouton "Appliquer à tous les dossiers" / OK

 

Un scan un peu plus poussé comme ceci >

 

Télécharge WinPFind3U.exe sur ton bureau.

• Ouvre le dossier et double clique sur le fichier WinPFind3U.exe pour lancer le programme.
  
• Sous le groupe Files Created Within sélectionne 60 days
  
• Sous le groupe Files Modified Within sélectionne 60 days
  
• Sous le groupe String Search sélectionne Non-Microsoft
  
• Sous le groupe Additional Scans coche les cases >
  Reg- Security Settings
  Reg- Software Policy Settings
  Reg- Additional Folder Scans
  Reg- Desktop Components
  
  
• A présent clique sur le bouton Run Scan dans la barre d'outils
  
• Lorsque le scan est terminé,le bloc-notes s'ouvre et affiche le rapport.
  
• Clique sur le menu "Format" et assure toi que la case "Retour automatique à la ligne" ne soit pas cochée.
  
• Copie/Colle le contenu du rapport dans ta prochaine réponse.
  

@+

[lesandre]

Re,

 

OK pour l'acces sur site Antivirus maintenant

 

MAIS je ne trouve pas le fichier: j'ai meme fait une recherche sur tout le PC et aucune trace de ce fichier vdo_etc...

 

(j'ai bien sur fait apparaitre tous les fichiers en suivant ta procedure)

 

Voici le rapport demande:

 

Merci,

 

Lesandre

 

Rapport WinPFind3:

 

WinPFind3 logfile created on: 23/09/2007 20:51:30

WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\Jean-Christophe\Bureau\WinPFind3u\

Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)

Internet Explorer (Version = 7.0.5730.11)

 

255,48 Mb Total Physical Memory | 46,42 Mb Available Physical Memory | 18,17% Memory free

620,44 Mb Paging File | 219,09 Mb Available in Paging File | 35,31% Paging File free

Paging file location(s): C:\pagefile.sys 384 768;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111,76 Gb Total Space | 20,68 Gb Free Space | 18,50% Space Free

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

 

Computer Name: JCV46

Current User Name: Jean-Christophe

Logged in as Administrator.

Current Boot Mode: Normal

 

 

[Processes - Non-Microsoft Only]

a2service.exe -> %ProgramFiles%\a-squared Free\a2service.exe -> Emsi Software GmbH [Ver = 3.0.0.345 | Size = 217208 bytes | Modified Date = 19/09/2007 12:48:20 | Attr = ]

aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 2 | Size = 566616 bytes | Modified Date = 14/09/2007 21:11:40 | Attr = ]

agent.exe -> %ProgramFiles%\Extrafilm FotoFacil\Agent.exe -> [Ver = 1, 0, 0, 1 | Size = 323584 bytes | Modified Date = 03/10/2006 09:40:34 | Attr = ]

apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.2.0.77764 | Size = 63712 bytes | Modified Date = 09/03/2007 11:09:58 | Attr = ]

ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 79224 bytes | Modified Date = 06/09/2007 12:06:10 | Attr = ]

ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 243064 bytes | Modified Date = 06/09/2007 12:05:42 | Attr = ]

ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 132472 bytes | Modified Date = 06/09/2007 12:06:04 | Attr = ]

ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 345464 bytes | Modified Date = 06/09/2007 12:04:44 | Attr = ]

aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 16248 bytes | Modified Date = 06/09/2007 11:54:58 | Attr = ]

ati2evxx.exe -> %System32%\ati2evxx.exe -> [Ver = | Size = 303104 bytes | Modified Date = 20/07/2003 10:17:50 | Attr = ]

avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 11/06/2007 11:25:42 | Attr = ]

cdac11ba.exe -> %System32%\drivers\CDAC11BA.EXE -> C-Dilla Ltd [Ver = 4.11.050 | Size = 39936 bytes | Modified Date = 02/10/2004 22:11:36 | Attr = ]

ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 13/12/1999 03:01:00 | Attr = ]

disk_monitor.exe -> %ProgramFiles%\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe -> Neodio Corp. [Ver = 1.7.5.617 | Size = 466944 bytes | Modified Date = 18/06/2003 11:57:40 | Attr = ]

dragdiag.exe -> %ProgramFiles%\Thomson\SpeedTouch USB\dragdiag.exe -> THOMSON Telecom Belgium [Ver = 301.0.0.12 | Size = 866816 bytes | Modified Date = 26/01/2004 11:38:38 | Attr = ]

ftrtsvc.exe -> %System32%\FTRTSVC.exe -> France Telecom [Ver = 11.0 (4) | Size = 40960 bytes | Modified Date = 23/08/2004 14:49:56 | Attr = ]

guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 14:31:10 | Attr = ]

ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 4.9.0.17 | Size = 331776 bytes | Modified Date = 24/06/2005 15:16:26 | Attr = ]

ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 4.9.0.17 | Size = 278528 bytes | Modified Date = 24/06/2005 15:16:42 | Attr = ]

jusched.exe -> %ProgramFiles%\Java\j2re1.4.2_05\bin\jusched.exe -> [Ver = | Size = 32881 bytes | Modified Date = 03/06/2004 22:05:08 | Attr = ]

netappel.exe -> %ProgramFiles%\NetAppel\NetAppel.exe -> NetAppel [Ver = 3, 2, 437, 0 | Size = 7145008 bytes | Modified Date = 15/09/2007 13:19:32 | Attr = ]

nsl.exe -> %ProgramFiles%\lotus\notes\nsl.exe -> IBM Corp [Ver = 7.0.00.5226 | Size = 17408 bytes | Modified Date = 15/08/2005 05:40:14 | Attr = ]

nslsvice.exe -> %ProgramFiles%\lotus\notes\nslsvice.exe -> IBM Corp [Ver = 7.0.00.5226 | Size = 7680 bytes | Modified Date = 15/08/2005 05:40:14 | Attr = ]

printer.exe -> %System32%\printer.exe -> [Ver = | Size = 7680 bytes | Modified Date = 13/09/2007 11:06:42 | Attr = ]

qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 06/08/2005 21:12:02 | Attr = ]

quickdcf.exe -> %ProgramFiles%\FinePixViewer\QuickDCF.exe -> FUJI PHOTO FILM CO., LTD. [Ver = 5, 0, 0, 2 | Size = 282624 bytes | Modified Date = 05/04/2005 18:01:36 | Attr = ]

realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 11/10/2004 22:02:38 | Attr = ]

soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.10 | Size = 57344 bytes | Modified Date = 23/09/2003 09:09:00 | Attr = ]

vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 75304 bytes | Modified Date = 21/06/2007 21:54:46 | Attr = ]

winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 04/09/2007 10:47:26 | Attr = ]

zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 919016 bytes | Modified Date = 21/06/2007 21:54:46 | Attr = ]

 

[Win32 Services - Non-Microsoft Only]

(a2free) a-squared Free Service [Win32_Own | Auto | Running] -> %ProgramFiles%\a-squared Free\a2service.exe -> Emsi Software GmbH [Ver = 3.0.0.345 | Size = 217208 bytes | Modified Date = 19/09/2007 12:48:20 | Attr = ]

(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 2 | Size = 566616 bytes | Modified Date = 14/09/2007 21:11:40 | Attr = ]

(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 16248 bytes | Modified Date = 06/09/2007 11:54:58 | Attr = ]

(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> [Ver = | Size = 303104 bytes | Modified Date = 20/07/2003 10:17:50 | Attr = ]

(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 132472 bytes | Modified Date = 06/09/2007 12:06:04 | Attr = ]

(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 243064 bytes | Modified Date = 06/09/2007 12:05:42 | Attr = ]

(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 345464 bytes | Modified Date = 06/09/2007 12:04:44 | Attr = ]

(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 14:31:10 | Attr = ]

(awhost32) Service Elève pcAnywhere [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\pcAnywhere\awhost32.exe -> Symantec Corporation [Ver = 11.0.0.730 | Size = 106496 bytes | Modified Date = 29/05/2003 11:00:00 | Attr = ]

(C-DillaCdaC11BA) C-DillaCdaC11BA [Win32_Own | Auto | Running] -> %System32%\drivers\CDAC11BA.EXE -> C-Dilla Ltd [Ver = 4.11.050 | Size = 39936 bytes | Modified Date = 02/10/2004 22:11:36 | Attr = ]

(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 13/12/1999 03:01:00 | Attr = ]

(dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 20/08/2004 01:09:52 | Attr = ]

(FTRTSVC) France Telecom Routing Table Service [Win32_Own | Auto | Running] -> %System32%\FTRTSVC.exe -> France Telecom [Ver = 11.0 (4) | Size = 40960 bytes | Modified Date = 23/08/2004 14:49:56 | Attr = ]

(iPodService) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 4.9.0.17 | Size = 331776 bytes | Modified Date = 24/06/2005 15:16:26 | Attr = ]

(Lotus Notes Single Logon) Lotus Notes Single Logon [Win32_Own | Auto | Running] -> %ProgramFiles%\lotus\notes\nslsvice.exe -> IBM Corp [Ver = 7.0.00.5226 | Size = 7680 bytes | Modified Date = 15/08/2005 05:40:14 | Attr = ]

(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 75304 bytes | Modified Date = 21/06/2007 21:54:46 | Attr = ]

 

[Registry - Non-Microsoft Only]

< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->

!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 11/06/2007 11:25:42 | Attr = ]

Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.2.0.77764 | Size = 63712 bytes | Modified Date = 09/03/2007 11:09:58 | Attr = ]

Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 11/05/2007 03:06:32 | Attr = ]

avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 79224 bytes | Modified Date = 06/09/2007 12:06:10 | Attr = ]

Disk Monitor -> %ProgramFiles%\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe -> Neodio Corp. [Ver = 1.7.5.617 | Size = 466944 bytes | Modified Date = 18/06/2003 11:57:40 | Attr = ]

ExtraFilmHemmaAgent -> %ProgramFiles%\Extrafilm FotoFacil\Agent.exe -> [Ver = 1, 0, 0, 1 | Size = 323584 bytes | Modified Date = 03/10/2006 09:40:34 | Attr = ]

iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 4.9.0.17 | Size = 278528 bytes | Modified Date = 24/06/2005 15:16:42 | Attr = ]

QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 06/08/2005 21:12:02 | Attr = ]

REGSHAVE -> %ProgramFiles%\REGSHAVE\REGSHAVE.EXE -> FUJI PHOTO FILM CO., LTD. [Ver = 3.0.0.4 | Size = 53248 bytes | Modified Date = 04/02/2002 22:32:10 | Attr = ]

SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.10 | Size = 57344 bytes | Modified Date = 23/09/2003 09:09:00 | Attr = ]

SpeedTouch USB Diagnostics -> %ProgramFiles%\Thomson\SpeedTouch USB\dragdiag.exe -> THOMSON Telecom Belgium [Ver = 301.0.0.12 | Size = 866816 bytes | Modified Date = 26/01/2004 11:38:38 | Attr = ]

SunJavaUpdateSched -> %ProgramFiles%\Java\j2re1.4.2_05\bin\jusched.exe -> [Ver = | Size = 32881 bytes | Modified Date = 03/06/2004 22:05:08 | Attr = ]

TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 11/10/2004 22:02:38 | Attr = ]

WinAVX -> %System32%\WinAvXX.exe -> [Ver = | Size = 7680 bytes | Modified Date = 13/09/2007 11:06:42 | Attr = ]

ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 919016 bytes | Modified Date = 21/06/2007 21:54:46 | Attr = ]

< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->

IMAIL -> Installed = 1 ->

MAPI -> Installed = 1 ->

MSFS -> Installed = 1 ->

< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->

NetAppel -> %ProgramFiles%\NetAppel\NetAppel.exe -> NetAppel [Ver = 3, 2, 437, 0 | Size = 7145008 bytes | Modified Date = 15/09/2007 13:19:32 | Attr = ]

WinAVX -> %System32%\WinAvXX.exe -> [Ver = | Size = 7680 bytes | Modified Date = 13/09/2007 11:06:42 | Attr = ]

< Common Startup > -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage ->

-> %AllUsersStartup%\autorun.exe -> [Ver = | Size = 7680 bytes | Modified Date = 13/09/2007 11:06:42 | Attr = ]

%AllUsersStartup%\Exif Launcher.lnk -> %ProgramFiles%\FinePixViewer\QuickDCF.exe -> FUJI PHOTO FILM CO., LTD. [Ver = 5, 0, 0, 2 | Size = 282624 bytes | Modified Date = 05/04/2005 18:01:36 | Attr = ]

< User Startup > -> C:\Documents and Settings\Jean-Christophe\Menu Démarrer\Programmes\Démarrage ->

-> %UserStartup%\system.exe -> [Ver = | Size = 7680 bytes | Modified Date = 13/09/2007 11:06:42 | Attr = ]

< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->

< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->

{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 30/05/2007 14:29:58 | Attr = ]

< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->

< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->

*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->

C:\WINDOWS\system32\printer.exe -> %System32%\printer.exe -> [Ver = | Size = 7680 bytes | Modified Date = 13/09/2007 11:06:42 | Attr = ]

< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->

< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->

PCANotify -> %System32%\PCANotify.dll -> Symantec Corporation [Ver = 11.0.0.730 | Size = 8704 bytes | Modified Date = 29/05/2003 11:00:00 | Attr = ]

< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoDriveAutoRun -> 67108863 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoDriveTypeAutoRun -> 255 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoControlPanel -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\RUN\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\UNINSTALL\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WINDOWSUPDATE\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp\ -> ->

< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoDriveTypeAutoRun -> 145 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoControlPanel -> 1 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\\NoWindowsUpdate -> 1 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\DISALLOWCPL\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\DISALLOWRUN\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\RESTRICTCPL\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\RESTRICTRUN\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXPLORER\RUN\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 1 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 1 ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\UNINSTALL\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WINDOWSUPDATE\ -> ->

< HOSTS File > (698 bytes) -> C:\WINDOWS\SYSTEM32\Drivers\etc\hosts ->

127.0.0.1 localhost -> ->

< Internet Explorer Settings > -> ->

HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->

HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->

HKLM: Local Page -> C:\windows\system32\blank.htm ->

HKLM: Search Page -> http://www.google.com ->

HKLM: Start Page -> http://www.google.com ->

HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->

HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->

HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->

HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->

HKCU: Local Page -> C:\windows\system32\blank.htm ->

HKCU: Search Bar -> http://www.google.com/ie ->

HKCU: Search Page -> http://www.google.com ->

HKCU: Start Page -> http://www.google.com ->

HKCU: ProxyEnable -> 0 ->

< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->

msn.com [ - ] -> ->

< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->

{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found

< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->

WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found

< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Data - Key not found [MenuText: Console Java (Sun)] -> File not found

{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found

< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->

E&xporter vers Microsoft Excel -> -> File not found

< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->

Wanadoo 6.2 -> IEAKFT ->

< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->

{73767719-2D51-49BC-A421-5C2F73651A61} -> (Carte réseau 1394) ->

{81260026-7663-40F1-88CE-7C27A0FBAA76} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->

{8D0D86C8-075B-488D-A3C0-F7CA1E023D02} -> () ->

< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->

ipp -> Reg Data - Key not found -> File not found

msdaipp -> Reg Data - Key not found -> File not found

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->

{09C21411-B9A2-4DE6-8416-4E3B58577BE0} -> France Telecom MDM ActiveX Control - CodeBase = http://minitelweb.minitel.com/imin_data/ocx/MDM.cab ->

{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwa...director/sw.cab ->

{193C772A-87BE-4B19-A7BB-445B226FE9A1} -> ewidoOnlineScan Control - CodeBase = http://downloads.ewido.net/ewidoOnlineScan.cab ->

{2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} -> Contrôleur de DownloadManager - CodeBase = http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.0.8.cab ->

{6E5E167B-1566-4316-B27F-0DDAB3484CF7} -> Image Uploader Control - CodeBase = http://webalbum.foto.com/NewUploader/ImageUploader4.cab ->

{74D05D43-3236-11D4-BDCD-00C04F9A3B61} -> HouseCall Control - CodeBase = http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab ->

{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.4.2_05 - CodeBase = http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab ->

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -> - CodeBase = http://fpdownload.macromedia.com/get/shock...h/ultrashim.cab ->

{A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} -> - CodeBase = http://www.extrafilm.fr/net/import/ImageUploader3.cab ->

{AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} -> IPSUploader4 Control - CodeBase = http://photoservice.fujicolor.de/ips-opdat...PSUploader4.cab ->

{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_05 - CodeBase = http://java.sun.com/products/plugin/autodl...indows-i586.cab ->

{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> get_atlcom Class - CodeBase = http://www.adobe.com/products/acrobat/nos/gp.cab ->

{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab ->

{E56347B0-6C2B-4C2E-939F-EE513EAC80BC} -> Creative Product Registration ActiveX Control Module - CodeBase = http://www.creative.com/register/OCXs/CtORWebClientNoMFC.cab ->

{FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} -> - CodeBase = http://webalbum.foto.com/FUploader/SpeedUploader.cab ->

 

 

[Registry - Additional Scans - Non-Microsoft Only]

< Security Settings > -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 3 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Service de transfert intelligent en arrière-plan ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> Rpcss; ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfère des fichiers en tâche de fond en utilisant la bande passante du réseau lors de ses périodes d'inactivité. Si le service est arrêté, des fonctionnalités telles que Windows Update et MSN Explorer ne pourront plus télécharger automatiquement des programmes et d'autres informations. Si ce service est désactivé, tous les services qui en dépendent explicitement peuvent présenter des problèmes de transfert de fichiers s'ils ne disposent pas d'un mécanisme sûr de remplacement pour transférer les fichier ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> Root\LEGACY_BITS00 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Pare-feu Windows / Partage de connexion Internet ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique. ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 900 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\i\ -> ->

Key not found -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{5D80C184-559B-435E-B9DF-EA7D94A5FEAF} -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{24806EA2-17C2-4B00-AE47-907EE1F089D9} -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{73767719-2D51-49BC-A421-5C2F73651A61} -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{81260026-7663-40F1-88CE-7C27A0FBAA76} -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{75B9B6C6-B242-4771-972D-530855D339B1} -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{CF3CE4F0-8E80-461F-BEBB-EF6C76682295} -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{3DEF0CBF-036D-4D0D-BC8D-AB892F547E4D} -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{7D7500E7-A627-458E-B822-2CF005B4C626} -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> Root\LEGACY_SHAREDACCESS00 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Mises à jour automatiques ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Active le téléchargement et l'installation de mises à jour Windows critiques. Si le service est désactivé, le système d'exploitation peut être mis à jour manuellement sur le site Web de Windows Update. ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> Root\LEGACY_WUAUSERV00 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->

< Software Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\\tWhiteList -> Close|GeneralInfo|Quit|FirstPage|PrevPage|NextPage|LastPage|ActualSize|FitPage|FitWidth|FitHeight|SinglePage|OneColumn|TwoPages|TwoColumns|ZoomViewIn|ZoomViewOut|ShowHideBookmarks|ShowHideThumbnails|Print|GoToPage|ZoomTo|GeneralPrefs|SaveAs|FullScreen|OpenOrganizer|Scan|Web2PDF:OpnURL|AcroSendMail:SendMail|Spelling:Check Spelling|PageSetup|Find|FindSearch|GoBack|GoForward|FitVisible|ShowHideToolbarEditing|ShowHideToolbarCommenting|ShowHideToolbarEdit|ShowHideToolbarFile|ShowHideToolbarFind|ShowHideToolbarForms|ShowHideToolbarMeasuring|ShowHideToolbarData|ShowHideToolbarPageDisplay|ShowHideToolbarNavigation|ShowHideToolbarPrintProduction|ShowHideToolbarRedaction|ShowHideToolbarBasicTools|ShowHideToolbarTasks|ShowHideToolbarTypewriter|PropertyToolbar|ShowHideArticles|ShowHideFileAttachment|ShowHideAnnotManager|ShowHideFields|ShowHideOptCont|ShowHideModelTree|ShowHideSignatures|InsertPages|ExtractPages|ReplacePages|DeletePages|CropPages|RotatePages|AddFileAttachment|FindCurrentBookmark|BookmarkShowLocation|GoBackDoc|GoForwardDoc|HelpUserGuide|HelpReader ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\\tBuiltInPermList -> version:1|.ade:3|.adp:3|.app:3|.asp:3|.bas:3|.bat:3|.bz:3|.bz2:3|.chm:3|.class:3|.cmd:3|.com:3|.command:3|.cpl:3|.crt:3|.csh:3|.desktop:3|.exe:3|.fxp:3|.gz:3|.hex:3|.hlp:3|.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|.js:3|.jse:3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|.mau:3|.mav:3|.maw:3|.mda:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|.mst:3|.ocx:3|.ops:3|.pcd:3|.pi:3|.pif:3|.prf:3|.prg:3|.pst:3|.rar:3|.reg:3|.scf:3|.scr:3|.sct:3|.sea:3|.shb:3|.shs:3|.sit:3|.tar:3|.tgz:3|.tmp:3|.url:3|.vb:3|.vbe:3|.vbs:3|.vsmacros:3|.vss:3|.vst:3|.vsw:3|.webloc:3|.ws:3|.wsc:3|.wsf:3|.wsh:3|.zip:3|.zlo:3|.zoo:3|.pdf:2|.fdf:2 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\\tSchemePerms -> version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> ADE;ADP;BAS;BAT;CHM;CMD;COM;CPL;CRT;EXE;HLP;HTA;INF;INS;ISP;LNK;MDB;MDE;MSC;MSI;MSP;MST;OCX;PCD;PIF;REG;SCR;SHS;URL;VB;WSC; ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> ^«0O•zI‰j

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> ; ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> g°Ô‹4:?Ó¼éÜdgó” ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> ; ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> 2xÜþøÈ“ÜŠ°Ý„} ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> –; ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> ½š*ÛBëØV%Mø/g ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> å; ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> 8k_„ìöiÓk•j"À€ ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> r; ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> ->

< Software Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ ->

HKEY_CURRENT_USER\Software\Policies\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AppCompat\ -> ->

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\ -> ->

 

[Files/Folders - Created Within 60 days]

hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 267964416 bytes | Created Date = 02/01/1601 23:00:00 | Attr = HS]

FOUND.000 -> %SystemDrive%\FOUND.000 -> [Folder | Created Date = 29/07/2007 15:25:24 | Attr = HS]

FOUND.001 -> %SystemDrive%\FOUND.001 -> [Folder | Created Date = 29/07/2007 15:25:24 | Attr = HS]

FOUND.002 -> %SystemDrive%\FOUND.002 -> [Folder | Created Date = 29/07/2007 15:25:24 | Attr = HS]

FOUND.003 -> %SystemDrive%\FOUND.003 -> [Folder | Created Date = 29/07/2007 16:38:38 | Attr = HS]

FOUND.004 -> %SystemDrive%\FOUND.004 -> [Folder | Created Date = 29/07/2007 16:55:14 | Attr = HS]

SmitfraudFix.exe -> %SystemDrive%\SmitfraudFix.exe -> [Ver = | Size = 883694 bytes | Created Date = 18/09/2007 22:31:19 | Attr = ]

SmitfraudFix -> %SystemDrive%\SmitfraudFix -> [Folder | Created Date = 18/09/2007 22:08:11 | Attr = ]

ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 23/09/2007 07:54:33 | Attr = ]

qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 20/09/2007 20:19:26 | Attr = ]

catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 109056 bytes | Created Date = 20/09/2007 20:19:12 | Attr = ]

PATCH.EXE -> %SystemRoot%\PATCH.EXE -> Trend Micro Inc. [Ver = 1,81,0,1011 | Size = 286720 bytes | Created Date = 19/09/2007 06:23:15 | Attr = ]

UNZIP.DLL -> %SystemRoot%\UNZIP.DLL -> Trend Micro Inc. [Ver = 1.32.0.1000 | Size = 69689 bytes | Created Date = 19/09/2007 06:23:15 | Attr = ]

EHome -> %SystemRoot%\EHome -> [Folder | Created Date = 30/07/2007 12:48:56 | Attr = ]

NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 20/09/2007 20:19:12 | Attr = ]

erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 20/09/2007 20:20:45 | Attr = ]

Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Created Date = 22/09/2007 18:17:54 | Attr = ]

zllsputility.exe -> %SystemRoot%\zllsputility.exe -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 75248 bytes | Created Date = 22/09/2007 18:19:50 | Attr = ]

zllsputility_loc040c.dll -> %SystemRoot%\zllsputility_loc040c.dll -> Zone Labs Inc. [Ver = 5.3.017.000 | Size = 42384 bytes | Created Date = 22/09/2007 18:19:58 | Attr = ]

TMUPDATE.DLL -> %SystemRoot%\TMUPDATE.DLL -> Trend Micro Inc. [Ver = 1,81,0,1011 | Size = 507904 bytes | Created Date = 19/09/2007 06:23:16 | Attr = ]

mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1268 bytes | Created Date = 01/09/2007 14:57:36 | Attr = ]

nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Created Date = 21/08/2007 19:28:54 | Attr = ]

$NtUninstallKB914388_0$ -> %SystemRoot%\$NtUninstallKB914388_0$ -> [Folder | Created Date = 30/07/2007 12:15:48 | Attr = H ]

$NtUninstallKB921883_0$ -> %SystemRoot%\$NtUninstallKB921883_0$ -> [Folder | Created Date = 30/07/2007 12:16:31 | Attr = H ]

peernet -> %SystemRoot%\peernet -> [Folder | Created Date = 30/07/2007 12:58:22 | Attr = ]

$NtUninstallKB917422_0$ -> %SystemRoot%\$NtUninstallKB917422_0$ -> [Folder | Created Date = 30/07/2007 12:17:21 | Attr = H ]

$NtUninstallKB920670_0$ -> %SystemRoot%\$NtUninstallKB920670_0$ -> [Folder | Created Date = 30/07/2007 12:18:14 | Attr = H ]

$NtUninstallKB920683_0$ -> %SystemRoot%\$NtUninstallKB920683_0$ -> [Folder | Created Date = 30/07/2007 12:19:03 | Attr = H ]

$NtUninstallKB921398_0$ -> %SystemRoot%\$NtUninstallKB921398_0$ -> [Folder | Created Date = 30/07/2007 12:20:08 | Attr = H ]

$NtUninstallKB922616_0$ -> %SystemRoot%\$NtUninstallKB922616_0$ -> [Folder | Created Date = 30/07/2007 12:21:20 | Attr = H ]

$NtUninstallKB919007_0$ -> %SystemRoot%\$NtUninstallKB919007_0$ -> [Folder | Created Date = 30/07/2007 12:22:04 | Attr = H ]

$NtUninstallKB920685_0$ -> %SystemRoot%\$NtUninstallKB920685_0$ -> [Folder | Created Date = 30/07/2007 12:22:57 | Attr = H ]

$NtUninstallKB918899-IE6SP1-20060725.123917$ -> %SystemRoot%\$NtUninstallKB918899-IE6SP1-20060725.123917$ -> [Folder | Created Date = 30/07/2007 12:24:02 | Attr = H ]

$NtUninstallKB925486-IE6SP1-20060918.120000$ -> %SystemRoot%\$NtUninstallKB925486-IE6SP1-20060918.120000$ -> [Folder | Created Date = 30/07/2007 12:24:59 | Attr = H ]

$NtUninstallKB923414_0$ -> %SystemRoot%\$NtUninstallKB923414_0$ -> [Folder | Created Date = 30/07/2007 12:26:02 | Attr = H ]

$NtUninstallKB924496_0$ -> %SystemRoot%\$NtUninstallKB924496_0$ -> [Folder | Created Date = 30/07/2007 12:27:03 | Attr = H ]

$NtUninstallKB923191_0$ -> %SystemRoot%\$NtUninstallKB923191_0$ -> [Folder | Created Date = 30/07/2007 12:28:24 | Attr = H ]

$NtUninstallKB924191_0$ -> %SystemRoot%\$NtUninstallKB924191_0$ -> [Folder | Created Date = 30/07/2007 12:29:42 | Attr = H ]

$NtUninstallKB922819_0$ -> %SystemRoot%\$NtUninstallKB922819_0$ -> [Folder | Created Date = 30/07/2007 12:30:44 | Attr = H ]

$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Created Date = 30/07/2007 12:49:00 | Attr = H ]

Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 30/07/2007 13:38:08 | Attr = ]

ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Created Date = 30/07/2007 12:56:10 | Attr = ]

provisioning -> %SystemRoot%\provisioning -> [Folder | Created Date = 30/07/2007 12:58:19 | Attr = ]

$NtUninstallKB902400$ -> %SystemRoot%\$NtUninstallKB902400$ -> [Folder | Created Date = 30/07/2007 13:02:36 | Attr = H ]

$NtUninstallKB896423$ -> %SystemRoot%\$NtUninstallKB896423$ -> [Folder | Created Date = 30/07/2007 13:03:34 | Attr = H ]

$NtUninstallKB890859$ -> %SystemRoot%\$NtUninstallKB890859$ -> [Folder | Created Date = 30/07/2007 13:04:13 | Attr = H ]

$NtUninstallKB908519$ -> %SystemRoot%\$NtUninstallKB908519$ -> [Folder | Created Date = 30/07/2007 13:04:58 | Attr = H ]

$NtUninstallKB896428$ -> %SystemRoot%\$NtUninstallKB896428$ -> [Folder | Created Date = 30/07/2007 13:05:40 | Attr = H ]

$NtUninstallKB905749$ -> %SystemRoot%\$NtUninstallKB905749$ -> [Folder | Created Date = 30/07/2007 13:06:18 | Attr = H ]

$NtUninstallKB912919$ -> %SystemRoot%\$NtUninstallKB912919$ -> [Folder | Created Date = 30/07/2007 13:06:56 | Attr = H ]

$NtUninstallKB900725$ -> %SystemRoot%\$NtUninstallKB900725$ -> [Folder | Created Date = 30/07/2007 13:07:34 | Attr = H ]

$NtUninstallKB888302$ -> %SystemRoot%\$NtUninstallKB888302$ -> [Folder | Created Date = 30/07/2007 13:08:16 | Attr = H ]

$NtUninstallKB901214$ -> %SystemRoot%\$NtUninstallKB901214$ -> [Folder | Created Date = 30/07/2007 13:08:53 | Attr = H ]

$NtUninstallKB905414$ -> %SystemRoot%\$NtUninstallKB905414$ -> [Folder | Created Date = 30/07/2007 13:09:32 | Attr = H ]

$NtUninstallKB890046$ -> %SystemRoot%\$NtUninstallKB890046$ -> [Folder | Created Date = 30/07/2007 13:10:09 | Attr = H ]

$NtUninstallKB891781$ -> %SystemRoot%\$NtUninstallKB891781$ -> [Folder | Created Date = 30/07/2007 13:10:49 | Attr = H ]

$NtUninstallKB896358$ -> %SystemRoot%\$NtUninstallKB896358$ -> [Folder | Created Date = 30/07/2007 13:11:28 | Attr = H ]

$NtUninstallKB888113$ -> %SystemRoot%\$NtUninstallKB888113$ -> [Folder | Created Date = 30/07/2007 13:12:07 | Attr = H ]

$NtUninstallKB873339$ -> %SystemRoot%\$NtUninstallKB873339$ -> [Folder | Created Date = 30/07/2007 13:12:53 | Attr = H ]

$NtUninstallKB893756$ -> %SystemRoot%\$NtUninstallKB893756$ -> [Folder | Created Date = 30/07/2007 13:13:31 | Attr = H ]

$NtUninstallKB896424$ -> %SystemRoot%\$NtUninstallKB896424$ -> [Folder | Created Date = 30/07/2007 13:14:10 | Attr = H ]

$NtUninstallKB899591$ -> %SystemRoot%\$NtUninstallKB899591$ -> [Folder | Created Date = 30/07/2007 13:14:49 | Attr = H ]

$NtUninstallKB901017$ -> %SystemRoot%\$NtUninstallKB901017$ -> [Folder | Created Date = 30/07/2007 13:15:27 | Attr = H ]

$NtUninstallKB911927$ -> %SystemRoot%\$NtUninstallKB911927$ -> [Folder | Created Date = 30/07/2007 13:16:08 | Attr = H ]

$NtUninstallKB885836$ -> %SystemRoot%\$NtUninstallKB885836$ -> [Folder | Created Date = 30/07/2007 13:16:49 | Attr = H ]

$NtUninstallKB885835$ -> %SystemRoot%\$NtUninstallKB885835$ -> [Folder | Created Date = 30/07/2007 13:17:26 | Attr = H ]

$NtUninstallKB896422$ -> %SystemRoot%\$NtUninstallKB896422$ -> [Folder | Created Date = 30/07/2007 13:18:05 | Attr = H ]

$NtUninstallKB899587$ -> %SystemRoot%\$NtUninstallKB899587$ -> [Folder | Created Date = 30/07/2007 13:18:43 | Attr = H ]

$NtUninstallKB911562$ -> %SystemRoot%\$NtUninstallKB911562$ -> [Folder | Created Date = 30/07/2007 13:19:22 | Attr = H ]

$NtUninstallKB908531$ -> %SystemRoot%\$NtUninstallKB908531$ -> [Folder | Created Date = 30/07/2007 13:20:01 | Attr = H ]

$NtUninstallKB913580$ -> %SystemRoot%\$NtUninstallKB913580$ -> [Folder | Created Date = 30/07/2007 13:20:45 | Attr = H ]

$NtUninstallKB914389$ -> %SystemRoot%\$NtUninstallKB914389$ -> [Folder | Created Date = 30/07/2007 13:21:26 | Attr = H ]

$NtUninstallKB917953$ -> %SystemRoot%\$NtUninstallKB917953$ -> [Folder | Created Date = 30/07/2007 13:22:08 | Attr = H ]

$NtUninstallKB917344$ -> %SystemRoot%\$NtUninstallKB917344$ -> [Folder | Created Date = 30/07/2007 13:22:50 | Attr = H ]

$NtUninstallKB911280$ -> %SystemRoot%\$NtUninstallKB911280$ -> [Folder | Created Date = 30/07/2007 13:23:34 | Attr = H ]

$NtUninstallKB910437$ -> %SystemRoot%\$NtUninstallKB910437$ -> [Folder | Created Date = 30/07/2007 13:24:15 | Attr = H ]

$NtUninstallKB914388$ -> %SystemRoot%\$NtUninstallKB914388$ -> [Folder | Created Date = 30/07/2007 13:24:55 | Attr = H ]

$NtUninstallKB921883$ -> %SystemRoot%\$NtUninstallKB921883$ -> [Folder | Created Date = 30/07/2007 13:25:36 | Attr = H ]

$NtUninstallKB920683$ -> %SystemRoot%\$NtUninstallKB920683$ -> [Folder | Created Date = 30/07/2007 13:26:19 | Attr = H ]

$NtUninstallKB917422$ -> %SystemRoot%\$NtUninstallKB917422$ -> [Folder | Created Date = 30/07/2007 13:27:02 | Attr = H ]

$NtUninstallKB920670$ -> %SystemRoot%\$NtUninstallKB920670$ -> [Folder | Created Date = 30/07/2007 13:27:43 | Attr = H ]

$NtUninstallKB921398$ -> %SystemRoot%\$NtUninstallKB921398$ -> [Folder | Created Date = 30/07/2007 13:28:22 | Attr = H ]

$NtUninstallKB922616$ -> %SystemRoot%\$NtUninstallKB922616$ -> [Folder | Created Date = 30/07/2007 13:29:05 | Attr = H ]

$NtUninstallKB919007$ -> %SystemRoot%\$NtUninstallKB919007$ -> [Folder | Created Date = 30/07/2007 13:29:45 | Attr = H ]

$NtUninstallKB920685$ -> %SystemRoot%\$NtUninstallKB920685$ -> [Folder | Created Date = 30/07/2007 13:30:27 | Attr = H ]

$NtUninstallKB923191$ -> %SystemRoot%\$NtUninstallKB923191$ -> [Folder | Created Date = 30/07/2007 13:31:12 | Attr = H ]

$NtUninstallKB924496$ -> %SystemRoot%\$NtUninstallKB924496$ -> [Folder | Created Date = 30/07/2007 13:31:53 | Attr = H ]

$NtUninstallKB923414$ -> %SystemRoot%\$NtUninstallKB923414$ -> [Folder | Created Date = 30/07/2007 13:32:33 | Attr = H ]

$NtUninstallKB922819$ -> %SystemRoot%\$NtUninstallKB922819$ -> [Folder | Created Date = 30/07/2007 13:33:14 | Attr = H ]

$NtUninstallKB924191$ -> %SystemRoot%\$NtUninstallKB924191$ -> [Folder | Created Date = 30/07/2007 13:33:55 | Attr = H ]

ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 31/07/2007 20:45:42 | Attr = ]

$NtUninstallKB885884$ -> %SystemRoot%\$NtUninstallKB885884$ -> [Folder | Created Date = 30/07/2007 14:04:16 | Attr = H ]

$NtUninstallKB886185$ -> %SystemRoot%\$NtUninstallKB886185$ -> [Folder | Created Date = 30/07/2007 14:04:23 | Attr = H ]

$NtUninstallKB887472$ -> %SystemRoot%\$NtUninstallKB887472$ -> [Folder | Created Date = 30/07/2007 14:04:27 | Attr = H ]

$NtUninstallKB900485$ -> %SystemRoot%\$NtUninstallKB900485$ -> [Folder | Created Date = 30/07/2007 14:04:42 | Attr = H ]

$NtUninstallKB922582$ -> %SystemRoot%\$NtUninstallKB922582$ -> [Folder | Created Date = 30/07/2007 14:04:49 | Attr = H ]

$NtUninstallKB916595$ -> %SystemRoot%\$NtUninstallKB916595$ -> [Folder | Created Date = 30/07/2007 14:04:53 | Attr = H ]

$NtUninstallKB920872$ -> %SystemRoot%\$NtUninstallKB920872$ -> [Folder | Created Date = 30/07/2007 14:05:00 | Attr = H ]

$NtUninstallKB924270$ -> %SystemRoot%\$NtUninstallKB924270$ -> [Folder | Created Date = 30/07/2007 14:05:05 | Attr = H ]

$NtUninstallKB923980$ -> %SystemRoot%\$NtUninstallKB923980$ -> [Folder | Created Date = 30/07/2007 14:05:10 | Attr = H ]

$NtUninstallKB926255$ -> %SystemRoot%\$NtUninstallKB926255$ -> [Folder | Created Date = 30/07/2007 14:05:14 | Attr = H ]

$NtUninstallKB929969$ -> %SystemRoot%\$NtUninstallKB929969$ -> [Folder | Created Date = 30/07/2007 14:05:18 | Attr = H ]

$NtUninstallKB928255$ -> %SystemRoot%\$NtUninstallKB928255$ -> [Folder | Created Date = 30/07/2007 14:05:23 | Attr = H ]

$NtUninstallKB928843$ -> %SystemRoot%\$NtUninstallKB928843$ -> [Folder | Created Date = 30/07/2007 14:05:31 | Attr = H ]

$NtUninstallKB927802$ -> %SystemRoot%\$NtUninstallKB927802$ -> [Folder | Created Date = 30/07/2007 14:05:36 | Attr = H ]

$NtUninstallKB924667$ -> %SystemRoot%\$NtUninstallKB924667$ -> [Folder | Created Date = 30/07/2007 14:05:40 | Attr = H ]

$NtUninstallKB927779$ -> %SystemRoot%\$NtUninstallKB927779$ -> [Folder | Created Date = 30/07/2007 14:05:45 | Attr = H ]

$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Created Date = 30/07/2007 14:05:50 | Attr = H ]

$NtUninstallKB926436$ -> %SystemRoot%\$NtUninstallKB926436$ -> [Folder | Created Date = 30/07/2007 14:05:55 | Attr = H ]

$NtUninstallKB931836$ -> %SystemRoot%\$NtUninstallKB931836$ -> [Folder | Created Date = 30/07/2007 14:06:00 | Attr = H ]

$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Created Date = 30/07/2007 14:06:05 | Attr = H ]

$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Created Date = 30/07/2007 14:06:11 | Attr = H ]

$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Created Date = 30/07/2007 14:06:19 | Attr = H ]

$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Created Date = 30/07/2007 14:06:23 | Attr = H ]

$NtUninstallKB904942$ -> %SystemRoot%\$NtUninstallKB904942$ -> [Folder | Created Date = 30/07/2007 14:10:39 | Attr = H ]

$NtUninstallKB914440$ -> %SystemRoot%\$NtUninstallKB914440$ -> [Folder | Created Date = 30/07/2007 14:10:46 | Attr = H ]

network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 30/07/2007 14:10:48 | Attr = ]

$NtUninstallKB915865$ -> %SystemRoot%\$NtUninstallKB915865$ -> [Folder | Created Date = 30/07/2007 14:11:49 | Attr = H ]

$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 30/07/2007 14:12:16 | Attr = H ]

$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 30/07/2007 14:12:39 | Attr = H ]

ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 30/07/2007 14:12:55 | Attr = H ]

WBEM -> %SystemRoot%\WBEM -> [Folder | Created Date = 30/07/2007 14:14:12 | Attr = ]

$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Created Date = 30/07/2007 14:14:47 | Attr = H ]

$NtUninstallKB920213$ -> %SystemRoot%\$NtUninstallKB920213$ -> [Folder | Created Date = 30/07/2007 14:14:51 | Attr = H ]

$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Created Date = 30/07/2007 14:14:56 | Attr = H ]

$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Created Date = 30/07/2007 14:15:01 | Attr = H ]

$NtUninstallKB933566$ -> %SystemRoot%\$NtUninstallKB933566$ -> [Folder | Created Date = 30/07/2007 14:15:09 | Attr = H ]

$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Created Date = 30/07/2007 14:15:17 | Attr = H ]

$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Created Date = 30/07/2007 14:15:22 | Attr = H ]

$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Created Date = 30/07/2007 14:15:27 | Attr = H ]

$NtUninstallKB925398_WMP64$ -> %SystemRoot%\$NtUninstallKB925398_WMP64$ -> [Folder | Created Date = 30/07/2007 14:15:49 | Attr = H ]

$NtUninstallKB923689$ -> %SystemRoot%\$NtUninstallKB923689$ -> [Folder | Created Date = 30/07/2007 14:16:03 | Attr = H ]

$NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Created Date = 30/08/2007 21:47:55 | Attr = H ]

$NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Created Date = 30/08/2007 21:49:09 | Attr = H ]

$NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Created Date = 30/08/2007 21:49:13 | Attr = H ]

$NtUninstallKB936782_WMP9$ -> %SystemRoot%\$NtUninstallKB936782_WMP9$ -> [Folder | Created Date = 30/08/2007 21:49:35 | Attr = H ]

$NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Created Date = 30/08/2007 21:49:41 | Attr = H ]

$NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Created Date = 30/08/2007 21:49:46 | Attr = H ]

AU_Log -> %SystemRoot%\AU_Log -> [Folder | Created Date = 19/09/2007 06:23:22 | Attr = ]

AU_Temp -> %SystemRoot%\AU_Temp -> [Folder | Created Date = 19/09/2007 06:23:23 | Attr = ]

GetServer.ini -> %SystemRoot%\GetServer.ini -> [Ver = | Size = 170 bytes | Created Date = 19/09/2007 06:23:23 | Attr = ]

VPTNFILE.725 -> %SystemRoot%\VPTNFILE.725 -> [Ver = | Size = 37727661 bytes | Created Date = 19/09/2007 06:25:25 | Attr = ]

BPMNT.dll -> %SystemRoot%\BPMNT.dll -> Trend Micro Inc. [Ver = 8.000-1001 | Size = 86094 bytes | Created Date = 19/09/2007 06:25:31 | Attr = ]

vsapi32.dll -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 8.500-1002 | Size = 1163344 bytes | Created Date = 19/09/2007 06:25:31 | Attr = ]

hcextoutput.dll -> %SystemRoot%\hcextoutput.dll -> [Ver = | Size = 71749 bytes | Created Date = 19/09/2007 06:25:31 | Attr = ]

tsc.exe -> %SystemRoot%\tsc.exe -> Trend Micro Inc. [Ver = 5.3.0.1103 | Size = 267845 bytes | Created Date = 19/09/2007 06:25:31 | Attr = ]

tsc.ini -> %SystemRoot%\tsc.ini -> [Ver = | Size = 823 bytes | Created Date = 19/09/2007 06:25:31 | Attr = ]

tsc.ptn -> %SystemRoot%\tsc.ptn -> [Ver = | Size = 1871245 bytes | Created Date = 19/09/2007 06:25:31 | Attr = ]

AU_Backup -> %SystemRoot%\AU_Backup -> [Folder | Created Date = 19/09/2007 06:25:32 | Attr = ]

LPT$VPN.725 -> %SystemRoot%\LPT$VPN.725 -> [Ver = | Size = 37727661 bytes | Created Date = 19/09/2007 06:25:51 | Attr = ]

report -> %SystemRoot%\report -> [Folder | Created Date = 19/09/2007 06:26:08 | Attr = ]

tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3398 bytes | Created Date = 18/09/2007 21:39:58 | Attr = ]

printer.exe -> %System32%\printer.exe -> [Ver = | Size = 7680 bytes | Created Date = 23/09/2007 08:12:25 | Attr = ]

vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 58727 bytes | Created Date = 22/09/2007 18:18:31 | Attr = ]

moveex.exe -> %System32%\moveex.exe -> [Ver = | Size = 38400 bytes | Created Date = 20/09/2007 20:19:11 | Attr = ]

vsdatant.sys -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 394984 bytes | Created Date = 22/09/2007 18:18:31 | Attr = ]

vsdata.dll -> %System32%\vsdata.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 83432 bytes | Created Date = 22/09/2007 18:17:54 | Attr = ]

vsutil.dll -> %System32%\vsutil.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 472552 bytes | Created Date = 22/09/2007 18:17:53 | Attr = ]

vsmonapi.dll -> %System32%\vsmonapi.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 103912 bytes | Created Date = 22/09/2007 18:18:33 | Attr = ]

vspubapi.dll -> %System32%\vspubapi.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 275944 bytes | Created Date = 22/09/2007 18:18:33 | Attr = ]

vsinit.dll -> %System32%\vsinit.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 157160 bytes | Created Date = 22/09/2007 18:17:54 | Attr = ]

vswmi.dll -> %System32%\vswmi.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 46568 bytes | Created Date = 22/09/2007 18:18:37 | Attr = ]

vsxml.dll -> %System32%\vsxml.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 99816 bytes | Created Date = 22/09/2007 18:18:34 | Attr = ]

aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 801144 bytes | Created Date = 29/07/2007 16:57:50 | Attr = ]

fr-fr -> %System32%\fr-fr -> [Folder | Created Date = 30/07/2007 14:14:12 | Attr = ]

WinAvXX.exe -> %System32%\WinAvXX.exe -> [Ver = | Size = 7680 bytes | Created Date = 23/09/2007 08:12:25 | Attr = ]

zpeng24.dll -> %System32%\zpeng24.dll -> Python Software Foundation [Ver = 2.4.2 | Size = 1086952 bytes | Created Date = 22/09/2007 18:18:34 | Attr = ]

ZoneLabs -> %System32%\ZoneLabs -> [Folder | Created Date = 22/09/2007 18:18:33 | Attr = ]

zlcommdb.dll -> %System32%\zlcommdb.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 71144 bytes | Created Date = 22/09/2007 18:18:52 | Attr = ]

zlcomm.dll -> %System32%\zlcomm.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 83432 bytes | Created Date = 22/09/2007 18:18:51 | Attr = ]

vsregexp.dll -> %System32%\vsregexp.dll -> Zone Labs, LLC [Ver = 7.0.362.000 | Size = 71144 bytes | Created Date = 22/09/2007 18:18:54 | Attr = ]

zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Created Date = 22/09/2007 18:20:09 | Attr = H ]

VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 20/09/2007 20:19:11 | Attr = ]

libeay32_0.9.6l.dll -> %System32%\libeay32_0.9.6l.dll -> [Ver = | Size = 796048 bytes | Created Date = 22/09/2007 18:18:54 | Attr = ]

vsutil_loc040c.dll -> %System32%\vsutil_loc040c.dll -> Zone Labs Inc. [Ver = 5.3.017.000 | Size = 54672 bytes | Created Date = 22/09/2007 18:19:57 | Attr = ]

imsinstall_loc040c.dll -> %System32%\imsinstall_loc040c.dll -> [Ver = | Size = 21904 bytes | Created Date = 22/09/2007 18:19:58 | Attr = ]

imslsp_install_loc040c.dll -> %System32%\imslsp_install_loc040c.dll -> [Ver = | Size = 17808 bytes | Created Date = 22/09/2007 18:19:58 | Attr = ]

actskin4.ocx -> %System32%\actskin4.ocx -> [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 29/07/2007 16:57:50 | Attr = ]

AvastSS.scr -> %System32%\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 95608 bytes | Created Date = 29/07/2007 16:57:57 | Attr = ]

AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 14/09/2007 13:05:17 | Attr = ]

klif.sys -> %System32%\drivers\klif.sys -> Kaspersky Lab [Ver = 7.0.0.90 | Size = 119576 bytes | Created Date = 22/09/2007 18:19:03 | Attr = ]

kl1.sys -> %System32%\drivers\kl1.sys -> Kaspersky Lab [Ver = 6.1.18.0 | Size = 110360 bytes | Created Date = 22/09/2007 18:19:03 | Attr = ]

fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 32 bytes | Created Date = 22/09/2007 18:19:32 | Attr = HS]

fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 32 bytes | Created Date = 22/09/2007 18:19:33 | Attr = HS]

klick.dat -> %System32%\drivers\klick.dat -> [Ver = | Size = 75932 bytes | Created Date = 22/09/2007 18:19:42 | Attr = ]

klin.dat -> %System32%\drivers\klin.dat -> [Ver = | Size = 74396 bytes | Created Date = 22/09/2007 18:19:42 | Attr = ]

aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 92848 bytes | Created Date = 29/07/2007 16:57:55 | Attr = ]

aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 94416 bytes | Created Date = 29/07/2007 16:57:55 | Attr = ]

aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 26624 bytes | Created Date = 29/07/2007 16:57:59 | Attr = ]

aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 42912 bytes | Created Date = 29/07/2007 16:57:59 | Attr = ]

aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 23152 bytes | Created Date = 29/07/2007 16:58:00 | Attr = ]

hosts.20070919-112423.backup -> %System32%\drivers\etc\hosts.20070919-112423.backup -> [Ver = | Size = 3541 bytes | Created Date = 19/09/2007 10:24:23 | Attr = R ]

hosts.20070919-113959.backup -> %System32%\drivers\etc\hosts.20070919-113959.backup -> [Ver = | Size = 659 bytes | Created Date = 19/09/2007 10:39:59 | Attr = R ]

hosts.20070919-132252.backup -> %System32%\drivers\etc\hosts.20070919-132252.backup -> [Ver = | Size = 627 bytes | Created Date = 19/09/2007 12:22:52 | Attr = R ]

Lavasoft -> %AllUsersAppData%\Lavasoft -> [Folder | Created Date = 29/07/2007 16:07:12 | Attr = ]

Windows Genuine Advantage -> %AllUsersAppData%\Windows Genuine Advantage -> [Folder | Created Date = 30/07/2007 12:14:56 | Attr = ]

Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Created Date = 14/09/2007 13:05:13 | Attr = ]

Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Created Date = 18/09/2007 19:54:46 | Attr = ]

MailFrontier -> %AllUsersAppData%\MailFrontier -> [Folder | Created Date = 22/09/2007 18:20:20 | Attr = ]

Mozilla -> %UserAppData%\Mozilla -> [Folder | Created Date = 21/08/2007 19:28:51 | Attr = ]

Grisoft -> %UserAppData%\Grisoft -> [Folder | Created Date = 14/09/2007 13:05:32 | Attr = ]

Mozilla -> %LocalAppData%\Mozilla -> [Folder | Created Date = 21/08/2007 19:28:51 | Attr = ]

Ma musique -> %AllUsersDocuments%\Ma musique -> [Folder | Created Date = 30/07/2007 13:00:01 | Attr = R ]

a-squared -> %UserDocuments%\a-squared -> [Folder | Created Date = 19/09/2007 11:46:29 | Attr = ]

avast! Antivirus.lnk -> %AllUsersDesktop%\avast! Antivirus.lnk -> [Ver = | Size = 1613 bytes | Created Date = 29/07/2007 16:58:00 | Attr = ]

AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 753 bytes | Created Date = 14/09/2007 13:05:23 | Attr = ]

Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk -> [Ver = | Size = 1694 bytes | Created Date = 14/09/2007 20:09:39 | Attr = ]

Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk -> [Ver = | Size = 1694 bytes | Created Date = 14/09/2007 20:09:40 | Attr = ]

Navilog1.lnk -> %AllUsersDesktop%\Navilog1.lnk -> [Ver = | Size = 534 bytes | Created Date = 18/09/2007 20:10:16 | Attr = ]

a-squared Free.lnk -> %AllUsersDesktop%\a-squared Free.lnk -> [Ver = | Size = 552 bytes | Created Date = 19/09/2007 11:46:50 | Attr = ]

Navilog1.exe -> %UserDesktop%\Navilog1.exe -> @IL-MAFIOSO [Ver = | Size = 544635 bytes | Created Date = 18/09/2007 20:08:31 | Attr = ]

RegCleaner.lnk -> %UserDesktop%\RegCleaner.lnk -> [Ver = | Size = 549 bytes | Created Date = 19/09/2007 09:56:21 | Attr = ]

Warning.mht -> %UserDesktop%\Warning.mht -> [Ver = | Size = 97695 bytes | Created Date = 19/09/2007 20:53:03 | Attr = ]

[4]-Submit_2007-09-20@22.07.zip -> %UserDesktop%\[4]-Submit_2007-09-20@22.07.zip -> [Ver = | Size = 417 bytes | Created Date = 20/09/2007 21:07:37 | Attr = ]

HostsXpert -> %UserDesktop%\HostsXpert -> [Folder | Created Date = 23/09/2007 19:43:33 | Attr = ]

winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 356045 bytes | Created Date = 23/09/2007 19:48:03 | Attr = ]

WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Created Date = 23/09/2007 19:48:49 | Attr = ]

autorun.exe -> %AllUsersStartup%\autorun.exe -> [Ver = | Size = 7680 bytes | Created Date = 13/09/2007 10:06:48 | Attr = ]

system.exe -> %UserStartup%\system.exe -> [Ver = | Size = 7680 bytes | Created Date = 14/09/2007 12:02:56 | Attr = ]

Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 14/09/2007 20:08:57 | Attr = ]

 

[Files/Folders - Modified Within 60 days]

hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 267964416 bytes | Modified Date = 23/09/2007 20:36:46 | Attr = HS]

FOUND.000 -> %SystemDrive%\FOUND.000 -> [Folder | Modified Date = 29/07/2007 16:25:26 | Attr = HS]

FOUND.001 -> %SystemDrive%\FOUND.001 -> [Folder | Modified Date = 29/07/2007 16:25:26 | Attr = HS]

FOUND.002 -> %SystemDrive%\FOUND.002 -> [Folder | Modified Date = 29/07/2007 16:25:26 | Attr = HS]

NTDETECT.COM -> %SystemDrive%\NTDETECT.COM -> [Ver = | Size = 47564 bytes | Modified Date = 30/07/2007 13:53:20 | Attr = RHS]

FOUND.003 -> %SystemDrive%\FOUND.003 -> [Folder | Modified Date = 29/07/2007 17:38:38 | Attr = HS]

boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 216 bytes | Modified Date = 30/07/2007 14:00:10 | Attr = RHS]

FOUND.004 -> %SystemDrive%\FOUND.004 -> [Folder | Modified Date = 29/07/2007 17:55:14 | Attr = HS]

SmitfraudFix.exe -> %SystemDrive%\SmitfraudFix.exe -> [Ver = | Size = 883694 bytes | Modified Date = 18/09/2007 23:31:22 | Attr = ]

ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 23/09/2007 08:54:34 | Attr = ]

qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 20/09/2007 21:19:28 | Attr = ]

PATCH.EXE -> %SystemRoot%\PATCH.EXE -> Trend Micro Inc. [Ver = 1,81,0,1011 | Size = 286720 bytes | Modified Date = 19/09/2007 07:23:16 | Attr = ]

UNZIP.DLL -> %SystemRoot%\UNZIP.DLL -> Trend Micro Inc. [Ver = 1.32.0.1000 | Size = 69689 bytes | Modified Date = 19/09/2007 07:23:16 | Attr = ]

EHome -> %SystemRoot%\EHome -> [Folder | Modified Date = 30/07/2007 13:48:58 | Attr = ]

erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 20/09/2007 21:20:46 | Attr = ]

Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 22/09/2007 19:17:56 | Attr = ]

TMUPDATE.DLL -> %SystemRoot%\TMUPDATE.DLL -> Trend Micro Inc. [Ver = 1,81,0,1011 | Size = 507904 bytes | Modified Date = 19/09/2007 07:23:18 | Attr = ]

mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1268 bytes | Modified Date = 01/09/2007 15:57:38 | Attr = ]

bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 23/09/2007 20:36:48 | Attr = S]

nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Modified Date = 21/08/2007 20:28:56 | Attr = ]

$NtUninstallKB914388_0$ -> %SystemRoot%\$NtUninstallKB914388_0$ -> [Folder | Modified Date = 30/07/2007 13:15:50 | Attr = H ]

$NtUninstallKB921883_0$ -> %SystemRoot%\$NtUninstallKB921883_0$ -> [Folder | Modified Date = 30/07/2007 13:16:32 | Attr = H ]

WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 30/07/2007 14:39:08 | Attr = ]

peernet -> %SystemRoot%\peernet -> [Folder | Modified Date = 30/07/2007 13:58:24 | Attr = ]

$NtUninstallKB917422_0$ -> %SystemRoot%\$NtUninstallKB917422_0$ -> [Folder | Modified Date = 30/07/2007 13:17:22 | Attr = H ]

$NtUninstallKB920670_0$ -> %SystemRoot%\$NtUninstallKB920670_0$ -> [Folder | Modified Date = 30/07/2007 13:18:16 | Attr = H ]

$NtUninstallKB920683_0$ -> %SystemRoot%\$NtUninstallKB920683_0$ -> [Folder | Modified Date = 30/07/2007 13:19:04 | Attr = H ]

$NtUninstallKB921398_0$ -> %SystemRoot%\$NtUninstallKB921398_0$ -> [Folder | Modified Date = 30/07/2007 13:20:10 | Attr = H ]

$NtUninstallKB922616_0$ -> %SystemRoot%\$NtUninstallKB922616_0$ -> [Folder | Modified Date = 30/07/2007 13:21:22 | Attr = H ]

$NtUninstallKB919007_0$ -> %SystemRoot%\$NtUninstallKB919007_0$ -> [Folder | Modified Date = 30/07/2007 13:22:06 | Attr = H ]

$NtUninstallKB920685_0$ -> %SystemRoot%\$NtUninstallKB920685_0$ -> [Folder | Modified Date = 30/07/2007 13:22:58 | Attr = H ]

$NtUninstallKB918899-IE6SP1-20060725.123917$ -> %SystemRoot%\$NtUninstallKB918899-IE6SP1-20060725.123917$ -> [Folder | Modified Date = 30/07/2007 13:24:04 | Attr = H ]

$NtUninstallKB925486-IE6SP1-20060918.120000$ -> %SystemRoot%\$NtUninstallKB925486-IE6SP1-20060918.120000$ -> [Folder | Modified Date = 30/07/2007 13:25:00 | Attr = H ]

$NtUninstallKB923414_0$ -> %SystemRoot%\$NtUninstallKB923414_0$ -> [Folder | Modified Date = 30/07/2007 13:26:04 | Attr = H ]

$NtUninstallKB924496_0$ -> %SystemRoot%\$NtUninstallKB924496_0$ -> [Folder | Modified Date = 30/07/2007 13:27:04 | Attr = H ]

$NtUninstallKB923191_0$ -> %SystemRoot%\$NtUninstallKB923191_0$ -> [Folder | Modified Date = 30/07/2007 13:28:26 | Attr = H ]

$NtUninstallKB924191_0$ -> %SystemRoot%\$NtUninstallKB924191_0$ -> [Folder | Modified Date = 30/07/2007 13:29:44 | Attr = H ]

$NtUninstallKB922819_0$ -> %SystemRoot%\$NtUninstallKB922819_0$ -> [Folder | Modified Date = 30/07/2007 13:30:46 | Attr = H ]

$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Modified Date = 30/07/2007 13:49:02 | Attr = H ]

Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 30/07/2007 14:38:10 | Attr = ]

ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Modified Date = 30/07/2007 13:56:12 | Attr = ]

provisioning -> %SystemRoot%\provisioning -> [Folder | Modified Date = 30/07/2007 13:58:20 | Attr = ]

$NtUninstallKB902400$ -> %SystemRoot%\$NtUninstallKB902400$ -> [Folder | Modified Date = 30/07/2007 14:02:38 | Attr = H ]

$NtUninstallKB896423$ -> %SystemRoot%\$NtUninstallKB896423$ -> [Folder | Modified Date = 30/07/2007 14:03:36 | Attr = H ]

$NtUninstallKB890859$ -> %SystemRoot%\$NtUninstallKB890859$ -> [Folder | Modified Date = 30/07/2007 14:04:14 | Attr = H ]

$NtUninstallKB908519$ -> %SystemRoot%\$NtUninstallKB908519$ -> [Folder | Modified Date = 30/07/2007 14:05:00 | Attr = H ]

$NtUninstallKB896428$ -> %SystemRoot%\$NtUninstallKB896428$ -> [Folder | Modified Date = 30/07/2007 14:05:42 | Attr = H ]

$NtUninstallKB905749$ -> %SystemRoot%\$NtUninstallKB905749$ -> [Folder | Modified Date = 30/07/2007 14:06:20 | Attr = H ]

$NtUninstallKB912919$ -> %SystemRoot%\$NtUninstallKB912919$ -> [Folder | Modified Date = 30/07/2007 14:06:58 | Attr = H ]

$NtUninstallKB900725$ -> %SystemRoot%\$NtUninstallKB900725$ -> [Folder | Modified Date = 30/07/2007 14:07:36 | Attr = H ]

$NtUninstallKB888302$ -> %SystemRoot%\$NtUninstallKB888302$ -> [Folder | Modified Date = 30/07/2007 14:08:18 | Attr = H ]

$NtUninstallKB901214$ -> %SystemRoot%\$NtUninstallKB901214$ -> [Folder | Modified Date = 30/07/2007 14:08:54 | Attr = H ]

$NtUninstallKB905414$ -> %SystemRoot%\$NtUninstallKB905414$ -> [Folder | Modified Date = 30/07/2007 14:09:34 | Attr = H ]

$NtUninstallKB890046$ -> %SystemRoot%\$NtUninstallKB890046$ -> [Folder | Modified Date = 30/07/2007 14:10:10 | Attr = H ]

$NtUninstallKB891781$ -> %SystemRoot%\$NtUninstallKB891781$ -> [Folder | Modified Date = 30/07/2007 14:10:50 | Attr = H ]

$NtUninstallKB896358$ -> %SystemRoot%\$NtUninstallKB896358$ -> [Folder | Modified Date = 30/07/2007 14:11:30 | Attr = H ]

$NtUninstallKB888113$ -> %SystemRoot%\$NtUninstallKB888113$ -> [Folder | Modified Date = 30/07/2007 14:12:08 | Attr = H ]

$NtUninstallKB873339$ -> %SystemRoot%\$NtUninstallKB873339$ -> [Folder | Modified Date = 30/07/2007 14:12:54 | Attr = H ]

$NtUninstallKB893756$ -> %SystemRoot%\$NtUninstallKB893756$ -> [Folder | Modified Date = 30/07/2007 14:13:32 | Attr = H ]

$NtUninstallKB896424$ -> %SystemRoot%\$NtUninstallKB896424$ -> [Folder | Modified Date = 30/07/2007 14:14:12 | Attr = H ]

$NtUninstallKB899591$ -> %SystemRoot%\$NtUninstallKB899591$ -> [Folder | Modified Date = 30/07/2007 14:14:50 | Attr = H ]

$NtUninstallKB901017$ -> %SystemRoot%\$NtUninstallKB901017$ -> [Folder | Modified Date = 30/07/2007 14:15:28 | Attr = H ]

$NtUninstallKB911927$ -> %SystemRoot%\$NtUninstallKB911927$ -> [Folder | Modified Date = 30/07/2007 14:16:10 | Attr = H ]

$NtUninstallKB885836$ -> %SystemRoot%\$NtUninstallKB885836$ -> [Folder | Modified Date = 30/07/2007 14:16:50 | Attr = H ]

$NtUninstallKB885835$ -> %SystemRoot%\$NtUninstallKB885835$ -> [Folder | Modified Date = 30/07/2007 14:17:28 | Attr = H ]

$NtUninstallKB896422$ -> %SystemRoot%\$NtUninstallKB896422$ -> [Folder | Modified Date = 30/07/2007 14:18:06 | Attr = H ]

$NtUninstallKB899587$ -> %SystemRoot%\$NtUninstallKB899587$ -> [Folder | Modified Date = 30/07/2007 14:18:44 | Attr = H ]

$NtUninstallKB911562$ -> %SystemRoot%\$NtUninstallKB911562$ -> [Folder | Modified Date = 30/07/2007 14:19:24 | Attr = H ]

$NtUninstallKB908531$ -> %SystemRoot%\$NtUninstallKB908531$ -> [Folder | Modified Date = 30/07/2007 14:20:02 | Attr = H ]

$NtUninstallKB913580$ -> %SystemRoot%\$NtUninstallKB913580$ -> [Folder | Modified Date = 30/07/2007 14:20:46 | Attr = H ]

$NtUninstallKB914389$ -> %SystemRoot%\$NtUninstallKB914389$ -> [Folder | Modified Date = 30/07/2007 14:21:28 | Attr = H ]

$NtUninstallKB917953$ -> %SystemRoot%\$NtUninstallKB917953$ -> [Folder | Modified Date = 30/07/2007 14:22:10 | Attr = H ]

$NtUninstallKB917344$ -> %SystemRoot%\$NtUninstallKB917344$ -> [Folder | Modified Date = 30/07/2007 14:22:52 | Attr = H ]

$NtUninstallKB911280$ -> %SystemRoot%\$NtUninstallKB911280$ -> [Folder | Modified Date = 30/07/2007 14:23:36 | Attr = H ]

$NtUninstallKB910437$ -> %SystemRoot%\$NtUninstallKB910437$ -> [Folder | Modified Date = 30/07/2007 14:24:16 | Attr = H ]

$NtUninstallKB914388$ -> %SystemRoot%\$NtUninstallKB914388$ -> [Folder | Modified Date = 30/07/2007 14:24:56 | Attr = H ]

$NtUninstallKB921883$ -> %SystemRoot%\$NtUninstallKB921883$ -> [Folder | Modified Date = 30/07/2007 14:25:38 | Attr = H ]

$NtUninstallKB920683$ -> %SystemRoot%\$NtUninstallKB920683$ -> [Folder | Modified Date = 30/07/2007 14:26:20 | Attr = H ]

$NtUninstallKB917422$ -> %SystemRoot%\$NtUninstallKB917422$ -> [Folder | Modified Date = 30/07/2007 14:27:04 | Attr = H ]

$NtUninstallKB920670$ -> %SystemRoot%\$NtUninstallKB920670$ -> [Folder | Modified Date = 30/07/2007 14:27:44 | Attr = H ]

$NtUninstallKB921398$ -> %SystemRoot%\$NtUninstallKB921398$ -> [Folder | Modified Date = 30/07/2007 14:28:24 | Attr = H ]

$NtUninstallKB922616$ -> %SystemRoot%\$NtUninstallKB922616$ -> [Folder | Modified Date = 30/07/2007 14:29:06 | Attr = H ]

$NtUninstallKB919007$ -> %SystemRoot%\$NtUninstallKB919007$ -> [Folder | Modified Date = 30/07/2007 14:29:46 | Attr = H ]

$NtUninstallKB920685$ -> %SystemRoot%\$NtUninstallKB920685$ -> [Folder | Modified Date = 30/07/2007 14:30:28 | Attr = H ]

$NtUninstallKB923191$ -> %SystemRoot%\$NtUninstallKB923191$ -> [Folder | Modified Date = 30/07/2007 14:31:14 | Attr = H ]

$NtUninstallKB924496$ -> %SystemRoot%\$NtUninstallKB924496$ -> [Folder | Modified Date = 30/07/2007 14:31:54 | Attr = H ]

$NtUninstallKB923414$ -> %SystemRoot%\$NtUninstallKB923414$ -> [Folder | Modified Date = 30/07/2007 14:32:34 | Attr = H ]

$NtUninstallKB922819$ -> %SystemRoot%\$NtUninstallKB922819$ -> [Folder | Modified Date = 30/07/2007 14:33:16 | Attr = H ]

$NtUninstallKB924191$ -> %SystemRoot%\$NtUninstallKB924191$ -> [Folder | Modified Date = 30/07/2007 14:33:56 | Attr = H ]

ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 31/07/2007 21:45:44 | Attr = ]

$NtUninstallKB885884$ -> %SystemRoot%\$NtUninstallKB885884$ -> [Folder | Modified Date = 30/07/2007 15:04:18 | Attr = H ]

$NtUninstallKB886185$ -> %SystemRoot%\$NtUninstallKB886185$ -> [Folder | Modified Date = 30/07/2007 15:04:24 | Attr = H ]

$NtUninstallKB887472$ -> %SystemRoot%\$NtUninstallKB887472$ -> [Folder | Modified Date = 30/07/2007 15:04:28 | Attr = H ]

$NtUninstallKB900485$ -> %SystemRoot%\$NtUninstallKB900485$ -> [Folder | Modified Date = 30/07/2007 15:04:44 | Attr = H ]

$NtUninstallKB922582$ -> %SystemRoot%\$NtUninstallKB922582$ -> [Folder | Modified Date = 30/07/2007 15:04:50 | Attr = H ]

$NtUninstallKB916595$ -> %SystemRoot%\$NtUninstallKB916595$ -> [Folder | Modified Date = 30/07/2007 15:04:54 | Attr = H ]

$NtUninstallKB920872$ -> %SystemRoot%\$NtUninstallKB920872$ -> [Folder | Modified Date = 30/07/2007 15:05:02 | Attr = H ]

$NtUninstallKB924270$ -> %SystemRoot%\$NtUninstallKB924270$ -> [Folder | Modified Date = 30/07/2007 15:05:06 | Attr = H ]

$NtUninstallKB923980$ -> %SystemRoot%\$NtUninstallKB923980$ -> [Folder | Modified Date = 30/07/2007 15:05:12 | Attr = H ]

$NtUninstallKB926255$ -> %SystemRoot%\$NtUninstallKB926255$ -> [Folder | Modified Date = 30/07/2007 15:05:16 | Attr = H ]

$NtUninstallKB929969$ -> %SystemRoot%\$NtUninstallKB929969$ -> [Folder | Modified Date = 30/07/2007 15:05:20 | Attr = H ]

$NtUninstallKB928255$ -> %SystemRoot%\$NtUninstallKB928255$ -> [Folder | Modified Date = 30/07/2007 15:05:24 | Attr = H ]

$NtUninstallKB928843$ -> %SystemRoot%\$NtUninstallKB928843$ -> [Folder | Modified Date = 30/07/2007 15:05:32 | Attr = H ]

$NtUninstallKB927802$ -> %SystemRoot%\$NtUninstallKB927802$ -> [Folder | Modified Date = 30/07/2007 15:05:38 | Attr = H ]

$NtUninstallKB924667$ -> %SystemRoot%\$NtUninstallKB924667$ -> [Folder | Modified Date = 30/07/2007 15:05:42 | Attr = H ]

$NtUninstallKB927779$ -> %SystemRoot%\$NtUninstallKB927779$ -> [Folder | Modified Date = 30/07/2007 15:05:46 | Attr = H ]

$NtUninstallKB918118$ -> %SystemRoot%\$NtUninstallKB918118$ -> [Folder | Modified Date = 30/07/2007 15:05:52 | Attr = H ]

$NtUninstallKB926436$ -> %SystemRoot%\$NtUninstallKB926436$ -> [Folder | Modified Date = 30/07/2007 15:05:56 | Attr = H ]

$NtUninstallKB931836$ -> %SystemRoot%\$NtUninstallKB931836$ -> [Folder | Modified Date = 30/07/2007 15:06:02 | Attr = H ]

$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Modified Date = 30/07/2007 15:06:06 | Attr = H ]

$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Modified Date = 30/07/2007 15:06:12 | Attr = H ]

$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Modified Date = 30/07/2007 15:06:20 | Attr = H ]

$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Modified Date = 30/07/2007 15:06:24 | Attr = H ]

$NtUninstallKB904942$ -> %SystemRoot%\$NtUninstallKB904942$ -> [Folder | Modified Date = 30/07/2007 15:10:40 | Attr = H ]

$NtUninstallKB914440$ -> %SystemRoot%\$NtUninstallKB914440$ -> [Folder | Modified Date = 30/07/2007 15:10:48 | Attr = H ]

network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 30/07/2007 15:10:50 | Attr = ]

$NtUninstallKB915865$ -> %SystemRoot%\$NtUninstallKB915865$ -> [Folder | Modified Date = 30/07/2007 15:11:50 | Attr = H ]

$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Modified Date = 30/07/2007 15:12:18 | Attr = H ]

$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Modified Date = 30/07/2007 15:12:40 | Attr = H ]

ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 30/07/2007 15:12:56 | Attr = H ]

WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 30/07/2007 15:14:14 | Attr = ]

$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Modified Date = 30/07/2007 15:14:48 | Attr = H ]

$NtUninstallKB920213$ -> %SystemRoot%\$NtUninstallKB920213$ -> [Folder | Modified Date = 30/07/2007 15:14:52 | Attr = H ]

$NtUninstallKB930916$ -> %SystemRoot%\$NtUninstallKB930916$ -> [Folder | Modified Date = 30/07/2007 15:14:58 | Attr = H ]

$NtUninstallKB927891$ -> %SystemRoot%\$NtUninstallKB927891$ -> [Folder | Modified Date = 30/07/2007 15:15:02 | Attr = H ]

$NtUninstallKB933566$ -> %SystemRoot%\$NtUninstallKB933566$ -> [Folder | Modified Date = 30/07/2007 15:15:10 | Attr = H ]

$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Modified Date = 30/07/2007 15:15:18 | Attr = H ]

$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Modified Date = 30/07/2007 15:15:24 | Attr = H ]

$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Modified Date = 30/07/2007 15:15:28 | Attr = H ]

$NtUninstallKB925398_WMP64$ -> %SystemRoot%\$NtUninstallKB925398_WMP64$ -> [Folder | Modified Date = 30/07/2007 15:15:50 | Attr = H ]

$NtUninstallKB923689$ -> %SystemRoot%\$NtUninstallKB923689$ -> [Folder | Modified Date = 30/07/2007 15:16:04 | Attr = H ]

$NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Modified Date = 30/08/2007 22:47:56 | Attr = H ]

$NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Modified Date = 30/08/2007 22:49:10 | Attr = H ]

$NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Modified Date = 30/08/2007 22:49:14 | Attr = H ]

$NtUninstallKB936782_WMP9$ -> %SystemRoot%\$NtUninstallKB936782_WMP9$ -> [Folder | Modified Date = 30/08/2007 22:49:36 | Attr = H ]

$NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Modified Date = 30/08/2007 22:49:42 | Attr = H ]

$NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Modified Date = 30/08/2007 22:49:48 | Attr = H ]

AU_Log -> %SystemRoot%\AU_Log -> [Folder | Modified Date = 19/09/2007 07:23:24 | Attr = ]

AU_Temp -> %SystemRoot%\AU_Temp -> [Folder | Modified Date = 19/09/2007 07:23:24 | Attr = ]

GetServer.ini -> %SystemRoot%\GetServer.ini -> [Ver = | Size = 170 bytes | Modified Date = 19/09/2007 07:23:24 | Attr = ]

VPTNFILE.725 -> %SystemRoot%\VPTNFILE.725 -> [Ver = | Size = 37727661 bytes | Modified Date = 19/09/2007 07:25:32 | Attr = ]

BPMNT.dll -> %SystemRoot%\BPMNT.dll -> Trend Micro Inc. [Ver = 8.000-1001 | Size = 86094 bytes | Modified Date = 19/09/2007 07:25:32 | Attr = ]

vsapi32.dll -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 8.500-1002 | Size = 1163344 bytes | Modified Date = 19/09/2007 07:25:32 | Attr = ]

hcextoutput.dll -> %SystemRoot%\hcextoutput.dll -> [Ver = | Size = 71749 bytes | Modified Date = 19/09/2007 07:25:32 | Attr = ]

tsc.exe -> %SystemRoot%\tsc.exe -> Trend Micro Inc. [Ver = 5.3.0.1103 | Size = 267845 bytes | Modified Date = 19/09/2007 07:25:32 | Attr = ]

tsc.ini -> %SystemRoot%\tsc.ini -> [Ver = | Size = 823 bytes | Modified Date = 19/09/2007 07:26:32 | Attr = ]

tsc.ptn -> %SystemRoot%\tsc.ptn -> [Ver = | Size = 1871245 bytes | Modified Date = 19/09/2007 07:25:32 | Attr = ]

AU_Backup -> %SystemRoot%\AU_Backup -> [Folder | Modified Date = 19/09/2007 07:25:32 | Attr = ]

LPT$VPN.725 -> %SystemRoot%\LPT$VPN.725 -> [Ver = | Size = 37727661 bytes | Modified Date = 19/09/2007 07:25:32 | Attr = ]

report -> %SystemRoot%\report -> [Folder | Modified Date = 19/09/2007 07:26:10 | Attr = ]

SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 23/09/2007 20:37:06 | Attr = H ]

tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3398 bytes | Modified Date = 23/09/2007 09:09:34 | Attr = ]

printer.exe -> %System32%\printer.exe -> [Ver = | Size = 7680 bytes | Modified Date = 13/09/2007 11:06:42 | Attr = ]

wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 14/09/2007 12:59:40 | Attr = ]

vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 58727 bytes | Modified Date = 23/09/2007 20:37:42 | Attr = ]

perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 39992 bytes | Modified Date = 30/07/2007 15:21:32 | Attr = ]

perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 311604 bytes | Modified Date = 30/07/2007 15:21:32 | Attr = ]

perfc00C.dat -> %System32%\perfc00C.dat -> [Ver = | Size = 48616 bytes | Modified Date = 30/07/2007 15:21:32 | Attr = ]

perfh00C.dat -> %System32%\perfh00C.dat -> [Ver = | Size = 367658 bytes | Modified Date = 30/07/2007 15:21:32 | Attr = ]

aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 801144 bytes | Modified Date = 06/09/2007 12:09:50 | Attr = ]

fr-fr -> %System32%\fr-fr -> [Folder | Modified Date = 30/07/2007 15:14:14 | Attr = ]

WinAvXX.exe -> %System32%\WinAvXX.exe -> [Ver = | Size = 7680 bytes | Modified Date = 13/09/2007 11:06:42 | Attr = ]

ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 22/09/2007 19:18:34 | Attr = ]

zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 22/09/2007 19:22:28 | Attr = H ]

vdo_g.ini -> %System32%\vdo_g.ini -> [Ver = | Size = 22657 bytes | Modified Date = 29/07/2007 17:58:14 | Attr = ]

FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 173872 bytes | Modified Date = 30/07/2007 15:17:48 | Attr = ]

PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 775034 bytes | Modified Date = 30/07/2007 15:21:30 | Attr = ]

AvastSS.scr -> %System32%\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 95608 bytes | Modified Date = 06/09/2007 12:00:08 | Attr = ]

CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 3121 bytes | Modified Date = 13/09/2007 09:58:16 | Attr = ]

NSDriver.sys -> %System32%\drivers\NSDriver.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 9344 bytes | Modified Date = 14/09/2007 21:11:58 | Attr = ]

AWRTRD.sys -> %System32%\drivers\AWRTRD.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 8320 bytes | Modified Date = 14/09/2007 21:11:56 | Attr = ]

fidbox.dat -> %System32%\drivers\fidbox.dat -> [Ver = | Size = 32 bytes | Modified Date = 23/09/2007 12:33:46 | Attr = HS]

fidbox.idx -> %System32%\drivers\fidbox.idx -> [Ver = | Size = 32 bytes | Modified Date = 23/09/2007 12:33:46 | Attr = HS]

klick.dat -> %System32%\drivers\klick.dat -> [Ver = | Size = 75932 bytes | Modified Date = 22/09/2007 19:19:44 | Attr = ]

klin.dat -> %System32%\drivers\klin.dat -> [Ver = | Size = 74396 bytes | Modified Date = 22/09/2007 19:19:44 | Attr = ]

aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 92848 bytes | Modified Date = 06/09/2007 12:05:26 | Attr = ]

aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 94416 bytes | Modified Date = 06/09/2007 12:05:10 | Attr = ]

aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 26624 bytes | Modified Date = 06/09/2007 12:00:54 | Attr = ]

aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 42912 bytes | Modified Date = 06/09/2007 12:02:20 | Attr = ]

aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 23152 bytes | Modified Date = 06/09/2007 12:03:02 | Attr = ]

hosts.20070919-112423.backup -> %System32%\drivers\etc\hosts.20070919-112423.backup -> [Ver = | Size = 3541 bytes | Modified Date = 19/09/2007 11:24:24 | Attr = R ]

hosts.20070919-113959.backup -> %System32%\drivers\etc\hosts.20070919-113959.backup -> [Ver = | Size = 659 bytes | Modified Date = 19/09/2007 11:24:24 | Attr = R ]

hosts.20070919-132252.backup -> %System32%\drivers\etc\hosts.20070919-132252.backup -> [Ver = | Size = 627 bytes | Modified Date = 19/09/2007 11:40:00 | Attr = R ]

Lavasoft -> %AllUsersAppData%\Lavasoft -> [Folder | Modified Date = 29/07/2007 17:07:14 | Attr = ]

Windows Genuine Advantage -> %AllUsersAppData%\Windows Genuine Advantage -> [Folder | Modified Date = 30/07/2007 13:14:58 | Attr = ]

Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Modified Date = 14/09/2007 14:05:14 | Attr = ]

Spybot - Search & Destroy -> %AllUsersAppData%\Spybot - Search & Destroy -> [Folder | Modified Date = 18/09/2007 20:54:48 | Attr = ]

MailFrontier -> %AllUsersAppData%\MailFrontier -> [Folder | Modified Date = 22/09/2007 19:20:22 | Attr = ]

Mozilla -> %UserAppData%\Mozilla -> [Folder | Modified Date = 21/08/2007 20:28:52 | Attr = ]

Grisoft -> %UserAppData%\Grisoft -> [Folder | Modified Date = 14/09/2007 14:05:34 | Attr = ]

GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 35680 bytes | Modified Date = 30/07/2007 14:44:34 | Attr = ]

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 46592 bytes | Modified Date = 16/09/2007 16:36:34 | Attr = ]

Mozilla -> %LocalAppData%\Mozilla -> [Folder | Modified Date = 21/08/2007 20:28:52 | Attr = ]

Ma musique -> %AllUsersDocuments%\Ma musique -> [Folder | Modified Date = 30/07/2007 14:00:02 | Attr = R ]

Mes images -> %UserDocuments%\Mes images -> [Folder | Modified Date = 31/07/2007 07:26:08 | Attr = R ]

Ma musique -> %UserDocuments%\Ma musique -> [Folder | Modified Date = 31/07/2007 07:26:08 | Attr = R ]

desktop.ini -> %UserDocuments%\desktop.ini -> [Ver = | Size = 123 bytes | Modified Date = 31/07/2007 07:26:08 | Attr = HS]

a-squared -> %UserDocuments%\a-squared -> [Folder | Modified Date = 19/09/2007 12:46:30 | Attr = ]

avast! Antivirus.lnk -> %AllUsersDesktop%\avast! Antivirus.lnk -> [Ver = | Size = 1613 bytes | Modified Date = 29/07/2007 17:58:02 | Attr = ]

AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 753 bytes | Modified Date = 14/09/2007 14:05:24 | Attr = ]

Ad-Aware 2007.lnk -> %AllUsersDesktop%\Ad-Aware 2007.lnk -> [Ver = | Size = 1694 bytes | Modified Date = 14/09/2007 21:09:40 | Attr = ]

Ad-Watch 2007.lnk -> %AllUsersDesktop%\Ad-Watch 2007.lnk -> [Ver = | Size = 1694 bytes | Modified Date = 14/09/2007 21:09:42 | Attr = ]

Navilog1.lnk -> %AllUsersDesktop%\Navilog1.lnk -> [Ver = | Size = 534 bytes | Modified Date = 18/09/2007 21:10:18 | Attr = ]

a-squared Free.lnk -> %AllUsersDesktop%\a-squared Free.lnk -> [Ver = | Size = 552 bytes | Modified Date = 19/09/2007 12:46:52 | Attr = ]

Lecteur Windows Media.lnk -> %UserDesktop%\Lecteur Windows Media.lnk -> [Ver = | Size = 690 bytes | Modified Date = 18/09/2007 19:32:24 | Attr = ]

Navilog1.exe -> %UserDesktop%\Navilog1.exe -> @IL-MAFIOSO [Ver = | Size = 544635 bytes | Modified Date = 18/09/2007 21:08:32 | Attr = ]

RegCleaner.lnk -> %UserDesktop%\RegCleaner.lnk -> [Ver = | Size = 549 bytes | Modified Date = 19/09/2007 13:01:02 | Attr = ]

Warning.mht -> %UserDesktop%\Warning.mht -> [Ver = | Size = 97695 bytes | Modified Date = 19/09/2007 21:53:06 | Attr = ]

[4]-Submit_2007-09-20@22.07.zip -> %UserDesktop%\[4]-Submit_2007-09-20@22.07.zip -> [Ver = | Size = 417 bytes | Modified Date = 20/09/2007 22:07:38 | Attr = ]

HostsXpert -> %UserDesktop%\HostsXpert -> [Folder | Modified Date = 23/09/2007 20:43:34 | Attr = ]

winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 356045 bytes | Modified Date = 23/09/2007 20:48:06 | Attr = ]

WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Modified Date = 23/09/2007 20:48:50 | Attr = ]

autorun.exe -> %AllUsersStartup%\autorun.exe -> [Ver = | Size = 7680 bytes | Modified Date = 13/09/2007 11:06:42 | Attr = ]

system.exe -> %UserStartup%\system.exe -> [Ver = | Size = 7680 bytes | Modified Date = 13/09/2007 11:06:42 | Attr = ]

Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 14/09/2007 21:08:58 | Attr = ]

 

[File String Scan - Non-Microsoft Only]

PTech , -> %SystemDrive%\xscan.txt -> [Ver = | Size = 59069437 bytes | Modified Date = 19/09/2007 10:35:34 | Attr = ]

UPX! , aspack , -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 8.500-1002 | Size = 1163344 bytes | Modified Date = 19/09/2007 07:25:32 | Attr = ]

UPX! , UPX0 , -> %SystemRoot%\tsc.exe -> Trend Micro Inc. [Ver = 5.3.0.1103 | Size = 267845 bytes | Modified Date = 19/09/2007 07:25:32 | Attr = ]

UPX0 , -> %System32%\printer.exe -> [Ver = | Size = 7680 bytes | Modified Date = 13/09/2007 11:06:42 | Attr = ]

WSUD , -> %System32%\ALSNDMGR.CPL -> Realtek Semiconductor Corp. [Ver = 2.2.03 | Size = 10435072 bytes | Modified Date = 23/09/2003 09:09:00 | Attr = ]

PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41131 bytes | Modified Date = 28/08/2001 20:00:00 | Attr = ]

winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 28/08/2001 20:00:00 | Attr = ]

UPX! , UPX0 , -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 801144 bytes | Modified Date = 06/09/2007 12:09:50 | Attr = ]

UPX0 , -> %System32%\WinAvXX.exe -> [Ver = | Size = 7680 bytes | Modified Date = 13/09/2007 11:06:42 | Attr = ]

PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivXNetworks, Inc. [Ver = 5.2.1.1338 | Size = 716800 bytes | Modified Date = 27/10/2004 00:13:24 | Attr = ]

UPX0 , -> %System32%\dllcache\NT5IIS.CAT -> [Ver = | Size = 809394 bytes | Modified Date = 28/08/2001 20:00:00 | Attr = ]

PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 04/08/2004 07:41:38 | Attr = ]

UPX! , -> %System32%\drivers\mrk.exe -> [Ver = | Size = 94262 bytes | Modified Date = 14/10/2003 21:30:48 | Attr = ]

WSUD , -> %UserDocuments%\img001.bmp -> [Ver = | Size = 2749158 bytes | Modified Date = 09/06/2006 19:27:14 | Attr = ]

UPX0 , -> %AllUsersStartup%\autorun.exe -> [Ver = | Size = 7680 bytes | Modified Date = 13/09/2007 11:06:42 | Attr = ]

UPX0 , -> %UserStartup%\system.exe -> [Ver = | Size = 7680 bytes | Modified Date = 13/09/2007 11:06:42 | Attr = ]

 

< End of report >

 

[Thanos]

salut

 

Je viens d'éditer ce message car j'ai reçu des instructions pour attaquer l'infection différement !

Si tu as déjà lu ma précédente réponse (que j'ai effacée), tu peux poster le rapport demandé.

Sinon, je te poste la procédure sous peu (ce sera simple ne t'inquiêtes pas).

Modifié le 24 septembre 2007 par charles ingals

[Thanos]

salut lesandre

 

Le problème doit être rêglé avec la dernière mise à jour de SmitFraudFix : un grand merci à S!RI au passage pour sa réactivité

 

1) Fait supprimer le Dossier SmitfraudFix qui se trouve sur le bureau.

 

2 La mise à jour vers la dernière version >

• Double clique sur SmitfraudFix.exe
  
• Choisis l'Option 4 (Mise à jour) puis valide
  
• Suis les invites jusqu'à la mise en place des MAJ.
  Attention : à présent qu'il y a un parefeu sur ton pc, tu vas reçevoir une alerte te demandant s'il faut ou non accepter la connexion de SmiUpdate.exe à internet : accepte!
  
  Patiente quelques secondes...Tu dois voir s'afficher > Mises à jour installées
  
• Quitte le programme.
  

3) Redémarre le PC, impérativement en mode sans échec.

Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement > Tapote par alternance les touches [F8] et [F5] jusqu'à l'affichage du menu des options avancées de Windows.

Sélectionne "Mode sans échec" et appuie sur la touche [Entrée].

Choisis ton compte usuel, et non Administrateur

 

4) Double clique sur SmitfraudFix.exe

• Sélectionne 2 et presse Entrée dans le menu pour supprimer les fichiers responsables de l'infection.
  
• A la question: Voulez-vous nettoyer le registre ? répond O (oui) et presse [Entrée] afin de débloquer le fond d'écran et supprimer les clés de registre de l'infection.
  
• Le fix déterminera si le fichier wininet.dll est infecté. A la question: Corriger le fichier infecté ? répond O (oui) et presse [Entrée] pour remplacer le fichier corrompu.
  
• Un redemarrage sera peut être necessaire pour terminer la procedure de nettoyage. Le rapport se trouve à la racine du disque système C:\rapport.txt
   
  5) Le pc a redémarré: on s'occupe des restrictions comme ceci >
   
  Stp rend toi sur cette page afin de télécharger le fichier CFScript > http://www.sendspace.com/file/vtvmpm
  pour cela, clique sur le lien en bas de page > Download Link: CFScript
  • 
     
    
  • Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
     
    
    
  • Une fenêtre bleue va apparaitre: au message qui apparait ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    
  • Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    
  • Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt
    

  Poste les rapports de SmitFraudFix option 2 et le rapport de Combofix dans ta réponse.

  Allez courage!! Ce coup ci ca doit être la bonne: bravo pour ta persévérance

[lesandre]

Bonsoir Charles,

 

J'ai suivi les instructions.

- Durant SmitFraudFix: plusieurs fois le message

"acces a la base de registre non autorisee par votre administrateur" apres avoir presse sur o

 

Toujours la meme fenetre qui apparait regulierement (voir post precedent STP)

 

Ci-apres, les rapports.

 

A bientot et merci encore,

 

Le sandre

 

 

SmitFraudFix v2.232

 

Rapport fait à 21:25:48,76, 28/09/2007

Executé à partir de C:\Documents and Settings\Jean-Christophe\Bureau\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est FAT32

Fix executé en mode sans echec

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

192.168.200.3 ad.doubleclick.net

192.168.200.3 ad.fastclick.net

192.168.200.3 ads.fastclick.net

192.168.200.3 ar.atwola.com

192.168.200.3 atdmt.com

192.168.200.3 avp.ch

192.168.200.3 avp.com

192.168.200.3 avp.ru

192.168.200.3 awaps.net

192.168.200.3 banner.fastclick.net

192.168.200.3 banners.fastclick.net

192.168.200.3 ca.com

192.168.200.3 click.atdmt.com

192.168.200.3 clicks.atdmt.com

192.168.200.3 customer.symantec.com

192.168.200.3 dispatch.mcafee.com

192.168.200.3 download.mcafee.com

192.168.200.3 downloads-us1.kaspersky-labs.com

192.168.200.3 downloads-us2.kaspersky-labs.com

192.168.200.3 downloads-us3.kaspersky-labs.com

192.168.200.3 downloads1.kaspersky-labs.com

192.168.200.3 downloads2.kaspersky-labs.com

192.168.200.3 downloads3.kaspersky-labs.com

192.168.200.3 downloads4.kaspersky-labs.com

192.168.200.3 engine.awaps.net

192.168.200.3 f-secure.com

192.168.200.3 fastclick.net

192.168.200.3 ftp.avp.ch

192.168.200.3 ftp.downloads1.kaspersky-labs.com

192.168.200.3 ftp.downloads2.kaspersky-labs.com

192.168.200.3 ftp.downloads3.kaspersky-labs.com

192.168.200.3 ftp.f-secure.com

192.168.200.3 ftp.kasperskylab.ru

192.168.200.3 ftp.sophos.com

192.168.200.3 ids.kaspersky-labs.com

192.168.200.3 kaspersky-labs.com

192.168.200.3 kaspersky.com

192.168.200.3 liveupdate.symantec.com

192.168.200.3 liveupdate.symantecliveupdate.com

192.168.200.3 mast.mcafee.com

192.168.200.3 mcafee.com

192.168.200.3 media.fastclick.net

192.168.200.3 my-etrust.com

192.168.200.3 nai.com

192.168.200.3 networkassociates.com

192.168.200.3 norton.com

192.168.200.3 phx.corporate-ir.net

192.168.200.3 rads.mcafee.com

192.168.200.3 secure.nai.com

192.168.200.3 securityresponse.symantec.com

192.168.200.3 service1.symantec.com

192.168.200.3 sophos.com

192.168.200.3 spd.atdmt.com

192.168.200.3 symantec.com

192.168.200.3 trendmicro.com

192.168.200.3 update.symantec.com

192.168.200.3 updates.symantec.com

192.168.200.3 updates1.kaspersky-labs.com

192.168.200.3 updates2.kaspersky-labs.com

192.168.200.3 updates3.kaspersky-labs.com

192.168.200.3 updates4.kaspersky-labs.com

192.168.200.3 updates5.kaspersky-labs.com

192.168.200.3 us.mcafee.com

192.168.200.3 vil.nai.com

192.168.200.3 viruslist.com

192.168.200.3 viruslist.ru

192.168.200.3 virusscan.jotti.org

192.168.200.3 virustotal.com

192.168.200.3 www.avp.ch

192.168.200.3 www.avp.com

192.168.200.3 www.avp.ru

192.168.200.3 www.awaps.net

192.168.200.3 www.ca.com

192.168.200.3 www.f-secure.com

192.168.200.3 www.fastclick.net

192.168.200.3 www.grisoft.com

192.168.200.3 www.kaspersky-labs.com

192.168.200.3 www.kaspersky.com

192.168.200.3 www.kaspersky.ru

192.168.200.3 www.mcafee.com

192.168.200.3 www.my-etrust.com

192.168.200.3 www.nai.com

192.168.200.3 www.networkassociates.com

192.168.200.3 www.sophos.com

192.168.200.3 www.symantec.com

192.168.200.3 www.symantec.com

192.168.200.3 www.trendmicro.com

192.168.200.3 www.viruslist.com

192.168.200.3 www.viruslist.ru

192.168.200.3 www.virustotal.com

192.168.200.3 www3.ca.com

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

 

C:\WINDOWS\system32\printer.exe supprimé

C:\WINDOWS\system32\WinAvXX.exe supprimé

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{81260026-7663-40F1-88CE-7C27A0FBAA76}: DhcpNameServer=192.168.1.254

HKLM\SYSTEM\CS1\Services\Tcpip\..\{81260026-7663-40F1-88CE-7C27A0FBAA76}: DhcpNameServer=192.168.1.254

HKLM\SYSTEM\CS2\Services\Tcpip\..\{81260026-7663-40F1-88CE-7C27A0FBAA76}: DhcpNameServer=192.168.1.254

HKLM\SYSTEM\CS3\Services\Tcpip\..\{81260026-7663-40F1-88CE-7C27A0FBAA76}: DhcpNameServer=192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

 

Nettoyage terminé.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

 

 

Combofix

 

ComboFix 07-09-18.4 - "Jean-Christophe" 2007-09-28 21:36:01.9 - FAT32x86

Microsoft Windows XP ?dition familiale 5.1.2600.2.1252.1.1036.18.48 [GMT 2:00]

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\printer.exe

C:\WINDOWS\system32\WinAvXX.exe

 

.

((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-28 )))))))))))))))))))))))))))))))

.

 

2007-09-22 19:20 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat

2007-09-22 19:20 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier

2007-09-22 19:17 <REP> d-------- C:\WINDOWS\Internet Logs

2007-09-20 21:19 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-09-19 13:02 <REP> d-------- C:\Program Files\CCleaner

2007-09-19 12:46 <REP> d-------- C:\Program Files\a-squared Free

2007-09-19 10:56 <REP> d-------- C:\Program Files\RegCleaner

2007-09-19 07:26 <REP> d-------- C:\WINDOWS\report

2007-09-19 07:25 86,094 --a------ C:\WINDOWS\BPMNT.dll

2007-09-19 07:25 71,749 --a------ C:\WINDOWS\hcextoutput.dll

2007-09-19 07:25 267,845 --a------ C:\WINDOWS\tsc.exe

2007-09-19 07:25 1,163,344 --a------ C:\WINDOWS\vsapi32.dll

2007-09-19 07:25 <REP> d-------- C:\WINDOWS\AU_Backup

2007-09-19 07:23 69,689 --a------ C:\WINDOWS\UNZIP.DLL

2007-09-19 07:23 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL

2007-09-19 07:23 286,720 --a------ C:\WINDOWS\PATCH.EXE

2007-09-19 07:23 <REP> d-------- C:\WINDOWS\AU_Temp

2007-09-19 07:23 <REP> d-------- C:\WINDOWS\AU_Log

2007-09-18 22:39 3,398 --a------ C:\WINDOWS\system32\tmp.reg

2007-09-18 21:10 <REP> d-------- C:\Program Files\Navilog1

2007-09-18 20:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

2007-09-17 21:10 <REP> dr------- C:\DOCUME~1\Elyan\Mes documents

2007-09-17 21:10 <REP> dr------- C:\DOCUME~1\Elyan\Favoris

2007-09-14 21:08 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

2007-09-14 14:05 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-09-14 12:59 <REP> dr------- C:\DOCUME~1\ADMINI~1\Mes documents

2007-09-14 12:59 <REP> dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer

2007-09-14 12:59 <REP> dr------- C:\DOCUME~1\ADMINI~1\Favoris

2007-09-14 12:59 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau

2007-09-14 12:59 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression

2007-09-14 12:59 <REP> d--h----- C:\DOCUME~1\ADMINI~1\ModŠles

2007-09-14 12:59 <REP> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS

2007-09-14 12:59 <REP> d-------- C:\DOCUME~1\ADMINI~1\Bureau

2007-09-14 12:59 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\InterTrust

2007-09-01 15:57 1,268 --a------ C:\WINDOWS\mozver.dat

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-09-28 19:36 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2007-09-28 19:36 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2007-09-22 19:19 75932 --a------ C:\WINDOWS\system32\drivers\klick.dat

2007-09-22 19:19 74396 --a------ C:\WINDOWS\system32\drivers\klin.dat

2007-09-14 21:11 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys

2007-09-14 21:11 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys

2007-09-06 12:09 801144 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-09-06 12:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-09-06 12:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-09-06 12:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-09-06 12:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-09-06 12:00 95608 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-09-06 12:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll

2007-07-29 17:57 --------- d-------- C:\Program Files\Alwil Software

2007-07-29 17:07 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

2007-07-29 16:24 --------- d-------- C:\Program Files\Realtek Sound Manager

2007-07-29 16:24 --------- d-------- C:\Program Files\AvRack

2007-07-29 16:24 --------- d-------- C:\DOCUME~1\ELYAN\APPLIC~1\Real

2007-07-29 16:24 --------- d-------- C:\DOCUME~1\ELYAN\APPLIC~1\InterTrust

2007-07-29 16:24 --------- d-------- C:\DOCUME~1\ELYAN\APPLIC~1\ICQ

2007-07-29 16:24 --------- d-------- C:\DOCUME~1\ELYAN\APPLIC~1\FUJIFILM

2007-07-19 08:58 3583488 --------- C:\WINDOWS\system32\dllcache\mshtml.dll

2007-07-13 01:30 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll

2005-07-21 15:12 457 --a------ C:\Program Files\INSTALL.LOG

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2003-09-23 09:09 C:\WINDOWS\SOUNDMAN.EXE]

"Disk Monitor"="C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe" [2003-06-18 11:57]

"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 22:05]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-10-11 22:02]

"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-06-24 15:16]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-06 21:12]

"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32]

"ExtraFilmHemmaAgent"="C:\Program Files\Extrafilm FotoFacil\Agent.exe" [2006-10-03 09:40]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]

"NetAppel"="C:\program files\netappel\netappel.exe" [2007-09-15 13:19]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]

PCANotify.dll 2003-05-29 11:00 8704 C:\WINDOWS\system32\PCANotify.dll

 

R3 C4C_BSC2;C4C_BSC2;C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

S2 vdo_326d-6b44;vdo_326d-6b44;\??\C:\WINDOWS\system32\vdo_326d-6b44.sys

S3 PIXMC10;JVC Communication PIX-MC10 Driver;C:\WINDOWS\system32\Drivers\pixmc10c.sys

S3 PIXMC10A;JVC PIX-MC10 Audio Capture;C:\WINDOWS\system32\Drivers\pixmc10a.sys

S3 PIXMC10V;JVC PIX-MC10 Video Capture;C:\WINDOWS\system32\Drivers\pixmc10v.sys

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys

 

.

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-09-28 21:39:42

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-09-28 21:41:42

C:\ComboFix-quarantined-files.txt ... 2007-09-28 21:41

C:\ComboFix2.txt ... 2007-09-23 09:04

C:\ComboFix3.txt ... 2007-09-22 19:51

.

--- E O F ---

[lesandre]

Bonsoir Charles,

 

As-tu une solution par rapport à ce pb qui parait insoluble?

 

Merci à toi,

 

Le sandre

[Thanos]

salut lesandre

 

J'ai de nouvelles infos ! On va rechercher via ce petit fichier, les éléments qui permettent la régénération de l'infection, puis ensuite on éliminera tout d'un coup >

 

rend toi sur cette page afin de télécharger le fichier rla.bat > http://www.sendspace.com/file/ohd5aa

pour cela, clique sur le lien en bas de page > Download Link: rla.bat

 

Double clique sur le fichier > un rapport va s'afficher > poste le stp

il va falloir que l'on nettoie l'infection sur toutes les sessions en même temps !