[Résolu] Trojan.Vundo élimination/réapparition (Vista64)

[xeniumproduction]

Bonjour,

Je suis infecté par un virus du style Trojan.Vundo (d'après Malwarebytes' Anti-Malware).

J'ai beau scanné avec Trend Micro PcCillin 2008, il voit un Trojan qu'il supprime mais sans efficacité.

J'ai donc utilisé Malwarebytes' Anti-Malware, fait un scan du système entier et rebooter pour éliminer tous les fichiers infectés.

Sans succès, une fois reboot d'autre fichier d'un autre nom mais au même endroit prennent leurs places.

Après avoir répété 3 fois un scan de Malwarebytes' Anti-Malware, sans pourvoir stopper leur réapparition, je n'ai d'autre choix que de venir trouver de l'aide.

Je vous en remercie d'avance.

(Je suis sous Vista64 et donc ComboFix ne fonctionne pas)

 

Rapport HiJackThis :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:25:52, on 30/10/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\SysWOW64\conime.exe

C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\PcCoolerMaster\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [uVS11 Preload] "C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\opnopPJa.dll,#1

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O13 - Gopher Prefix:

O15 - Trusted Zone: http://asia.msi.com.tw

O15 - Trusted Zone: http://global.msi.com.tw

O15 - Trusted Zone: http://www.msi.com.tw

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab

O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15106/CTPID.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - AppInit_DLLs: kgagfd.dll

O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 11002 bytes

 

 

 

 

 

 

Rapport Malwarebytes' Anti-Malware :

 

Malwarebytes' Anti-Malware 1.30

Version de la base de données: 1338

Windows 6.0.6001 Service Pack 1

 

30/10/2008 12:12:50

mbam-log-2008-10-30 (12-12-50).txt

 

Type de recherche: Examen rapide

Eléments examinés: 45632

Temps écoulé: 2 minute(s), 46 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 1

Clé(s) du Registre infectée(s): 1

Valeur(s) du Registre infectée(s): 2

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 3

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

C:\Windows\System32\jkkKbaYQ.dll (Trojan.Vundo) -> Delete on reboot.

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\CLSID\{302d49ca-575b-4262-9b8c-2f26c2d9f83a} (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{302d49ca-575b-4262-9b8c-2f26c2d9f83a} (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\Windows\System32\jkkKbaYQ.dll (Trojan.Vundo) -> Delete on reboot.

C:\Windows\SysWOW64\jkkKbaYQ.dll (Trojan.Vundo) -> Delete on reboot.

C:\Users\PcCoolerMaster\AppData\Local\Temp\tmp00010492 (Trojan.Vundo) -> Quarantined and deleted successfully.

Modifié le 31 octobre 2008 par xeniumproduction

[Thanos]

salut

 

Ici la difficulté tient au fait que peu de programmes que nous utilisons fonctionnent sur un Vista 64!

 

J'aimerai stp que tu fasses analyser un fichier pour lequel je n'ai aucune info >

 

Rend toi à cette adresse => http://www.virustotal.com/

 

Tu as une case nommée "Parcourir": tu cliques dessus et une fenêtre s'ouvre=> copie/colle ceci dans le champs à droite de "Nom du Fichier" en bas de page >> C:\windows\system32\kgagfd.dll

Il est possible que le fichier en question n'existe pas sous le répertoire indiqué, auquel cas tu reçevras un message d'erreur (fichier introuvable).

Si c'est le cas, cpie/colle ceci dans le champs à droite de "Nom du Fichier" en bas de page >> C:\windows\kgagfd.dll

Clique maintenant sur "ouvrir" en bas de la fenêtre puis sur "Envoyer le fichier". Le scan de ce fichier va débuter. Tu n'as plus qu'à sélectionner puis copier /coller l'analyse dans ton prochain message.

Note: les fichiers uploadés sont mis en attente, car le virusscan est sollicité! patiente (un message t'indique le temps que ca prendra pour faire analyser)

 

Je te prépare une procédure...

[Thanos]

re!

 

Je vais te demander de me poster ce rapport en plus >>

 

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

• Double-clique sur RSIT.exe afin de lancer RSIT.
  
• Clique Continue à l'écran Disclaimer.
  
• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
  ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  
• Si tu ne vois pas ces deux rapports, tu les trouveras dans le dossier C:\rsit
  

Ton antivirus ne smble pas fonctionner correctement au vu de ton rapport hijackthis: est ce le cas ?

[xeniumproduction]

Merci de la Rapidité de réponse.

 

Voici le rapport de : VirusTotal.com

 

Antivirus----------------Version-----------------Dernière mise à jour------------Résultat

AhnLab-V3--------------2008.10.30.1-----------2008.10.30

AntiVir-------------------7.9.0.10----------------2008.10.30------------------------TR/Crypt.FKM.Gen

Authentium--------------5.1.0.4-----------------2008.10.30

Avast--------------------4.8.1248.0--------------2008.10.29

AVG----------------------8.0.0.161---------------2008.10.30

BitDefender--------------7.2----------------------2008.10.30

CAT-QuickHeal----------9.50---------------------2008.10.29

ClamAV------------------0.93.1-------------------2008.10.30

DrWeb-------------------4.44.0.09170------------2008.10.30

eSafe---------------------7.0.17.0-----------------2008.10.29---------------------Suspicious File

eTrust-Vet----------------31.6.6180---------------2008.10.29

Ewido----------------------4.0----------------------2008.10.30

F-Prot----------------------4.4.4.56----------------2008.10.29

F-Secure-------------------8.0.14332.0------------2008.10.30

Fortinet---------------------3.117.0.0---------------2008.10.28

GData----------------------19------------------------2008.10.30

Ikarus----------------------T3.1.1.44.0-------------2008.10.30--------------------Trojan.Vundo

K7AntiVirus----------------7.10.512-----------------2008.10.30

Kaspersky------------------7.0.0.125----------------2008.10.30

McAfee----------------------5418---------------------2008.10.30

Microsoft-------------------1.4005--------------------2008.10.30-------------------Trojan:Win32/Vundo.IB

NOD32---------------------3570----------------------2008.10.30-------------------a variant of Win32/Adware.Virtumonde.NCV

Norman--------------------5.80.02-------------------2008.10.29

Panda----------------------9.0.0.4--------------------2008.10.29 -

PCTools--------------------4.4.2.0--------------------2008.10.30 -

Prevx1----------------------V2------------------------2008.10.30------------------Fraudulent Security Program

Rising-----------------------21.01.32.00--------------2008.10.30 -

SecureWeb-Gateway------6.7.6----------------------2008.10.30------------------Trojan.Crypt.FKM.Gen

Sophos----------------------4.35.0--------------------2008.10.30 -

Sunbelt----------------------3.1.1764.1---------------2008.10.29 -

Symantec-------------------10-------------------------2008.10.30 -

TheHacker-------------------6.3.1.1.134--------------2008.10.30 -

TrendMicro-------------------8.700.0.1004------------2008.10.30 -

VBA32------------------------3.12.8.9------------------2008.10.30 -

ViRobot-----------------------2008.10.30.1445--------2008.10.30 -

VirusBuster-------------------4.5.11.0------------------2008.10.29 -

 

 

Information additionnelle

File size: 113152 bytes

MD5...: 281b043a1630fcd84f01305a27bb80d9

SHA1..: 8033836aedf793c154475ed3533d5c7853db458f

SHA256: 25b5c1cea57bd623bcd79ee991522203d48df879826ecf418849d703b35c2b9a

SHA512: 888bdeb4ad40508f092a48ac2a56b59c9057d27977ebee37f38818c037dc9674

403db48ed5c3f50a9ba40c1547985ae6ee407f335e52339d38ee42d4cf9e7438

PEiD..: -

TrID..: File type identification

UPX compressed Win32 Executable (39.5%)

Win32 EXE Yoda's Crypter (34.3%)

Win32 Executable Generic (11.0%)

Win32 Dynamic Link Library (generic) (9.8%)

Generic Win/DOS Executable (2.5%)

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x1003c140

timedatestamp.....: 0x48b8e274 (Sat Aug 30 06:02:28 2008)

machinetype.......: 0x14c (I386)

 

( 3 sections )

name viradd virsiz rawdsiz ntrpy md5

UPX0 0x1000 0x21000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

UPX1 0x22000 0x1b000 0x1ae00 7.99 20794492998685ca0cac631e70f9bc3f

.rsrc 0x3d000 0x1000 0x800 2.78 9af0b76c7294acc092cb738e2f469f72

 

( 3 imports )

> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree

> advapi32.dll: RegCloseKey

> user32.dll: ToAscii

 

( 0 exports )

 

Prevx info: http://info.prevx.com/aboutprogramtext.asp...C597700ADCD52A3

packers (Kaspersky): UPX

packers (F-Prot): UPX_LZMA

 

 

 

 

Rapport RSIT (info):

 

info.txt logfile of random's system information tool 1.04 2008-10-30 14:11:53

 

======Uninstall list======

 

-->"C:\Program Files (x86)\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}

-->MsiExec /X{CD6E97C6-310B-487A-945E-18965FF0E20E}

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{12321490-F573-4815-B6CC-7ABEF18C9AC4}\setup.exe" -l0x40c

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x40c

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c /remove

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\setup.exe" -l0x40c

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x40c

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x40c /remove

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {00C5525B-3CB3-467D-8100-2E6FB306CD86}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-002A-040C-1000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}

Adobe After Effects CS3 Third Party Content-->C:\Program Files (x86)\Common Files\Adobe\Installers\3675c95c239b992d5d0ee8fce969b9e\Setup.exe

Adobe After Effects CS3 Third Party Content-->MsiExec.exe /I{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}

Adobe After Effects CS3-->MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}

Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}

Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}

Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}

Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}

Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}

Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}

Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}

Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}

Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}

Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}

Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}

Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}

Adobe Contribute CS3-->MsiExec.exe /I{F84ADE4E-9220-4324-994D-801EDD9DD251}

Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{5D2398DF-3022-4820-93BA-F1175FBEA9CA}

Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}

Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}

Adobe Dreamweaver CS3-->MsiExec.exe /I{4BDB76C6-902E-41D5-9064-68768E02886B}

Adobe Encore CS3 Codecs-->MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}

Adobe Encore CS3-->MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}

Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}

Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}

Adobe Fireworks CS3-->MsiExec.exe /I{21C4D775-368A-46C4-8DC3-4207165B7115}

Adobe Flash CS3-->MsiExec.exe /I{80FD3971-8482-49C8-BA8C-B6464A15882F}

Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}

Adobe Flash Player ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Video Encoder-->MsiExec.exe /I{1B0BCA28-1F11-4D60-8A2F-DEBE04B5341E}

Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}

Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}

Adobe Illustrator CS3-->MsiExec.exe /I{6E08CE13-C2AB-4749-9335-5900B958929E}

Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}

Adobe InDesign CS3-->MsiExec.exe /I{FE8327F9-3AC1-4586-8C7E-3DEE2BC92441}

Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}

Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}

Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}

Adobe Photoshop CS3-->MsiExec.exe /I{C1FA4B3B-1625-4922-9C9D-780E8FCE161A}

Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}

Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}

Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}

Adobe Setup-->MsiExec.exe /I{004685F7-9FB6-4789-812F-59ABB34A55AF}

Adobe Setup-->MsiExec.exe /I{1628F6BD-5ED1-4FD1-B90F-C106AF4E00F0}

Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}

Adobe Soundbooth CS3 Codecs-->MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}

Adobe Soundbooth CS3-->MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}

Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}

Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}

Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}

Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}

Adobe Version Cue CS3 Server-->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}

Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}

Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}

Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}

Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}

Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}

adsl TV-->C:\Program Files (x86)\adslTV\Uninstal.exe

AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}

Ajouter ou supprimer Adobe Creative Suite 3 Master Collection-->C:\Program Files (x86)\Common Files\Adobe\Installers\b5d5789539ea1f004a4defceea74312\Setup.exe

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Archiveur WinRAR-->C:\Program Files (x86)\WinRAR\uninstall.exe

CloneCD-->"C:\Program Files (x86)\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files (x86)\SlySoft\CloneCD"

Combined Community Codec Pack 2008-01-24-->"C:\Program Files (x86)\Combined Community Codec Pack\unins000.exe"

Creative ALchemy-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{12321490-F573-4815-B6CC-7ABEF18C9AC4}\setup.exe" -l0x40c /remove

Creative Audio Console-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x40c /remove

Creative Software AutoUpdate-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\setup.exe" -l0x40c /remove

DMI Browse-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\MSI\DMI Browser\Uninst.isu"

Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}

HijackThis 2.0.2-->"C:\Users\PcCoolerMaster\Desktop\HijackThis.exe" /uninstall

InterVideo DeviceService-->MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}

Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"

Messenger Plus! Live-->"C:\Program Files (x86)\Messenger Plus! Live\Uninstall.exe"

Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}

Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}

Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

mIRC-->C:\Program Files (x86)\mIRC\uninstall.exe _?=C:\Program Files (x86)\mIRC

Mozilla Firefox (3.0.3)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

Mozilla Thunderbird (2.0.0.17)-->C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

Nero 9-->C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

NVIDIA PhysX v8.06.12-->MsiExec.exe /X{CD6E97C6-310B-487A-945E-18965FF0E20E}

PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}

QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}

Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}

Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}

Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}

Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}

Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}

Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}

Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}

Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}

Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}

SmartFTP Client 3.0 Setup Files (remove only)-->C:\Program Files (x86)\SmartFTP Client 3.0 Setup Files\uninst-sftp.exe

SmartFTP Client Setup Files 3.0 (x64) (remove only)-->C:\Program Files (x86)\SmartFTP Client 3.0 (x64) Setup Files\uninst-sftp.exe

Sothink SWF Decompiler-->"C:\Program Files (x86)\SourceTec\Sothink SWF Decompiler\unins000.exe"

System Requirements Lab-->C:\Program Files (x86)\SystemRequirementsLab\Uninstall.exe

TeamSpeak 2 RC2-->C:\Jeux\Teamspeak2_RC2\unins000.exe

Trapcode 3DStroke-->C:\Windows\unvise32.exe C:\Program Files (x86)\Adobe\Adobe After Effects CS3\Support Files\Plug-ins\trapcode3Dstroke.log

Trapcode Form-->C:\Windows\unvise32.exe C:\Program Files (x86)\Adobe\Adobe After Effects CS3\Support Files\Plug-ins\trapcodeform.log

Trapcode Particular-->C:\Windows\unvise32.exe C:\Program Files (x86)\Adobe\Adobe After Effects CS3\Support Files\Plug-ins\trapcodeparticular.log

Trapcode Shine-->C:\Windows\unvise32.exe C:\Program Files (x86)\Adobe\Adobe After Effects CS3\Support Files\Plug-ins\trapcodeShine.log

Trapcode Starglow-->C:\Windows\unvise32.exe C:\Program Files (x86)\Adobe\Adobe After Effects CS3\Support Files\Plug-ins\trapcodeStarglow.log

Ulead VideoStudio 11-->C:\Program Files (x86)\InstallShield Installation Information\{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}\setup.exe -runfromtemp -l0x040c

Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}

Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}

Update for Outlook 2007 Junk Email Filter (kb957258)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E070CDA4-A8DD-47FA-89A0-F5DA5D5DDFF9}

Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}

Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}

Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

World of Warcraft-->C:\Program Files (x86)\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe

Wow Cartographe 1.08b-->C:\Program Files (x86)\WowCartographe\uninst.exe

 

======Security center information======

 

AV: Trend Micro Internet Security

AS: Windows Defender

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\QuickTime\QTSystem\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=AMD64

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 7, GenuineIntel

"PROCESSOR_REVISION"=1707

"NUMBER_OF_PROCESSORS"=4

"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat

"DFSTRACINGON"=FALSE

"CLASSPATH"=.;C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip

"QTJAVA"=C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip

 

-----------------EOF-----------------

 

 

Rapport RSIT (log) :

 

Logfile of random's system information tool 1.04 (written by random/random)

Run by PcCoolerMaster at 2008-10-30 14:11:48

Microsoft® Windows Vista™ Édition Intégrale Service Pack 1

System drive C: has 229 GB (48%) free of 477 GB

Total RAM: 4094 MB (61% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:11:52, on 30/10/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\SysWOW64\conime.exe

C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\PcCoolerMaster\Desktop\RSIT.exe

C:\Users\PcCoolerMaster\Desktop\PcCoolerMaster.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: {3c9378d9-b188-a329-2bb4-87507a0d89a0} - {0a98d0a7-0578-4bb2-923a-881b9d8739c3} - C:\Windows\SysWow64\kgagfd.dll

O2 - BHO: (no name) - {217C8B03-9156-48AD-ABB6-160B91E68E55} - C:\Windows\SysWow64\vtUnLEUM.dll (file missing)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [uVS11 Preload] "C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\opnopPJa.dll,#1

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O13 - Gopher Prefix:

O15 - Trusted Zone: http://asia.msi.com.tw

O15 - Trusted Zone: http://global.msi.com.tw

O15 - Trusted Zone: http://www.msi.com.tw

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab

O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15106/CTPID.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - AppInit_DLLs: kgagfd.dll

O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 11292 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0a98d0a7-0578-4bb2-923a-881b9d8739c3}]

C:\Windows\SysWow64\kgagfd.dll [2008-10-30 113152]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{217C8B03-9156-48AD-ABB6-160B91E68E55}]

C:\Windows\SysWow64\vtUnLEUM.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-27 118784]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2007-05-10 624248]

""= []

"Adobe_ID0EYTHM"=C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]

"CloneCDTray"=C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]

"UVS11 Preload"=C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [2008-09-05 341488]

"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

"SPIRunE"=Rundll32 SPIRunE.dll []

"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2008-09-06 413696]

"AppleSyncNotifier"=C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]

"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2008-10-01 289576]

"MSServer"=C:\Windows\system32\opnopPJa.dll [2008-10-29 32768]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1555968]

"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 138240]

"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="kgagfd.dll"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

"{302D49CA-575B-4262-9B8C-2F26C2D9F83A}"=C:\Windows\SysWow64\opnopPJa.dll [2008-10-29 32768]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

C:\\Windows\\system32\\pmNEtTmM

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableTaskMgr"=0

"NoDispScrSavPage"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"EnableLUA"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=

"NoActiveDesktopChanges"=

"ForceActiveDesktopOn"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

======File associations======

 

.js - open - "C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

.reg - open - regedit.exe "%1" %*

 

======List of files/folders created in the last 1 months======

 

2008-10-30 14:11:48 ----D---- C:\rsit

2008-10-30 13:20:33 ----A---- C:\Windows\system32\pmNEtTmM.dll

2008-10-30 12:20:30 ----A---- C:\Windows\system32\ljJYOhFx.dll

2008-10-30 12:14:58 ----A---- C:\Windows\system32\opnopPJa.dll

2008-10-30 11:26:50 ----D---- C:\Windows\ERDNT

2008-10-30 11:26:50 ----D---- C:\Qoobox

2008-10-30 11:26:50 ----D---- C:\combo-fix

2008-10-30 11:26:49 ----A---- C:\Windows\system32\swsc.exe

2008-10-30 11:26:49 ----A---- C:\Windows\system32\CF20971.exe

2008-10-30 11:26:42 ----D---- C:\32788R22FWJFW

2008-10-30 11:22:05 ----A---- C:\Windows\system32\dDsPhifd.dll

2008-10-30 10:21:58 ----A---- C:\Windows\system32\kgagfd.dll

2008-10-30 10:21:48 ----A---- C:\Windows\system32\xuqbshfo.dll

2008-10-29 21:45:12 ----D---- C:\Users\PcCoolerMaster\AppData\Roaming\Google

2008-10-29 21:44:15 ----D---- C:\Program Files (x86)\Google

2008-10-29 18:23:59 ----A---- C:\Windows\system32\mnaegh.dll

2008-10-29 18:23:46 ----A---- C:\Windows\system32\lmvekham.dll

2008-10-29 18:20:41 ----A---- C:\Windows\system32\bd63692f-.txt

2008-10-29 11:59:22 ----ASH---- C:\Windows\system32\ELRYIiOq.ini2

2008-10-29 11:59:21 ----ASH---- C:\Windows\system32\KUCJjkkj.ini2

2008-10-29 11:59:21 ----ASH---- C:\Windows\system32\KUCJjkkj.ini

2008-10-29 11:59:21 ----ASH---- C:\Windows\system32\ELRYIiOq.ini

2008-10-19 10:45:47 ----D---- C:\Windows\Minidump

2008-10-11 11:28:05 ----D---- C:\Program Files (x86)\MSXML 4.0

2008-10-06 08:21:50 ----D---- C:\Program Files (x86)\iPod

2008-10-06 08:21:49 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-06 08:21:49 ----D---- C:\Program Files (x86)\iTunes

2008-10-04 13:10:14 ----D---- C:\Users\PcCoolerMaster\AppData\Roaming\Nero

2008-10-04 11:54:33 ----D---- C:\Program Files (x86)\Nero

2008-10-04 11:53:53 ----D---- C:\ProgramData\Nero

2008-10-04 11:53:52 ----D---- C:\Program Files (x86)\Common Files\Nero

2008-10-04 11:52:53 ----A---- C:\Windows\system32\d3dx9_30.dll

 

======List of files/folders modified in the last 1 months======

 

2008-10-30 14:11:52 ----D---- C:\Windows\Prefetch

2008-10-30 14:03:41 ----D---- C:\Users\PcCoolerMaster\AppData\Roaming\uTorrent

2008-10-30 13:58:02 ----D---- C:\Program Files (x86)\Mozilla Firefox

2008-10-30 13:20:33 ----D---- C:\Windows\SysWOW64

2008-10-30 12:20:54 ----D---- C:\Windows\System32

2008-10-30 12:20:54 ----D---- C:\Windows\inf

2008-10-30 12:15:29 ----D---- C:\Windows\Temp

2008-10-30 11:26:50 ----D---- C:\Windows

2008-10-30 11:26:49 ----D---- C:\Windows\system32\en-US

2008-10-30 10:34:28 ----D---- C:\Users\PcCoolerMaster\AppData\Roaming\Adobe

2008-10-30 10:13:16 ----SHD---- C:\System Volume Information

2008-10-29 21:45:05 ----SHD---- C:\Windows\Installer

2008-10-29 21:44:15 ----RD---- C:\Program Files (x86)

2008-10-29 15:41:20 ----D---- C:\Users\PcCoolerMaster\AppData\Roaming\mIRC

2008-10-29 14:34:50 ----D---- C:\Program Files (x86)\mIRC

2008-10-29 11:15:54 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2008-10-29 11:15:53 ----D---- C:\Windows\system32\drivers

2008-10-21 12:05:46 ----RSD---- C:\Windows\Fonts

2008-10-21 11:53:25 ----D---- C:\Program Files (x86)\Mozilla Thunderbird

2008-10-21 10:12:56 ----D---- C:\Program Files (x86)\Microsoft Silverlight

2008-10-15 18:29:11 ----D---- C:\ProgramData\Microsoft Help

2008-10-12 11:20:03 ----D---- C:\Windows\winsxs

2008-10-11 13:08:22 ----D---- C:\ProgramData\NVIDIA

2008-10-06 08:21:49 ----RD---- C:\Program Files

2008-10-06 08:21:49 ----HD---- C:\ProgramData

2008-10-04 11:53:52 ----D---- C:\Program Files (x86)\Common Files

2008-10-03 20:05:45 ----D---- C:\ProgramData\WLInstaller

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys []

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver; C:\Windows\system32\DRIVERS\tmlwf.sys []

R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys []

R2 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys []

R2 tmpreflt;tmpreflt; C:\Windows\system32\DRIVERS\tmpreflt.sys []

R2 tmwfp;Trend Micro WFP Callout Driver; C:\Windows\system32\DRIVERS\tmwfp.sys []

R2 tmxpflt;tmxpflt; C:\Windows\system32\DRIVERS\tmxpflt.sys []

R2 vsapint;vsapint; C:\Windows\system32\DRIVERS\vsapint.sys []

R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2006-12-26 40648]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys []

R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx64.sys []

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []

R3 t3;Sound Blaster X-Fi Xtreme Audio (Vista); C:\Windows\system32\drivers\t3.sys []

S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys []

S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys []

S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []

S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []

S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []

S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\Windows\system32\DRIVERS\s116bus.sys []

S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s116mdfl.sys []

S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s116mdm.sys []

S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s116mgmt.sys []

S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\Windows\system32\DRIVERS\s116nd5.sys []

S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s116obex.sys []

S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\Windows\system32\DRIVERS\s116unic.sys []

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []

S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]

R2 Bonjour Service;Service Bonjour; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-08-29 238888]

R2 Capture Device Service;Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504]

R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2007-11-26 385024]

R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []

R2 SfCtlCom;Composant de commande centrale Trend Micro; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2008-07-29 817904]

R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2008-03-07 561928]

R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-08-18 654848]

R3 iPod Service;Service de l’iPod; C:\Program Files (x86)\iPod\bin\iPodService.exe [2008-10-01 536872]

R3 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2008-03-14 584624]

R3 tmproxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008-03-14 854280]

S3 Adobe Version Cue CS3;Adobe Version Cue CS3 {fr_FR} ; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]

S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-01-21 93696]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2008-09-09 79360]

S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]

S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504]

S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

 

-----------------EOF-----------------

[Thanos]

salut

 

On continue comme ceci: je te conseille de copier/coller les instructions qui suivent dans un fichier texte pour pouvoir les consulter en mode sans échec car tu n 'auras pas accès à internet >>

 

1°) Télécharge VundoFix.exe (par Atribune) sur ton Bureau. (ne le lance pas maintenant!)

 

Rend toi sur cette page afin de télécharger le fichier vundofix.vft sur ton Bureau > http://www.sendspace.com/file/8fk3be

pour cela, clique sur le lien en bas de page > Download Link: vundofix.vft

 

2°) Redémarre le PC, impérativement en mode sans échec.

• Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement.
  
• Tapote par alternance les touches [F8] et [F5] jusqu'à l'affichage du menu des options avancées de Windows.
  
• Sélectionne "Mode sans échec" et appuie sur la touche [Entrée].
  
• Choisis ton compte usuel, et non Administrateur.
  
• >> En images ici<<
  

3°) Démarre Hijackthis, clique sur "Do a system scan only", et coche les lignes suivantes :

O2 - BHO: {3c9378d9-b188-a329-2bb4-87507a0d89a0} - {0a98d0a7-0578-4bb2-923a-881b9d8739c3} - C:\Windows\SysWow64\kgagfd.dll

O2 - BHO: (no name) - {217C8B03-9156-48AD-ABB6-160B91E68E55} - C:\Windows\SysWow64\vtUnLEUM.dll (file missing)

 

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\opnopPJa.dll,#1

 

O20 - AppInit_DLLs: kgagfd.dll

-Ferme tous les programmes et clique sur "Fix Checked"

 

4°) Utilisation de VundoFix >>

• Double-clique VundoFix.exe afin de le lancer.
  
• Fait un glisser/déposer de ce fichier vundofix.vft dans la partie blanche de la case comme sur la capture >>
  
  
• Clique sur Remove Vundo
  
• Une invite te demandera si tu veux supprimer les fichiers, clique sur YES
  
• Après avoir cliqué sur "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
  
• Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique sur OK
  
• Démarre ton PC à nouveau.
  
• Copie/colle le contenu du rapport situé dans C:\vundofix.txt
  

Poste le rapport de VundoFix ainsi qu'un nouveau rapport RSIT (juste le rapport log.txt)

[xeniumproduction]

Et voici le Fameu Rapport (je crois que ça c'est bien passé):

[J'ai relancé un Rapport HiJackThis au redémarrage et les fichiers cochés n'y sont plus.]

 

Beginning removal...

 

Attempting to delete C:\Windows\system32\dDsPhifd.dll

C:\Windows\system32\dDsPhifd.dll Has been deleted!

 

Attempting to delete C:\Windows\system32\ELRYIiOq.ini

C:\Windows\system32\ELRYIiOq.ini Has been deleted!

 

Attempting to delete C:\Windows\system32\ELRYIiOq.ini2

C:\Windows\system32\ELRYIiOq.ini2 Has been deleted!

 

Attempting to delete C:\Windows\system32\KUCJjkkj.ini

C:\Windows\system32\KUCJjkkj.ini Has been deleted!

 

Attempting to delete C:\Windows\system32\KUCJjkkj.ini2

C:\Windows\system32\KUCJjkkj.ini2 Has been deleted!

 

Attempting to delete C:\Windows\system32\ljJYOhFx.dll

C:\Windows\system32\ljJYOhFx.dll Has been deleted!

 

Attempting to delete C:\Windows\system32\lmvekham.dll

C:\Windows\system32\lmvekham.dll Has been deleted!

 

Attempting to delete C:\Windows\system32\mnaegh.dll

C:\Windows\system32\mnaegh.dll Has been deleted!

 

Attempting to delete C:\Windows\system32\opnopPJa.dll

C:\Windows\system32\opnopPJa.dll Has been deleted!

 

Attempting to delete C:\Windows\system32\pmNEtTmM.dll

C:\Windows\system32\pmNEtTmM.dll Has been deleted!

 

Attempting to delete C:\Windows\system32\xuqbshfo.dll

C:\Windows\system32\xuqbshfo.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

 

 

 

J'ai refait un Scan avec Anti-Malware (5 éléments trouvés) :

 

Malwarebytes' Anti-Malware 1.30

Version de la base de données: 1338

Windows 6.0.6001 Service Pack 1

 

30/10/2008 20:56:32

mbam-log-2008-10-30 (20-56-32).txt

 

Type de recherche: Examen rapide

Eléments examinés: 45520

Temps écoulé: 3 minute(s), 13 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 3

Valeur(s) du Registre infectée(s): 1

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 1

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\CLSID\{302d49ca-575b-4262-9b8c-2f26c2d9f83a} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{302d49ca-575b-4262-9b8c-2f26c2d9f83a} (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\Users\PcCoolerMaster\AppData\Local\Temp\tmp00011219 (Trojan.Vundo) -> Quarantined and deleted successfully.

 

 

 

Suite à ce nettoyage, j'ai rescanné par derrière et tout est ok, il ne voit plus rien.

Modifié le 30 octobre 2008 par xeniumproduction

[Thanos]

Bien Poste stp un nouveau rapport RSIT (juste le rapport log.txt) pour voir si aucun nouveau fichier n'a été créé

[xeniumproduction]

Et voila le rapport : (Je crois que ça a recréé d'après ce que je lis dans ce rapport :s)

 

Logfile of random's system information tool 1.04 (written by random/random)

Run by PcCoolerMaster at 2008-10-30 21:37:18

Microsoft® Windows Vista™ Édition Intégrale Service Pack 1

System drive C: has 229 GB (48%) free of 477 GB

Total RAM: 4094 MB (69% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:37:20, on 30/10/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\PcCoolerMaster\Desktop\RSIT.exe

C:\Users\PcCoolerMaster\Desktop\PcCoolerMaster.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [uVS11 Preload] "C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O13 - Gopher Prefix:

O15 - Trusted Zone: http://asia.msi.com.tw

O15 - Trusted Zone: http://global.msi.com.tw

O15 - Trusted Zone: http://www.msi.com.tw

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab

O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15106/CTPID.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 10895 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-27 118784]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2007-05-10 624248]

""= []

"Adobe_ID0EYTHM"=C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]

"CloneCDTray"=C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]

"UVS11 Preload"=C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [2008-09-05 341488]

"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

"SPIRunE"=Rundll32 SPIRunE.dll []

"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2008-09-06 413696]

"AppleSyncNotifier"=C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]

"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2008-10-01 289576]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1555968]

"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 138240]

"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

C:\\Windows\\system32\\awtsSjJB

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableTaskMgr"=0

"NoDispScrSavPage"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"EnableLUA"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=

"NoActiveDesktopChanges"=

"ForceActiveDesktopOn"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

======File associations======

 

.js - open - "C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

.reg - open - regedit.exe "%1" %*

 

======List of files/folders created in the last 1 months======

 

2008-10-30 21:06:48 ----A---- C:\Windows\NeroDigital.ini

2008-10-30 20:43:32 ----A---- C:\vundofix.txt

2008-10-30 20:39:40 ----A---- C:\Windows\ntbtlog.txt

2008-10-30 20:20:38 ----A---- C:\Windows\system32\awtsSjJB.dll

2008-10-30 19:20:37 ----A---- C:\Windows\system32\fccaAsPg.dll

2008-10-30 18:20:36 ----A---- C:\Windows\system32\opnmJBut.dll

2008-10-30 17:20:35 ----A---- C:\Windows\system32\iiffCTNH.dll

2008-10-30 16:20:34 ----A---- C:\Windows\system32\byXQIXPi.dll

2008-10-30 15:20:33 ----A---- C:\Windows\system32\vtUlJcBt.dll

2008-10-30 14:20:32 ----A---- C:\Windows\system32\tuvSIYPh.dll

2008-10-30 14:11:48 ----D---- C:\rsit

2008-10-30 11:26:50 ----D---- C:\Windows\ERDNT

2008-10-30 11:26:50 ----D---- C:\Qoobox

2008-10-30 11:26:50 ----D---- C:\combo-fix

2008-10-30 11:26:49 ----A---- C:\Windows\system32\swsc.exe

2008-10-30 11:26:49 ----A---- C:\Windows\system32\CF20971.exe

2008-10-30 11:26:42 ----D---- C:\32788R22FWJFW

2008-10-29 21:45:12 ----D---- C:\Users\PcCoolerMaster\AppData\Roaming\Google

2008-10-29 21:44:15 ----D---- C:\Program Files (x86)\Google

2008-10-29 18:20:41 ----A---- C:\Windows\system32\bd63692f-.txt

2008-10-19 10:45:47 ----D---- C:\Windows\Minidump

2008-10-11 11:28:05 ----D---- C:\Program Files (x86)\MSXML 4.0

2008-10-06 08:21:50 ----D---- C:\Program Files (x86)\iPod

2008-10-06 08:21:49 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-06 08:21:49 ----D---- C:\Program Files (x86)\iTunes

2008-10-04 13:10:14 ----D---- C:\Users\PcCoolerMaster\AppData\Roaming\Nero

2008-10-04 11:54:33 ----D---- C:\Program Files (x86)\Nero

2008-10-04 11:53:53 ----D---- C:\ProgramData\Nero

2008-10-04 11:53:52 ----D---- C:\Program Files (x86)\Common Files\Nero

2008-10-04 11:52:53 ----A---- C:\Windows\system32\d3dx9_30.dll

 

======List of files/folders modified in the last 1 months======

 

2008-10-30 21:37:17 ----D---- C:\Windows\Temp

2008-10-30 21:35:24 ----D---- C:\Program Files (x86)\Mozilla Firefox

2008-10-30 21:06:48 ----D---- C:\Windows

2008-10-30 21:03:55 ----D---- C:\Windows\Prefetch

2008-10-30 20:50:07 ----D---- C:\Windows\System32

2008-10-30 20:50:07 ----D---- C:\Windows\inf

2008-10-30 20:44:06 ----D---- C:\Windows\SysWOW64

2008-10-30 14:59:01 ----D---- C:\Users\PcCoolerMaster\AppData\Roaming\uTorrent

2008-10-30 11:26:49 ----D---- C:\Windows\system32\en-US

2008-10-30 10:34:28 ----D---- C:\Users\PcCoolerMaster\AppData\Roaming\Adobe

2008-10-30 10:13:16 ----SHD---- C:\System Volume Information

2008-10-29 21:45:05 ----SHD---- C:\Windows\Installer

2008-10-29 21:44:15 ----RD---- C:\Program Files (x86)

2008-10-29 15:41:20 ----D---- C:\Users\PcCoolerMaster\AppData\Roaming\mIRC

2008-10-29 14:34:50 ----D---- C:\Program Files (x86)\mIRC

2008-10-29 11:15:54 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2008-10-29 11:15:53 ----D---- C:\Windows\system32\drivers

2008-10-21 12:05:46 ----RSD---- C:\Windows\Fonts

2008-10-21 11:53:25 ----D---- C:\Program Files (x86)\Mozilla Thunderbird

2008-10-21 10:12:56 ----D---- C:\Program Files (x86)\Microsoft Silverlight

2008-10-15 18:29:11 ----D---- C:\ProgramData\Microsoft Help

2008-10-12 11:20:03 ----D---- C:\Windows\winsxs

2008-10-11 13:08:22 ----D---- C:\ProgramData\NVIDIA

2008-10-06 08:21:49 ----RD---- C:\Program Files

2008-10-06 08:21:49 ----HD---- C:\ProgramData

2008-10-04 11:53:52 ----D---- C:\Program Files (x86)\Common Files

2008-10-03 20:05:45 ----D---- C:\ProgramData\WLInstaller

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys []

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver; C:\Windows\system32\DRIVERS\tmlwf.sys []

R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys []

R2 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys []

R2 tmpreflt;tmpreflt; C:\Windows\system32\DRIVERS\tmpreflt.sys []

R2 tmwfp;Trend Micro WFP Callout Driver; C:\Windows\system32\DRIVERS\tmwfp.sys []

R2 tmxpflt;tmxpflt; C:\Windows\system32\DRIVERS\tmxpflt.sys []

R2 vsapint;vsapint; C:\Windows\system32\DRIVERS\vsapint.sys []

R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2006-12-26 40648]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys []

R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx64.sys []

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []

R3 t3;Sound Blaster X-Fi Xtreme Audio (Vista); C:\Windows\system32\drivers\t3.sys []

S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys []

S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys []

S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []

S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []

S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []

S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\Windows\system32\DRIVERS\s116bus.sys []

S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s116mdfl.sys []

S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s116mdm.sys []

S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s116mgmt.sys []

S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\Windows\system32\DRIVERS\s116nd5.sys []

S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s116obex.sys []

S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\Windows\system32\DRIVERS\s116unic.sys []

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []

S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]

R2 Bonjour Service;Service Bonjour; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-08-29 238888]

R2 Capture Device Service;Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504]

R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2007-11-26 385024]

R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []

R2 SfCtlCom;Composant de commande centrale Trend Micro; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2008-07-29 817904]

R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2008-03-07 561928]

R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-08-18 654848]

R3 iPod Service;Service de l’iPod; C:\Program Files (x86)\iPod\bin\iPodService.exe [2008-10-01 536872]

R3 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2008-03-14 584624]

R3 tmproxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008-03-14 854280]

R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 Adobe Version Cue CS3;Adobe Version Cue CS3 {fr_FR} ; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]

S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-01-21 93696]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2008-09-09 79360]

S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]

S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504]

S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

 

-----------------EOF-----------------

[Thanos]

oui des fichiers se sont recréés!!

On va scanner ton pc avec Antivir car il est plus performant. Au passage, je te demandais plus haut si ton antivirus fonctionnait correctement: est ce le cas ?

 

1°) Télécharge Antivir sur le bureau, mais ne le lance pas encore!

 

-Installe Antivir.

 

-Met Antivir à jour et configure le en suivant les indications du Tutoriel de tesgaz

 

2°) Redémarre le PC, impérativement en mode sans échec.

• Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement.
  
• Tapote par alternance les touches [F8] et [F5] jusqu'à l'affichage du menu des options avancées de Windows.
  
• Sélectionne "Mode sans échec" et appuie sur la touche [Entrée].
  
• Choisis ton compte usuel, et non Administrateur.
  
• >> En images ici<<
  

3°) Fais un scan du pc avec Antivir, voilà ce qu'il faudra faire >>

 

Double-clique sur son icône sur le Bureau, cela ouvre l'interface principale

 

clique sur "Scan system now" à droite de "Last complete system scan".

/!\ Cela peut être long.

Sauvegarde le rapport en fin de parcours (clique sur le bouton "Report").

 

Si Antivir détecte des fichiers infectés, mets les en quarantaine (choisis "Move to quarantine" dans la liste des actions.

Tu peux automatiser ce type d'action en cochant une case), comme ci dessous :

 

Cela permet de ne pas rester à la surveiller.

 

Redémarre ton pc normalement lorsque le scan est terminé.

Poste stp le rapport d'Antivir ainsi qu'un nouveau rapport RSIT (log.txt)

 

Antivir est efficace et doit faire le nettoyage.

Ensuite, si ton antivirus ne fonctionne pas comme il faut, tu pourras conserver Antivir à la palce

Modifié le 30 octobre 2008 par Thanos

[xeniumproduction]

Oui mon antivirus fonctionnait : Trend Micro PcCillin 2008

en revanche le firewall n'était pas actif (volontaire).

 

je pense que la source du virus peut venir d'ici : http://www.dailykeys.com/2008-09-17/trapco...v1_5_1_cs3.html

J'ai télécharger ce keygen que j'ai ensuite installer (un .rar sous forme .exe)

Mais je ne suis pas certain que cela viendrait de la puisque que mon antivirus n'y a vu aucun inconvénient à ce que j'installe le fichier.

 

Le Lien pour antivir est erroné mais je l'ai retrouvé sur google.

 

Rapport AntiVir :

 

 

Avira AntiVir Personal

Report file date: vendredi 31 octobre 2008 15:40

 

Scanning for 1001568 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows Vista x64 Edition

Windows version: (Service Pack 1) [6.0.6001]

Boot mode: Save mode

Username: PcCoolerMaster

Computer name: PCCOOLERMAST-PC

 

Version information:

BUILD.DAT : 8.2.0.334 16933 Bytes 16/10/2008 14:55:00

AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53

AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 14:35:36

ANTIVIR1.VDF : 7.1.0.21 130560 Bytes 31/10/2008 14:35:41

ANTIVIR2.VDF : 7.1.0.22 2048 Bytes 31/10/2008 14:35:42

ANTIVIR3.VDF : 7.1.0.25 12800 Bytes 31/10/2008 14:35:42

Engineversion : 8.2.0.10

AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 11:05:56

AESCRIPT.DLL : 8.1.1.9 319867 Bytes 31/10/2008 14:36:06

AESCN.DLL : 8.1.1.3 123252 Bytes 14/10/2008 11:05:56

AERDL.DLL : 8.1.1.2 438644 Bytes 12/09/2008 07:06:02

AEPACK.DLL : 8.1.2.4 369014 Bytes 14/10/2008 11:05:56

AEOFFICE.DLL : 8.1.0.29 196988 Bytes 31/10/2008 14:36:01

AEHEUR.DLL : 8.1.0.63 1479032 Bytes 31/10/2008 14:35:59

AEHELP.DLL : 8.1.1.2 115062 Bytes 14/10/2008 11:05:56

AEGEN.DLL : 8.1.0.42 319861 Bytes 31/10/2008 14:35:50

AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 11:05:56

AECORE.DLL : 8.1.2.9 172407 Bytes 31/10/2008 14:35:46

AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 11:05:56

AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01

AVREP.DLL : 8.0.0.2 98344 Bytes 31/10/2008 14:35:44

AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files (x86)\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,

Macro heuristic..................: on

File heuristic...................: high

Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

 

Start of the scan: vendredi 31 octobre 2008 15:40

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'lsm.exe' - '0' Module(s) have been scanned

Scan process 'lsass.exe' - '0' Module(s) have been scanned

Scan process 'services.exe' - '0' Module(s) have been scanned

Scan process 'winlogon.exe' - '0' Module(s) have been scanned

Scan process 'wininit.exe' - '0' Module(s) have been scanned

Scan process 'csrss.exe' - '0' Module(s) have been scanned

Scan process 'csrss.exe' - '0' Module(s) have been scanned

Scan process 'smss.exe' - '0' Module(s) have been scanned

2 processes with 2 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '34' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\$Recycle.Bin\S-1-5-21-2476584916-572497752-2006639394-1000\$RAVZN0F.exe

[0] Archive type: RAR SFX (self extracting)

--> 32788R22FWJFW\hidec.exe

[DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program

--> 32788R22FWJFW\NirCmd.cfexe

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application

--> 32788R22FWJFW\nircmd.com

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application

--> 32788R22FWJFW\NirCmdC.cfexe

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.1.B application

--> 32788R22FWJFW\psexec.cfexe

[1] Archive type: RSRC

--> Object

[DETECTION] Contains recognition pattern of the APPL/PsExec.E application

[NOTE] The file was moved to '494c192e.qua'!

C:\combo-fix\hidec.exe

[DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program

[NOTE] The file was moved to '496f1947.qua'!

C:\combo-fix\NirCmd.cfexe

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application

[NOTE] The file was moved to '497d1947.qua'!

C:\combo-fix\nircmd.com

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application

[NOTE] The file was moved to '4e29c668.qua'!

C:\combo-fix\NirCmdC.cfexe

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.1.B application

[NOTE] The file was moved to '497d1948.qua'!

C:\combo-fix\psexec.cfexe

[0] Archive type: RSRC

--> Object

[DETECTION] Contains recognition pattern of the APPL/PsExec.E application

[NOTE] The file was moved to '49701952.qua'!

C:\Program Files\Trend Micro\Internet Security\Quarantine\Setup.exe

[0] Archive type: HIDDEN

--> FIL\\\?\C:\Program Files\Trend Micro\Internet Security\Quarantine\Setup.exe

[DETECTION] Is the TR/Dldr.VB.VWI Trojan

[NOTE] The file was moved to '497f19a6.qua'!

C:\Program Files\Trend Micro\Internet Security\Quarantine\Setup_99c.VIR

[0] Archive type: HIDDEN

--> FIL\\\?\C:\Program Files\Trend Micro\Internet Security\Quarantine\Setup_99c.VIR

[DETECTION] Is the TR/Dldr.VB.VWI Trojan

[NOTE] The file was moved to '4e260947.qua'!

C:\Program Files (x86)\ljscui\SysApl.dll

[DETECTION] Is the TR/BHO.Gen Trojan

[NOTE] The file was moved to '497e1c47.qua'!

C:\Users\PcCoolerMaster\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4L4LVB81\cntr[1]

[DETECTION] Is the TR/Crypt.FKM.Gen Trojan

[NOTE] The file was moved to '497f1d45.qua'!

C:\Users\PcCoolerMaster\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4L4LVB81\cntr[2]

[DETECTION] Is the TR/Crypt.FKM.Gen Trojan

[NOTE] The file was moved to '4e0bbede.qua'!

C:\Users\PcCoolerMaster\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4L4LVB81\cntr[3]

[DETECTION] Is the TR/Crypt.FKM.Gen Trojan

[NOTE] The file was moved to '497f1d47.qua'!

C:\Users\PcCoolerMaster\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4L4LVB81\cntr[4]

[DETECTION] Is the TR/Crypt.FKM.Gen Trojan

[NOTE] The file was moved to '4e0bbed0.qua'!

C:\Users\PcCoolerMaster\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4L4LVB81\cntr[5]

[DETECTION] Is the TR/Crypt.FKM.Gen Trojan

[NOTE] The file was moved to '497f1d49.qua'!

C:\Users\PcCoolerMaster\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4L4LVB81\upd105320[1]

[DETECTION] Is the TR/Crypt.FKM.Gen Trojan

[NOTE] The file was moved to '496f1d4b.qua'!

C:\Users\PcCoolerMaster\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JC639BC7\cntr[1]

[DETECTION] Is the TR/Crypt.FKM.Gen Trojan

[NOTE] The file was moved to '497f1d4b.qua'!

C:\Users\PcCoolerMaster\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JC639BC7\cntr[2]

[DETECTION] Is the TR/Crypt.FKM.Gen Trojan

[NOTE] The file was moved to '4c588344.qua'!

C:\Users\PcCoolerMaster\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JC639BC7\cntr[3]

[DETECTION] Is the TR/Crypt.FKM.Gen Trojan

[NOTE] The file was moved to '497f1d4d.qua'!

C:\Users\PcCoolerMaster\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1NSMKDD\cntr[1]

[DETECTION] Is the TR/Crypt.FKM.Gen Trojan

[NOTE] The file was moved to '497f1d51.qua'!

C:\Users\PcCoolerMaster\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1NSMKDD\cntr[2]

[DETECTION] Is the TR/Crypt.FKM.Gen Trojan

[NOTE] The file was moved to '4c58874a.qua'!

C:\Users\PcCoolerMaster\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1NSMKDD\cntr[3]

[DETECTION] Is the TR/Crypt.FKM.Gen Trojan

[NOTE] The file was moved to '497f1d53.qua'!

C:\Users\PcCoolerMaster\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1NSMKDD\cntr[4]

[DETECTION] Is the TR/Crypt.FKM.Gen Trojan

[NOTE] The file was moved to '4c58874c.qua'!

C:\Users\PcCoolerMaster\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1NSMKDD\cntr[5]

[DETECTION] Is the TR/Crypt.FKM.Gen Trojan

[NOTE] The file was moved to '497f1d55.qua'!

C:\Users\PcCoolerMaster\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1NSMKDD\cntr[6]

[DETECTION] Is the TR/Crypt.FKM.Gen Trojan

[NOTE] The file was moved to '4c58874e.qua'!

C:\Users\PcCoolerMaster\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1NSMKDD\cntr[7]

[DETECTION] Is the TR/Crypt.FKM.Gen Trojan

[NOTE] The file was moved to '497f1d57.qua'!

C:\Users\PcCoolerMaster\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1NSMKDD\nd82m0[2]

[DETECTION] Is the TR/Crypt.FKM.Gen Trojan

[NOTE] The file was moved to '49431d49.qua'!

C:\Users\PcCoolerMaster\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7H7I7XQ\banner30[1].gif

[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper

[NOTE] The file was moved to '49791d49.qua'!

C:\Users\PcCoolerMaster\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7H7I7XQ\cntr[1]

[DETECTION] Is the TR/Crypt.FKM.Gen Trojan

[NOTE] The file was moved to '40baefc0.qua'!

C:\Users\PcCoolerMaster\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7H7I7XQ\cntr[2]

[DETECTION] Is the TR/Crypt.FKM.Gen Trojan

[NOTE] The file was moved to '497f1d59.qua'!

C:\Users\PcCoolerMaster\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7H7I7XQ\cntr[3]

[DETECTION] Is the TR/Crypt.FKM.Gen Trojan

[NOTE] The file was moved to '40baefc2.qua'!

C:\Users\PcCoolerMaster\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7H7I7XQ\cntr[4]

[DETECTION] Is the TR/Crypt.FKM.Gen Trojan

[NOTE] The file was moved to '497f1d5b.qua'!

C:\Users\PcCoolerMaster\Desktop\backups\backup-20081030-204146-184.dll

[DETECTION] Is the TR/Crypt.FKM.Gen Trojan

[NOTE] The file was moved to '496e1df5.qua'!

C:\Windows\SysWOW64\cpszgpqv.exe

[DETECTION] Is the TR/Dropper.Gen Trojan

[NOTE] The file was moved to '497e1ff6.qua'!

 

 

End of the scan: vendredi 31 octobre 2008 16:13

Used time: 33:26 Minute(s)

 

The scan has been done completely.

 

32300 Scanning directories

489673 Files were scanned

37 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

33 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

489635 Files not concerned

4288 Archives were scanned

1 Warnings

33 Notes

 

 

Rapport RSIT :

Logfile of random's system information tool 1.04 (written by random/random)

Run by PcCoolerMaster at 2008-10-31 16:26:30

Microsoft® Windows Vista™ Édition Intégrale Service Pack 1

System drive C: has 229 GB (48%) free of 477 GB

Total RAM: 4094 MB (66% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:26:33, on 31/10/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\PcCoolerMaster\Desktop\RSIT.exe

C:\Users\PcCoolerMaster\Desktop\PcCoolerMaster.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [uVS11 Preload] "C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O13 - Gopher Prefix:

O15 - Trusted Zone: http://asia.msi.com.tw

O15 - Trusted Zone: http://global.msi.com.tw

O15 - Trusted Zone: http://www.msi.com.tw

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab

O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15106/CTPID.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 11293 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-27 118784]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2007-05-10 624248]

""= []

"Adobe_ID0EYTHM"=C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]

"CloneCDTray"=C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]

"UVS11 Preload"=C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [2008-09-05 341488]

"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

"SPIRunE"=Rundll32 SPIRunE.dll []

"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2008-09-06 413696]

"AppleSyncNotifier"=C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]

"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2008-10-01 289576]

"avgnt"=C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1555968]

"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 138240]

"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

C:\\Windows\\system32\\awtsSjJB

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableTaskMgr"=0

"NoDispScrSavPage"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"EnableLUA"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=

"NoActiveDesktopChanges"=

"ForceActiveDesktopOn"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

======File associations======

 

.js - open - "C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

.reg - open - regedit.exe "%1" %*

 

======List of files/folders created in the last 1 months======

 

2008-10-31 15:16:19 ----D---- C:\ProgramData\Avira

2008-10-31 15:16:19 ----D---- C:\Program Files (x86)\Avira

2008-10-30 21:06:48 ----A---- C:\Windows\NeroDigital.ini

2008-10-30 20:43:32 ----A---- C:\vundofix.txt

2008-10-30 20:39:40 ----A---- C:\Windows\ntbtlog.txt

2008-10-30 14:11:48 ----D---- C:\rsit

2008-10-30 11:26:50 ----D---- C:\Windows\ERDNT

2008-10-30 11:26:50 ----D---- C:\Qoobox

2008-10-30 11:26:50 ----D---- C:\combo-fix

2008-10-30 11:26:49 ----A---- C:\Windows\system32\swsc.exe

2008-10-30 11:26:49 ----A---- C:\Windows\system32\CF20971.exe

2008-10-30 11:26:42 ----D---- C:\32788R22FWJFW

2008-10-29 21:45:12 ----D---- C:\Users\PcCoolerMaster\AppData\Roaming\Google

2008-10-29 21:44:15 ----D---- C:\Program Files (x86)\Google

2008-10-29 18:20:41 ----A---- C:\Windows\system32\bd63692f-.txt

2008-10-19 10:45:47 ----D---- C:\Windows\Minidump

2008-10-11 11:28:05 ----D---- C:\Program Files (x86)\MSXML 4.0

2008-10-06 08:21:50 ----D---- C:\Program Files (x86)\iPod

2008-10-06 08:21:49 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-06 08:21:49 ----D---- C:\Program Files (x86)\iTunes

2008-10-04 13:10:14 ----D---- C:\Users\PcCoolerMaster\AppData\Roaming\Nero

2008-10-04 11:54:33 ----D---- C:\Program Files (x86)\Nero

2008-10-04 11:53:53 ----D---- C:\ProgramData\Nero

2008-10-04 11:53:52 ----D---- C:\Program Files (x86)\Common Files\Nero

2008-10-04 11:52:53 ----A---- C:\Windows\system32\d3dx9_30.dll

 

======List of files/folders modified in the last 1 months======

 

2008-10-31 16:26:29 ----D---- C:\Windows\Temp

2008-10-31 16:25:34 ----D---- C:\Program Files (x86)\Mozilla Firefox

2008-10-31 16:08:54 ----D---- C:\Windows\SysWOW64

2008-10-31 15:53:02 ----D---- C:\Program Files (x86)\ljscui

2008-10-31 15:46:31 ----D---- C:\Windows\System32

2008-10-31 15:46:31 ----D---- C:\Windows\inf

2008-10-31 15:18:11 ----D---- C:\Users\PcCoolerMaster\AppData\Roaming\uTorrent

2008-10-31 15:16:24 ----D---- C:\Windows\Prefetch

2008-10-31 15:16:21 ----D---- C:\Windows\system32\drivers

2008-10-31 15:16:19 ----RD---- C:\Program Files (x86)

2008-10-31 15:16:19 ----HD---- C:\ProgramData

2008-10-30 21:06:48 ----D---- C:\Windows

2008-10-30 11:26:49 ----D---- C:\Windows\system32\en-US

2008-10-30 10:34:28 ----D---- C:\Users\PcCoolerMaster\AppData\Roaming\Adobe

2008-10-30 10:13:16 ----SHD---- C:\System Volume Information

2008-10-29 21:45:05 ----SHD---- C:\Windows\Installer

2008-10-29 15:41:20 ----D---- C:\Users\PcCoolerMaster\AppData\Roaming\mIRC

2008-10-29 14:34:50 ----D---- C:\Program Files (x86)\mIRC

2008-10-29 11:15:54 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2008-10-21 12:05:46 ----RSD---- C:\Windows\Fonts

2008-10-21 11:53:25 ----D---- C:\Program Files (x86)\Mozilla Thunderbird

2008-10-21 10:12:56 ----D---- C:\Program Files (x86)\Microsoft Silverlight

2008-10-15 18:29:11 ----D---- C:\ProgramData\Microsoft Help

2008-10-12 11:20:03 ----D---- C:\Windows\winsxs

2008-10-11 13:08:22 ----D---- C:\ProgramData\NVIDIA

2008-10-06 08:21:49 ----RD---- C:\Program Files

2008-10-04 11:53:52 ----D---- C:\Program Files (x86)\Common Files

2008-10-03 20:05:45 ----D---- C:\ProgramData\WLInstaller

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys []

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver; C:\Windows\system32\DRIVERS\tmlwf.sys []

R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys []

R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys []

R2 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys []

R2 tmpreflt;tmpreflt; C:\Windows\system32\DRIVERS\tmpreflt.sys []

R2 tmwfp;Trend Micro WFP Callout Driver; C:\Windows\system32\DRIVERS\tmwfp.sys []

R2 tmxpflt;tmxpflt; C:\Windows\system32\DRIVERS\tmxpflt.sys []

R2 vsapint;vsapint; C:\Windows\system32\DRIVERS\vsapint.sys []

R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2006-12-26 40648]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys []

R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx64.sys []

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []

R3 t3;Sound Blaster X-Fi Xtreme Audio (Vista); C:\Windows\system32\drivers\t3.sys []

S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys []

S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys []

S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []

S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []

S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []

S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\Windows\system32\DRIVERS\s116bus.sys []

S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s116mdfl.sys []

S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s116mdm.sys []

S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s116mgmt.sys []

S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\Windows\system32\DRIVERS\s116nd5.sys []

S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s116obex.sys []

S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\Windows\system32\DRIVERS\s116unic.sys []

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []

S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]

R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]

R2 Bonjour Service;Service Bonjour; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-08-29 238888]

R2 Capture Device Service;Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504]

R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2007-11-26 385024]

R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []

R2 SfCtlCom;Composant de commande centrale Trend Micro; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2008-07-29 817904]

R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2008-03-07 561928]

R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-08-18 654848]

R3 iPod Service;Service de l’iPod; C:\Program Files (x86)\iPod\bin\iPodService.exe [2008-10-01 536872]

R3 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2008-03-14 584624]

R3 tmproxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008-03-14 854280]

S3 Adobe Version Cue CS3;Adobe Version Cue CS3 {fr_FR} ; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]

S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-01-21 93696]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2008-09-09 79360]

S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]

S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504]

S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

 

-----------------EOF-----------------

Modifié le 31 octobre 2008 par xeniumproduction