Antivirus xp 2008

sharris · le 8 août 2008

Bonjour à tous,

Encore une autre personne infectée par ce satané virus! PC qui tourne au ralenti depuis ce matin! J'ai fais un Spybot qui me situe bien le problème, me dit l'éliminer, mais après reboot le problème reste entier! Autre soucis, ZoneAlarm est bien chargé mais son interface est vide!!!

J'ai parcouru les différents topics relatant ce soucis mais j'ai aussi bien lu qu'il valait mieux traiter chaque cas séparément (i.e. spcécifiquement pour chaque PC) plutôt que d'appliquer bêtement ( ) une solution X!

Me voilà donc, je vous serai bien reconnaissant si vous pouviez m'aider!

Merci!!!

Falkra · le 8 août 2008

Bonjour, bienvenue sur le forum.

Poste un rapport HijackThis dans ta prochaine réponse stp.

Clique sur ce lien pour télécharger HijackThis 2.0.2 :

http://www.trendsecure.com/portal/en-US/_d.../HiJackThis.exe

Cette version est sans installateur ou Zip à décompresser, choisis de l'enregistrer sur le bureau.

Double-clique sur l'icône HijackThis :

HijackThis démarre, c'est le premier bouton qui nous intéresse "Do a system scan and save a logfile" (le fichier "log" est le rapport).

Clique dessus.

Copie-colle le contenu du rapport qui va s'afficher dans le Bloc-notes dans ta prochaine réponse.

sharris · le 8 août 2008

Bonjour,

Tout d'abord merci beaucoup pour ta disponibilité et ta réponse! Je n'ai malgré tout pas pu m'empecher d'appliquer quelques remèdes entre mon post initial et ta réponse! (Hijack puis ComboFix et enfin SDFix en mode sans échec, donc voici les trois rapport). Voilà où j'en suis pour le moment, j'espère ne pas avoir fait de bétises!!! Une nouvelle fois, merci de prendre le temps de m'aider!

Voici le rapport HikackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:47:33, on 08/08/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Stardock\SDMCP.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\NVATray.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\lphca9tj0e71a.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe

C:\Program Files\TRENDnet\TRENDnet TEW-424UB\TRENDnet.exe

C:\Program Files\palmOne\HOTSYNC.EXE

C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\RunOnce: [spybotDeletingA952] command /c del "C:\WINDOWS\system32\blphca9tj0e71a.scr_old"

O4 - HKLM\..\RunOnce: [spybotDeletingC6976] cmd /c del "C:\WINDOWS\system32\blphca9tj0e71a.scr_old"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\RunOnce: [spybotDeletingB4869] command /c del "C:\WINDOWS\system32\blphca9tj0e71a.scr_old"

O4 - HKCU\..\RunOnce: [spybotDeletingD9915] cmd /c del "C:\WINDOWS\system32\blphca9tj0e71a.scr_old"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE

O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubisoft\Eagle Dynamics\Lock On\Register\schedule.exe

O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm

O8 - Extra context menu item: &Télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (Contrôleur de DownloadManager) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.6.0.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1115726530359

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{438FD138-E0DB-4075-B51F-FFE7BB7EA796}: NameServer = 208.67.220.220,208.67.222.222

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 11488 bytes

J'ai ensuite fait un combofix (après avoir désactivé la restauration système) dont voici le rapport:

ComboFix 08-08-07.05 - Camran 2008-08-08 14:55:01.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1326 [GMT 2:00]

Endroit: C:\Documents and Settings\Camran\Bureau\ComboFix.exe

* Création d'un nouveau point de restauration

* Resident AV is active

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk

C:\Documents and Settings\Camran\Application Data\macromedia\Flash Player\#SharedObjects\XA942K59\interclick.com

C:\Documents and Settings\Camran\Application Data\macromedia\Flash Player\#SharedObjects\XA942K59\interclick.com\ud.sol

C:\Documents and Settings\Camran\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com

C:\Documents and Settings\Camran\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol

C:\WINDOWS\system32\_000008_.tmp.dll

C:\WINDOWS\system32\_000009_.tmp.dll

C:\WINDOWS\system32\lphca9tj0e71a.exe

C:\WINDOWS\system32\phca9tj0e71a.bmp

.

((((((((((((((((((((((((((((( Fichiers créés 2008-07-08 to 2008-08-08 ))))))))))))))))))))))))))))))))))))

.

2008-08-08 14:29 . 2008-08-08 14:29 <REP> d-------- C:\Program Files\Trend Micro

2008-08-08 13:46 . 2008-08-08 13:46 <REP> d-------- C:\WINDOWS\LastGood

2008-08-08 13:46 . 2008-08-08 14:48 <REP> d-------- C:\WINDOWS\BDOSCAN8

2008-08-08 13:29 . 2008-08-08 13:29 60,928 --------- C:\WINDOWS\system32\blphca9tj0e71a.scr_old

2008-08-05 10:40 . 2008-08-05 10:59 <REP> d--hs---- C:\Documents and Settings\All Users\DRM

2008-08-04 22:24 . 2008-08-04 22:24 <REP> d-------- C:\Program Files\Windows Resource Kits

2008-08-04 21:21 . 2008-08-04 21:21 <REP> d-------- C:\Program Files\Fichiers communs\Adobe AIR

2008-08-02 19:02 . 2008-08-02 19:02 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys

2008-08-02 19:02 . 2008-08-02 19:02 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys

2008-08-02 18:52 . 2008-08-02 18:52 <REP> d-------- C:\Program Files\Perry Rhodan

2008-07-29 01:05 . 2008-08-02 19:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-07-29 01:05 . 2008-07-29 01:05 1,409 --a------ C:\WINDOWS\QTFont.for

2008-07-27 20:03 . 2008-07-27 20:03 <REP> d-------- C:\Documents and Settings\Camran\Application Data\MailFrontier

2008-07-27 20:00 . 2008-08-08 15:02 14,230,304 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-07-27 20:00 . 2008-08-08 12:49 151,544 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-07-27 19:54 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe

2008-07-27 19:53 . 2008-07-27 19:53 <REP> d-------- C:\Program Files\Zone Labs

2008-07-19 17:30 . 2008-07-19 19:18 <REP> d-------- C:\Program Files\MPCHC

2008-07-19 17:27 . 2008-06-22 20:33 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll

2008-07-19 17:27 . 2008-06-22 20:33 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-07-19 17:27 . 2008-06-22 20:33 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-08 12:00 --------- d-----w C:\Program Files\Coolstreaming

2008-08-08 11:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-08-08 10:51 1,829,843 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip

2008-08-08 10:11 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-08-08 08:43 --------- d-----w C:\Documents and Settings\Camran\Application Data\XnView

2008-08-08 08:32 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT

2008-08-05 19:37 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-08-05 13:22 --------- d-----w C:\Program Files\Minilyrics

2008-08-04 20:55 --------- d-----w C:\Program Files\Opera

2008-08-02 16:38 --------- d-----w C:\Program Files\GrabIt

2008-08-02 14:26 --------- d-----w C:\Program Files\gx-mod

2008-07-23 14:39 --------- d-----w C:\Documents and Settings\Sarah\Application Data\skypePM

2008-07-21 21:33 --------- d-----w C:\Program Files\mIRC

2008-07-19 15:27 --------- d-----w C:\Program Files\ffdshow

2008-07-16 19:34 --------- d-----w C:\Program Files\Winamp

2008-07-12 16:01 --------- d-----w C:\Documents and Settings\Camran\Application Data\Skype

2008-07-12 16:00 --------- d-----w C:\Documents and Settings\Camran\Application Data\skypePM

2008-07-10 16:09 --------- d-----w C:\Documents and Settings\Camran\Application Data\Azureus

2008-07-09 10:12 --------- d-----w C:\Program Files\ARWizard3

2008-07-09 07:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll

2008-07-07 11:42 --------- d-----w C:\Program Files\Fichiers communs\Nikon

2008-07-07 11:42 --------- d-----w C:\Documents and Settings\Camran\Application Data\Nikon

2008-07-07 11:24 --------- d-----w C:\Documents and Settings\Camran\Application Data\DxO Labs

2008-07-07 11:23 --------- d-----w C:\Program Files\Fichiers communs\PACE Anti-Piracy

2008-07-07 11:23 --------- d-----w C:\Program Files\DxO Labs

2008-07-07 11:23 --------- d-----w C:\Documents and Settings\Camran\Application Data\PACE Anti-Piracy

2008-07-07 11:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy

2008-07-07 11:13 --------- d-----w C:\Program Files\InterLok

2008-07-06 08:15 --------- d-----w C:\Program Files\THE Rename

2008-07-05 12:22 --------- d-----w C:\Program Files\Photomatix

2008-07-05 12:16 --------- d-----w C:\Program Files\easyHDR BASIC

2008-07-05 12:14 --------- d-----w C:\Documents and Settings\Camran\Application Data\fdrtools.com

2008-07-05 12:06 --------- d-----w C:\Program Files\AGS Technik

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-11 22:55 --------- d-----w C:\Documents and Settings\Sarah\Application Data\Skype

2008-06-10 13:32 --------- d-----w C:\Documents and Settings\Camran\Application Data\ArcSoft

2008-06-10 13:31 --------- d-----w C:\Program Files\SanDisk

2008-06-02 07:07 47,686 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_06_01_13_55_37_small.dmp.zip

2008-05-20 06:57 47,842 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_05_19_19_05_03_small.dmp.zip

2008-05-16 18:58 46,437 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_05_15_19_46_46_small.dmp.zip

2007-03-17 23:24 1 -c--a-w C:\Documents and Settings\Camran\SI.bin

2004-05-25 13:04 32,768 ----a-w C:\Program Files\mozilla firefox\plugins\AppSub32.dll

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:07 1289000]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-30 14:45 1829712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52 221184]

"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 12:31 458752]

"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 12:24 217088]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 07:31 208952]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-30 14:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-30 14:00 455168]

"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-08 01:15 600896]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25 257088]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 22:01 71216]

"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 17:21 54832]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]

"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]

"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-20 01:09 160768]

"nwiz"="nwiz.exe" [2007-09-17 01:07 1626112 C:\WINDOWS\system32\nwiz.exe]

"NVIDIA nForce APU1 Utilities"="NVATray.exe" [2002-01-19 09:33 45056 C:\WINDOWS\system32\NVATray.exe]

"NvMediaCenter"="NvMCTray.dll" [2007-09-17 01:07 81920 C:\WINDOWS\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

C:\Documents and Settings\Sarah\Menu D‚marrer\Programmes\D‚marrage\

Konfabulator.lnk - C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe [2005-08-04 19:31:16 1282048]

C:\Documents and Settings\Camran\Menu D‚marrer\Programmes\D‚marrage\

HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE [2004-04-13 17:03:10 299008]

Konfabulator.lnk - C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe [2005-08-04 19:31:16 1282048]

Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2005-05-10 14:28:33 1339392]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Monitor.lnk - C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2008-06-10 15:31:20 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]

2003-08-25 11:25 139264 C:\Program Files\Fichiers communs\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=NVDESK32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3acm"= l3codecp.acm

"aux"= ctwdm32.dll

"msacm.imc"= imc32.acm

"aux1"= ctwdm32.dll

"aux3"= ctwdm32.dll

"vidc.X264"= x264vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk

backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TEW-424UB Utility.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\TEW-424UB Utility.lnk

backup=C:\WINDOWS\pss\TEW-424UB Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-20 01:09 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2007-04-27 11:25 257088 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

--a--c--- 2004-10-08 12:06 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a--c--- 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2005-08-13 15:00 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

--a------ 2007-01-29 13:07 3718312 C:\Program Files\TomTom HOME\TomTomHOME.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

--a--c--- 2005-10-24 16:53 307200 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"C:\\Program Files\\SmartFTP\\SmartFTP.exe"=

"C:\\Program Files\\mIRC\\mirc.exe"=

"C:\\Program Files\\Sop Cast\\SopCast.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\WINDOWS\\system32\\dpnsvr.exe"=

"C:\\Program Files\\FlashGet\\flashget.exe"=

"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 17:51]

S0 st3shark;st3shark;C:\WINDOWS\system32\DRIVERS\st3shark.sys []

S2 MPManF50;MPMan F50 USB Driver;C:\WINDOWS\system32\Drivers\MPManF50.sys []

S3 EWAVE;EWAVE;C:\WINDOWS\system32\drivers\ew.sys []

S3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 21:12]

S3 FILESPY;FILESPY;C:\WINDOWS\system32\drivers\FILESPY.sys []

S3 NSTATION;NSTATION;C:\WINDOWS\system32\drivers\nstation.sys []

S3 ZD1211U(CellVision);TRENDnet 802.11g wireless USB TEW-424UB(CellVision);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-09-29 11:00]

S3 zlportio;zlportio;C:\Documents and Settings\Camran\Bureau\StarFucker v0.82 Beta - Lite Version\zlportio.sys []

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-googletalk - C:\Program Files\Google\Google Talk\googletalk.exe

MSConfigStartUp-lphca9tj0e71a - C:\WINDOWS\system32\lphca9tj0e71a.exe

MSConfigStartUp-SMrhce9tj0e71a - C:\Program Files\rhce9tj0e71a\rhce9tj0e71a.exe

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Camran\Application Data\Mozilla\Firefox\Profiles\ge4w0100.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.yahoo.fr

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-08 15:01:49

Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PSSdk21]

"ImagePath"="\??\C:\WINDOWS\system32\Drivers\HNPsSdk.drv"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"

.

Temps d'accomplissement: 2008-08-08 15:04:41

ComboFix-quarantined-files.txt 2008-08-08 13:03:38

Pre-Run: 11,469,754,368 octets libres

Post-Run: 11,610,607,616 octets libres

232 --- E O F --- 2008-07-13 11:16:00

Enfin, j'ai exécuté sdfix en mode sans échec:

SDFix: Version 1.214

Run by Camran on 08/08/2008 at 15:20

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Checking Services :

Restoring Default Security Values

Restoring Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\Documents and Settings\Camran\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com\settings.sol - Deleted

C:\Documents and Settings\Camran\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk - Deleted

Folder C:\Documents and Settings\Camran\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com - Removed

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-08 15:31:01

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]

"khjeh"=hex:20,02,00,00,12,19,96,89,3e,ce,e4,bc,d6,66,b8,2a,fb,d9,0e,d0,8d,..

"hj34z0"=hex:83,04,be,b6,79,3b,ae,5e,e9,94,19,a4,1e,65,1c,9d,ae,61,60,83,0d,..

"hj34z1"=hex:12,04,be,b6,01,3b,ae,5e,e8,94,18,a4,1f,65,1c,9d,ae,61,60,83,6d,..

"hj34z2"=hex:12,04,be,b6,01,3b,ae,5e,e8,94,18,a4,1f,65,1c,9d,ae,61,60,83,6d,..

"hj34z3"=hex:12,04,be,b6,01,3b,ae,5e,e8,94,18,a4,1f,65,1c,9d,ae,61,60,83,6d,..

"hj34z4"=hex:12,04,be,b6,01,3b,ae,5e,e8,94,18,a4,1f,65,1c,9d,ae,61,60,83,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:a2be8941

"s2"=dword:b6f30b13

"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:9a,6d,0c,0d,4a,4b,11,05,c0,83,18,d9,80,99,64,53,a2,9b,23,06,2c,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:9a,6d,0c,0d,4a,4b,11,05,c0,83,18,d9,80,99,64,53,a2,9b,23,06,2c,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\IME\China\IMEPY\TIPMIG]

"Migrated"=hex(b):80,2f,1e,e7,ae,88,c6,01

"S-1-5-18"="\0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]

"OODEFRAG08.00.00.01WORKSTATION"="A1944049114231C6749AE13CBA0E0A4225F406C0384E7D990DD4ED10EAFEBC9E127BECC74CF

EBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8E

DD5E5BE2F6E667A6171C11EC38DE3DA2D97226D213B555BA7FD869164D6794E4650EAB0F68E5C5791

B2D5E76C47718A2324BEBC1DDA5DE97B83793D1C5198B47A1D9C6351B279DC187FAF5D7EE924F37BA

0B20C582EA15FD240536014A6AE4B075DAD35D4A7159562675C3FA3D8D961DCAC14D430E0B8CA6AC5

1E27C1EA282DF44068FEDDFA871ED70523E10BD5832A58D87CBD1542B781B5335EF68FA3823B78495

6C3298B25363710C16ABD16EDB46473827EFFC72FE8AAF0EE3C96D2479BEC3088ED987FA5CB84A642

D46B1C8BF174AF49EFD040EB9C66A7CFB8C55E4ACA09E9FCF7812EEE311AE5B1A3CE767805502A0A5

43B8AF374542E6297DE8FA57ABC9613E8572822FB3E63A28CED2CF32E16AE464E7400BF79F89758ED

030ED89D28C199B5D36ACFB0D4F8BD4A02686DC4116ABB47910D97314A795871C0845C52DC1D3DCBC

BD66F82DD81FD3BAE61B001EA92729E7F456938415781DD9A110827658642BC940AFCB470786890BF

0198AC2DC4A020B8F4436766192926700DF2C0C54E0E489488A8A34F199925F7397E2A2FE4EB89BD3

66AD94AE1EDA88FEC920F14D239BE931FDC2EEC6F3BD6EF02CDF50F0ADF7368706BF2C33172063496

8324E6D4914B72F93741944F40BCEC072D08628AAA0DDC7EEA5B038BF3C815FD7AAEC7535C8A8C6DB

13F341BE33FE8B8B7620ADC844F505F10EB59D1CC252973B423BB70E66D2D1E886E8A339A0DDD29A0

4A09DCEABC802659B7654F6F5281AB629CD9A3D4E31FD50AA05680F7030674625AB2ACAD283D59F63

50E3DCCFB86275035B9AF097A4CDACD0752030761EF0BB7409990BE7B8EE7F6FC5641E7B9EC22565B

D471C0AEF961EBB906FCE3833E8A80527C3A54FDB0AE33F7B07505A5960F55C744373A33A82C6A3CD

8DE2F1E1A0C2DA1717F09F48BCB1433D0CCC8149B11F66224672160F0ECC34C6C7A78F7DB8416E8C9

40A2639EE52E1F7CBB038B606D8F60E1A5647DD0C5B0F3EFD1B37BFA8DE2D6150D1E0D25AB274BDAD

DCFBCB7DE1F4A29F2250F9A2A1C7972402BBC23BDAF81274EA839891424BC3B1F6FC948B7B3C6F4A9

A7F1CCAD06459C1E1A908107A2640BEBD7573767626E369689F07F9EA9AA6A0CB54DCD29F63B07507

3FF319057E2F0077D332C1C7BC1D7C5D7C77E57AD29F3E0386BDDBC933EC6D7F6E4F1C453D499C876

D067EB2B712A3C7DFA0BF779C5651517F22DB8E390270205EC5350C941B9023C3048DB8B586ADDBCA

21CCB4A3671F0EDACF9D2E4B08D3FEE9E8D2ABAAD4E5BF11A5215D48E47D93F1FA248506967DD26B7

4BDF1B7BA04771E2B38FC16CCBF1D"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]

"TracesProcessed"=dword:000000be

"TracesSuccessful"=dword:00000009

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"

"C:\\Program Files\\SmartFTP\\SmartFTP.exe"="C:\\Program Files\\SmartFTP\\SmartFTP.exe:*:Enabled:SmartFTP Client"

"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"

"C:\\Program Files\\Sop Cast\\SopCast.exe"="C:\\Program Files\\Sop Cast\\SopCast.exe:*:Enabled:SoP Client"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"

"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"

"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"

"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"

"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"

"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]