Analyse Hijack - p'tite verif

saqhah · le 16 avril 2009

Et si je n'ai pas le cd de vista????

pear · le 16 avril 2009

Dans ce cas , vous n'aurez pas accès à la console si elle n'est pas installée.

Mais ce n'est pas le sujet du moment

saqhah · le 16 avril 2009

Dans ce cas , vous n'aurez pas accès à la console si elle n'est pas installée.
Mais ce n'est pas le sujet du moment

ComboFix 09-04-17.01 - Tiflo 04/16/2009 22:56.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3581.2907 [GMT 2:00]

Running from: c:\users\Tiflo\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\404Fix.exe

c:\windows\system32\Agent.OMZ.Fix.exe

c:\windows\system32\dumphive.exe

c:\windows\system32\IEDFix.C.exe

c:\windows\system32\IEDFix.exe

c:\windows\system32\o4Patch.exe

c:\windows\system32\Process.exe

c:\windows\system32\SrchSTS.exe

c:\windows\system32\tmp.reg

c:\windows\system32\VACFix.exe

c:\windows\system32\VCCLSID.exe

c:\windows\system32\WS2Fix.exe

.

((((((((((((((((((((((((( Files Created from 2009-03-16 to 2009-04-16 )))))))))))))))))))))))))))))))

.

2009-04-16 20:46 . 2009-04-16 20:46 691 ----a-w c:\users\Tiflo\AppData\Roaming\GetValue.vbs

2009-04-16 20:46 . 2009-04-16 20:46 35 ----a-w c:\users\Tiflo\AppData\Roaming\SetValue.bat

2009-04-16 19:50 . 2009-04-16 19:50 -------- dc-h--w c:\users\All Users\{5C66460E-8CA0-49BD-B660-B4925E7AFA18}

2009-04-16 19:50 . 2009-04-16 19:50 -------- dc-h--w c:\programdata\{5C66460E-8CA0-49BD-B660-B4925E7AFA18}

2009-04-16 19:14 . 2009-04-16 19:14 -------- d-----w c:\users\Tiflo\AppData\Roaming\Command & Conquer 3 Tiberium Wars

2009-04-16 15:24 . 2009-04-16 15:31 -------- d-----w C:\ToolBar SD

2009-04-16 10:10 . 2009-04-16 15:00 -------- d-----w c:\users\Tiflo\workspace

2009-04-15 09:11 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll

2009-04-15 09:11 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll

2009-04-15 09:11 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll

2009-04-14 16:51 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll

2009-04-14 16:51 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2009-04-14 16:51 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll

2009-04-14 16:51 . 2008-06-20 01:14 37384 ----a-w c:\windows\system32\infocardcpl.cpl

2009-04-14 16:51 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll

2009-04-14 16:51 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe

2009-04-14 16:51 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll

2009-04-14 16:51 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe

2009-04-14 16:45 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll

2009-04-14 16:45 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll

2009-04-14 16:45 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll

2009-04-14 16:45 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll

2009-04-14 16:45 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll

2009-04-14 16:27 . 2009-03-19 16:16 2726941 ----a-w c:\windows\system32\GameMon.des

2009-04-14 16:21 . 2005-01-02 21:43 4682 ----a-w c:\windows\system32\npptNT2.sys

2009-04-14 16:21 . 2003-07-19 06:17 5174 ----a-w c:\windows\system32\nppt9x.vxd

2009-04-14 14:32 . 2009-04-14 14:32 -------- d-----w c:\windows\system32\xlive

2009-04-12 13:56 . 2009-04-16 08:54 -------- d-----w c:\users\Tiflo\AppData\Local\Cooliris

2009-04-12 12:21 . 2009-04-12 12:21 -------- d-----w c:\users\Tiflo\AppData\Local\MigWiz

2009-04-12 11:55 . 2009-04-16 20:59 -------- d-----w c:\users\Tiflo\AppData\Roaming\DMCache

2009-04-12 11:55 . 2009-04-16 15:43 -------- d-----w c:\users\Tiflo\AppData\Roaming\IDM

2009-04-10 14:47 . 2009-04-10 14:47 -------- d-----r c:\windows\system32\config\systemprofile\Music

2009-04-09 15:01 . 2009-04-09 15:01 -------- d-----w c:\users\Tiflo\AppData\Roaming\Command & Conquer 3 Kane's Wrath

2009-04-03 13:24 . 2009-03-26 15:35 210352 ----a-w c:\windows\system32\idmmbc.dll

2009-04-02 15:30 . 2009-04-02 15:30 615 ----a-w c:\windows\eReg.dat

2009-03-22 13:09 . 2009-03-22 13:09 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-16 20:49 . 2008-01-21 08:40 712486 ----a-w c:\windows\System32\perfh00C.dat

2009-04-16 20:49 . 2008-01-21 08:40 142926 ----a-w c:\windows\System32\perfc00C.dat

2009-04-16 20:47 . 2009-04-16 20:38 2524 ----a-w C:\rapport.txt

2009-04-16 20:36 . 2009-02-03 21:27 27839 ----a-w c:\users\All Users\nvModes.dat

2009-04-16 20:36 . 2009-02-03 21:27 27839 ----a-w c:\programdata\nvModes.dat

2009-04-16 18:01 . 2009-02-03 20:58 -------- d-----w c:\program files\Electronic Arts

2009-04-16 15:31 . 2009-04-16 15:26 3802 ----a-w C:\TB.txt

2009-04-16 10:03 . 2009-04-16 10:03 -------- d-----w c:\program files\Trend Micro

2009-04-16 09:58 . 2009-02-17 21:05 -------- d-----w c:\program files\eclipse

2009-04-16 09:07 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail

2009-04-16 08:59 . 2009-02-03 22:27 -------- d-----w c:\programdata\Microsoft Help

2009-04-15 23:14 . 2009-02-04 22:59 -------- d-----w c:\users\Tiflo\AppData\Roaming\dvdcss

2009-04-15 11:24 . 2009-02-07 16:00 -------- d-----w c:\users\Tiflo\AppData\Roaming\codeblocks

2009-04-14 17:59 . 2009-02-03 18:34 102192 ----a-w c:\users\Tiflo\AppData\Local\GDIPFONTCACHEV1.DAT

2009-04-14 16:20 . 2009-04-14 16:20 -------- d-----w c:\program files\Common Files\INCA Shared

2009-04-14 15:43 . 2009-04-14 15:43 -------- d-----w c:\program files\Ê¢´óÍøÂç

2009-04-14 14:34 . 2009-04-14 13:40 -------- d-----w c:\program files\Rockstar Games

2009-04-14 14:32 . 2009-04-14 14:32 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE

2009-04-14 13:40 . 2009-01-30 10:30 -------- d--h--w c:\program files\InstallShield Installation Information

2009-04-13 20:20 . 2009-02-03 21:09 -------- d-----w c:\programdata\Media Center Programs

2009-04-13 20:01 . 2009-04-13 20:01 -------- d-----w c:\program files\Ubisoft

2009-04-13 08:55 . 2009-04-12 11:55 -------- d-----w c:\program files\Internet Download Manager

2009-04-12 14:07 . 2008-01-21 02:23 615424 ----a-w c:\windows\System32\themeui.dll

2009-04-12 14:07 . 2008-01-21 02:23 240128 ----a-w c:\windows\System32\uxtheme.dll

2009-04-09 14:38 . 2009-04-09 14:38 -------- d-----w c:\program files\7-Zip

2009-04-02 15:25 . 2009-03-06 16:52 -------- d-----w c:\program files\EA GAMES

2009-04-02 15:22 . 2009-01-30 10:29 -------- d-----w c:\program files\Common Files\InstallShield

2009-03-17 03:38 . 2009-04-15 09:10 40960 ----a-w c:\windows\AppPatch\apihex86.dll

2009-03-17 03:38 . 2009-04-15 09:10 13824 ----a-w c:\windows\System32\apilogen.dll

2009-03-17 03:38 . 2009-04-15 09:10 24064 ----a-w c:\windows\System32\amxread.dll

2009-03-10 17:33 . 2009-02-16 14:28 -------- d-----w c:\users\Tiflo\AppData\Roaming\Hamachi

2009-03-09 17:29 . 2009-03-09 17:29 -------- d-----w c:\program files\Tetris

2009-03-08 18:19 . 2009-03-08 16:00 -------- d-----w c:\users\Tiflo\AppData\Roaming\Crayon Physics Deluxe

2009-03-08 15:58 . 2009-03-08 15:58 -------- d-----w c:\program files\Crayon Physics Deluxe

2009-03-05 17:47 . 2009-03-05 17:47 -------- d-----w c:\programdata\Megaupload

2009-03-05 17:47 . 2009-03-05 17:47 -------- d-----w c:\programdata\EmailNotifier

2009-03-05 17:09 . 2009-03-05 17:09 -------- d-----w c:\program files\Xplosiv

2009-03-05 14:38 . 2009-03-05 14:38 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf

2009-03-05 14:38 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat

2009-03-05 14:38 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat

2009-03-05 14:38 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat

2009-03-03 17:42 . 2009-03-03 17:42 -------- d-----w c:\programdata\Codemasters

2009-03-03 17:32 . 2009-03-03 13:59 444952 ----a-w c:\windows\System32\wrap_oal.dll

2009-03-03 17:32 . 2009-03-03 13:59 109080 ----a-w c:\windows\System32\OpenAL32.dll

2009-03-03 17:01 . 2009-03-03 17:01 216 ----a-w C:\DebugTrace-RockallDLL.log

2009-03-03 16:53 . 2009-03-03 16:53 -------- d-----w c:\program files\Codemasters

2009-03-03 13:59 . 2009-03-03 13:59 -------- d-----w c:\program files\OpenAL

2009-03-03 08:12 . 2009-02-05 20:33 -------- d-----w c:\program files\Activision

2009-03-03 04:40 . 2009-04-15 09:10 827392 ----a-w c:\windows\System32\wininet.dll

2009-03-03 04:39 . 2009-04-15 09:10 183296 ----a-w c:\windows\System32\sdohlp.dll

2009-03-03 04:39 . 2009-04-15 09:10 551424 ----a-w c:\windows\System32\rpcss.dll

2009-03-03 04:39 . 2009-04-15 09:10 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll

2009-03-03 04:37 . 2009-04-15 09:10 3600880 ----a-w c:\windows\System32\ntkrnlpa.exe

2009-03-03 04:37 . 2009-04-15 09:10 3548656 ----a-w c:\windows\System32\ntoskrnl.exe

2009-03-03 04:37 . 2009-04-15 09:10 78336 ----a-w c:\windows\System32\ieencode.dll

2009-03-03 04:37 . 2009-04-15 09:10 98304 ----a-w c:\windows\System32\iasrecst.dll

2009-03-03 04:37 . 2009-04-15 09:10 54784 ----a-w c:\windows\System32\iasads.dll

2009-03-03 04:37 . 2009-04-15 09:10 44032 ----a-w c:\windows\System32\iasdatastore.dll

2009-03-03 03:04 . 2009-04-15 09:10 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe

2009-03-03 02:38 . 2009-04-15 09:10 17408 ----a-w c:\windows\System32\iashost.exe

2009-03-03 02:28 . 2009-04-15 09:10 26624 ----a-w c:\windows\System32\ieUnatt.exe

2009-02-20 21:20 . 2009-02-20 21:20 -------- d-----w c:\programdata\2DBoy

2009-02-18 23:18 . 2009-02-18 23:18 11376 ----a-w c:\windows\system32\drivers\SECDRV.SYS

2009-02-18 22:34 . 2009-02-18 22:34 680 ----a-w c:\users\Tiflo\AppData\Local\d3d9caps.dat

2009-02-18 22:25 . 2009-02-18 22:25 -------- d-----w c:\program files\WorldOfGoo

2009-02-18 22:23 . 2009-02-18 22:23 -------- d-----w c:\program files\Far Cry 2

2009-02-18 22:23 . 2009-02-18 22:22 -------- d-----w c:\program files\Age of Mythology

2009-02-18 18:17 . 2009-02-17 11:56 -------- d-----w c:\program files\Age of Empires II

2009-02-17 20:48 . 2009-02-17 20:49 410984 ----a-w c:\windows\System32\deploytk.dll

2009-02-17 20:48 . 2009-01-30 10:29 -------- d-----w c:\program files\Java

2009-02-16 15:40 . 2006-11-02 12:37 -------- d-----w c:\program files\Microsoft Games

2009-02-16 15:33 . 2009-02-16 15:32 -------- d-----w c:\program files\Windows Live Safety Center

2009-02-16 14:28 . 2009-02-16 14:27 -------- d-----w c:\program files\Hamachi

2009-02-16 14:27 . 2009-02-16 14:27 25280 ----a-w c:\windows\system32\drivers\hamachi.sys

2009-02-13 18:35 . 2009-02-13 18:35 98304 ----a-w c:\windows\System32\CmdLineExt.dll

2009-02-13 08:49 . 2009-04-15 09:10 72704 ----a-w c:\windows\System32\secur32.dll

2009-02-13 08:49 . 2009-04-15 09:10 1255936 ----a-w c:\windows\System32\lsasrv.dll

2009-02-09 03:10 . 2009-03-11 12:59 2033152 ----a-w c:\windows\System32\win32k.sys

2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\System32\sirenacm.dll

2009-02-05 23:18 . 2009-02-05 23:17 69632 ----a-w c:\windows\ScUnin.exe

2009-02-05 23:18 . 2009-02-05 23:17 32172 ----a-w c:\windows\scunin.dat

2009-02-04 16:36 . 2009-02-04 16:36 93 ----a-w c:\users\Tiflo\AppData\Local\fusioncache.dat

2009-02-03 21:10 . 2009-02-03 21:10 22328 ----a-w c:\users\Tiflo\AppData\Roaming\PnkBstrK.sys

2009-02-03 21:10 . 2009-02-03 21:10 103736 ----a-w c:\windows\System32\PnkBstrB.exe

2009-02-03 21:10 . 2009-02-03 21:10 66872 ----a-w c:\windows\System32\PnkBstrA.exe

2009-02-03 21:10 . 2009-02-03 21:10 669184 ----a-w c:\windows\System32\pbsvc.exe

2009-01-30 19:11 . 2009-01-30 19:11 5248 ---ha-r C:\dell.sdr

2009-01-30 19:10 . 2009-01-30 19:10 8704 ----a-w c:\windows\System32\hccoin.dll

2009-01-30 19:10 . 2009-01-30 19:10 15872 ----a-w c:\windows\System32\hcrstco.dll

2009-01-30 19:10 . 2006-11-02 10:25 665600 ----a-w c:\windows\Inf\drvindex.dat

2009-01-30 19:10 . 2009-01-30 19:10 22016 ----a-w c:\windows\System32\hid.dll

2009-01-30 19:10 . 2009-01-30 19:10 26112 ----a-w c:\windows\System32\hidserv.dll

2009-01-30 19:09 . 2009-01-30 19:09 1191936 ----a-w c:\windows\System32\msxml3.dll

2009-01-30 19:09 . 2009-01-30 19:09 74752 ----a-w c:\windows\System32\newdev.exe

2009-01-30 19:09 . 2009-01-30 19:09 468992 ----a-w c:\windows\System32\newdev.dll

2009-01-30 19:07 . 2009-01-30 19:07 738304 ----a-w c:\windows\System32\inetcomm.dll

2009-01-30 19:07 . 2009-01-30 19:07 269312 ----a-w c:\windows\System32\es.dll

2009-01-30 19:04 . 2009-01-30 19:04 361984 ----a-w c:\windows\System32\IPSECSVC.DLL

2009-01-30 19:03 . 2009-01-30 19:03 303616 ----a-w c:\windows\System32\wmpeffects.dll

2009-01-30 19:02 . 2009-01-30 19:02 885248 ----a-w c:\windows\System32\RacEngn.dll

2009-01-30 10:2009-02-03 20:38 42:04 . c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2007-03-28 18:59 2953216 ----a-w c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2007-03-28 18:59 2953216 ----a-w c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-30 39408]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-04-03 2794928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-17 148888]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]

"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-03-28 49168]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-25 92704]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-09-25 96800]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-25 13552160]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-30 30192]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]

"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2008-11-03 1745648]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2009-01-30 10:49 10536 ----a-w c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2007-03-28 18:46 90112 ----a-w c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk

backup=c:\windows\pss\BTTray.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Tiflo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]

path=c:\users\Tiflo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk

backup=c:\windows\pss\hamachi.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-06-12 01:38 34672 ----a-w c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2008-08-14 06:58 611712 ----a-w c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2008-11-20 12:20 290088 ----a-w c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]

2008-11-14 12:35 305064 ----a-r c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"="0x00000000"

"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{13FF525D-F427-4106-9F9A-19CF9E1EC7D3}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect

"{A78B785E-0D39-4DF6-A028-861BDEE4FBBE}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program

"{FBCF6E50-125D-487D-8309-E9631E45980A}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine

"{19A79081-50C7-4FE9-A2E3-7C17F016235C}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server

"{ECBA36C5-56E4-470F-BDE5-F62A8BC3458B}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{7DBB3073-B4B9-4372-A80C-72ED6AF14D51}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{19FDDC55-3A2B-416B-A762-7DA38FDAD262}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{AA4B586A-98EC-435B-9796-63B18A35FC0A}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{ABF7F3EB-3CA5-45BF-8752-F803CE629B85}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{93C9DE04-224C-4369-98BD-58C8A8265DF6}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{925604E7-675A-47CE-8EA5-F5E464CE9F80}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{86E4A6EB-2A74-469B-853D-236E7B649DAC}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{3891FF4B-2E64-49AC-BDEC-4C5396BC7F2F}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{5C30DB6F-A232-4961-ACC0-0C268E9EAA6C}"= UDP:5353:Adobe CSI CS4

"{B26BD27A-4ADB-4968-B426-936AF503DAF3}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"{04EF4861-9B65-4C7C-9C49-1DD7DD7CBD89}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"TCP Query User{821469E2-C32C-425E-9735-83859A1C87DA}c:\\users\\tiflo\\desktop\\left4dead\\left 4 dead\\left4dead.exe"= UDP:c:\users\tiflo\desktop\left4dead\left 4 dead\left4dead.exe:left4dead.exe

"UDP Query User{56F26CD9-D742-4C01-B6CC-E16A519FF9B0}c:\\users\\tiflo\\desktop\\left4dead\\left 4 dead\\left4dead.exe"= TCP:c:\users\tiflo\desktop\left4dead\left 4 dead\left4dead.exe:left4dead.exe

"TCP Query User{C2978359-5F82-4CCF-87FC-052AC9B5D208}c:\\users\\tiflo\\desktop\\w3-lan\\war3.exe"= UDP:c:\users\tiflo\desktop\w3-lan\war3.exe:war3.exe

"UDP Query User{CACD8F20-6B35-4D71-B272-84B143DC5481}c:\\users\\tiflo\\desktop\\w3-lan\\war3.exe"= TCP:c:\users\tiflo\desktop\w3-lan\war3.exe:war3.exe

"TCP Query User{31C211FB-ED59-4790-81D4-CD7E5FA966DB}c:\\users\\tiflo\\desktop\\starcraft\\starcraft.exe"= UDP:c:\users\tiflo\desktop\starcraft\starcraft.exe:starcraft.exe

"UDP Query User{8E654824-E64D-4230-AFEB-FFCA533F7401}c:\\users\\tiflo\\desktop\\starcraft\\starcraft.exe"= TCP:c:\users\tiflo\desktop\starcraft\starcraft.exe:starcraft.exe

"{F465871E-7ACC-4F76-88AE-0C1F4AC68F43}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{70A1DAEE-5A67-4E8C-931D-962F50F59657}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{93301071-C2A3-410D-81CB-34743F474588}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{ADA9F624-A036-4E2B-8708-B5603D1A8ED3}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{FE908AB6-FAF9-4BC8-9889-783335395EC7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{76927582-8BC6-440A-A2E6-9EF72A7C8453}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"TCP Query User{AB36A5C1-1390-4421-8149-80B97EF1B566}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:Starcraft

"UDP Query User{A5FD8BCB-DA67-4EDC-BA5A-FF12E2AB4907}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:Starcraft

"TCP Query User{ED4538E0-A2FA-4AC0-8630-A392975C3911}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III

"UDP Query User{46A60B20-AE3F-4F40-BC21-6F5BF61F04C5}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III

"TCP Query User{E195AA4B-FA9E-499C-9B49-F0BA95D752F7}c:\\program files\\electronic arts\\dead space\\dead space.exe"= UDP:c:\program files\electronic arts\dead space\dead space.exe:Dead Space ™

"UDP Query User{F9797C48-2A98-48CD-AB6A-EE767866D3E5}c:\\program files\\electronic arts\\dead space\\dead space.exe"= TCP:c:\program files\electronic arts\dead space\dead space.exe:Dead Space ™

"TCP Query User{02AF7884-A012-44CF-B885-C538464B8011}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay

"UDP Query User{89985E75-CFA9-4CE5-A0A9-29527BE20595}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay

"TCP Query User{F5526089-AD4A-432A-93BF-7680E6B19995}c:\\program files\\age of empires ii\\empires2.exe"= UDP:c:\program files\age of empires ii\empires2.exe:Age of Empires II

"UDP Query User{FEB2A9BE-3314-4A40-9061-5401EEC21E0D}c:\\program files\\age of empires ii\\empires2.exe"= TCP:c:\program files\age of empires ii\empires2.exe:Age of Empires II

"TCP Query User{BF65F071-47B5-41CC-AEC3-8C8F029CC435}c:\\users\\tiflo\\desktop\\left4dead\\left 4 dead\\left4dead.exe"= UDP:c:\users\tiflo\desktop\left4dead\left 4 dead\left4dead.exe:left4dead.exe

"UDP Query User{2C6F34FE-A91E-4124-9B59-2C1E374F8425}c:\\users\\tiflo\\desktop\\left4dead\\left 4 dead\\left4dead.exe"= TCP:c:\users\tiflo\desktop\left4dead\left 4 dead\left4dead.exe:left4dead.exe

"TCP Query User{49DABD47-4FDC-4E4A-94D9-D7132F589C84}c:\\users\\tiflo\\downloads\\age of the empire 2\\age2_x1.exe"= UDP:c:\users\tiflo\downloads\age of the empire 2\age2_x1.exe:age2_x1.exe

"UDP Query User{CE2B5641-6666-465C-812F-4936EF51B63B}c:\\users\\tiflo\\downloads\\age of the empire 2\\age2_x1.exe"= TCP:c:\users\tiflo\downloads\age of the empire 2\age2_x1.exe:age2_x1.exe

"TCP Query User{AF98C2C6-091B-403C-8CFD-6854D369ED10}c:\\program files\\far cry 2\\bin\\farcry2.exe"= UDP:c:\program files\far cry 2\bin\farcry2.exe:Far Cry® 2

"UDP Query User{DFAA0CDA-DEF8-43A1-A3FE-FF26E4EA6D0B}c:\\program files\\far cry 2\\bin\\farcry2.exe"= TCP:c:\program files\far cry 2\bin\farcry2.exe:Far Cry® 2

"TCP Query User{46DF4012-BD49-4C08-B5D7-408AE91F8635}c:\\program files\\age of empires ii\\age2_x1.exe"= UDP:c:\program files\age of empires ii\age2_x1.exe:Age of Empires II Expansion

"UDP Query User{ED63084E-89F8-424B-8B3C-997A900089E3}c:\\program files\\age of empires ii\\age2_x1.exe"= TCP:c:\program files\age of empires ii\age2_x1.exe:Age of Empires II Expansion

"{F449FCCD-BA99-4A2C-B66D-F6362AC85538}"= UDP:c:\program files\Codemasters\GRID\GRID.exe:GRID

"{883E8F59-D27C-43A1-A310-B69074EE4010}"= TCP:c:\program files\Codemasters\GRID\GRID.exe:GRID

"TCP Query User{2D06D69C-720A-4B77-BA4A-89529BFBD25A}c:\\program files\\codemasters\\grid\\grid.exe"= UDP:c:\program files\codemasters\grid\grid.exe:GRID Executable

"UDP Query User{53CE5905-6F13-4DA2-987A-A07C3E886FF3}c:\\program files\\codemasters\\grid\\grid.exe"= TCP:c:\program files\codemasters\grid\grid.exe:GRID Executable

"{2D6C944A-9944-4637-913E-620E55A5730C}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X

"{4EA91C0A-DBC8-4DA8-A381-33BF0567A1D7}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X

"{1B8539C4-011E-41A2-B463-84A8FDDE6B36}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X

"{9ABDD755-A52B-4A6B-A640-2092367E639C}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X

"{8A97ACF2-43BA-45F9-B124-B862A3C01DA2}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club

"{455CE0EC-9BA6-45BD-A962-26332C940B06}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club

"{E6E46FE2-5C04-49F1-BBF0-7933FA58C119}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV

"{27BC7BEE-6FB5-4BF8-B669-F7DEFC885566}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV

"TCP Query User{8B1E8D2F-A80A-4F63-BE19-8B9B97C76FCE}c:\\users\\tiflo\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:c:\users\tiflo\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe

"UDP Query User{5CC9F231-B534-48D1-8A32-D0D2D9AB325D}c:\\users\\tiflo\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:c:\users\tiflo\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe

R2 DockLoginService;Dock Login Service; [x]

R3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-01-30 30192]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-03-19 2726941]

R4 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2007-09-07 209408]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]

S3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2008-03-04 235648]

S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2008-03-04 7424]

--- Other Services/Drivers In Memory ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d4c4e0d-24a0-11de-ac4c-002269c383ea}]

\shell\AutoRun\command - WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4df2f000-f232-11dd-9dff-002269c383ea}]

\shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7775c05c-f38b-11dd-b9fc-002269c383ea}]

\shell\AutoRun\command - b3b9u.com

\shell\explore\Command - b3b9u.com

\shell\open\Command - b3b9u.com

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)

.

------- Supplementary Scan -------

.

mWindow Title =

uInternet Settings,ProxyOverride = *.local

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm

IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm

IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm

FF - ProfilePath - c:\users\Tiflo\AppData\Roaming\Mozilla\Firefox\Profiles\jyoh0dyi.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - component: c:\users\Tiflo\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll

.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-16 22:59

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\TEMP\TMP00000001D8D8941F6E6860A0 524288 bytes executable

scan completed successfully

hidden files: 1

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(712)

c:\windows\system32\psqlpwd.dll

c:\program files\Protector Suite QL\homefus2.dll

c:\program files\Protector Suite QL\infra.dll

- - - - - - - > 'Explorer.exe'(1920)

c:\program files\Protector Suite QL\farchns.dll

c:\program files\Protector Suite QL\infra.dll

c:\windows\system32\btncopy.dll

c:\program files\Internet Download Manager\idmmkb.dll

c:\program files\Internet Download Manager\IDMIECC.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\nvvsvc.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\wlanext.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe

c:\windows\System32\rundll32.exe

c:\program files\Protector Suite QL\upeksvr.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

c:\windows\System32\PnkBstrA.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\windows\System32\stacsv.exe

c:\windows\System32\conime.exe

c:\windows\System32\rundll32.exe

c:\program files\Protector Suite QL\psqltray.exe

c:\windows\System32\rundll32.exe

c:\program files\DellTPad\ApMsgFwd.exe

c:\program files\DellTPad\hidfind.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\DellTPad\ApntEx.exe

c:\program files\Internet Download Manager\IEMonitor.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\windows\System32\wbem\WMIADAP.exe

c:\program files\Mozilla Firefox\firefox.exe

.

**************************************************************************

.

Completion time: 2009-04-16 23:04 - machine was rebooted

ComboFix-quarantined-files.txt 2009-04-16 21:04

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

Post-Run: 162,859,606,016 octets libres

395 --- E O F --- 2009-04-16 09:01

Voilou voilou

ps: J'aimerais savoir ou vous avez appris comment analyser chaque rapport ^^

Modifié le 16 avril 2009 par saqhah

pear · le 17 avril 2009

Bonjour,

Combo, Nettoyage

Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Connecter tous les disques amovibles (disque dur externe, clé USB…).

Dans certaines circonstances , le Mode sans échec peut être nécessaire

Ouvrez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

KillAll::

File::

c:\windows\system32\GameMon.des

c:\windows\TEMP\TMP00000001D8D8941F6E6860A0

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7775c05c-f38b-11dd-b9fc-002269c383ea}]

* Attention, ce code a été rédigé spécialement pour cet utilisateur, il serait dangereux de le réutiliser dans d'autres cas !

Enregistrez-le en lui donnant le nom CFScript.txt

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poster son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

saqhah · le 17 avril 2009

Bonjour,

ComboFix 09-04-17.01 - Tiflo 04/17/2009 11:53.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3581.2376 [GMT 2:00]

Running from: c:\users\Tiflo\Desktop\ComboFix.exe

Command switches used :: c:\users\Tiflo\Desktop\CFScript.txt.txt

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2009-03-17 to 2009-04-17 )))))))))))))))))))))))))))))))

.

2009-04-16 21:38 . 2009-04-17 09:57 344690207 ----a-w c:\windows\MEMORY.DMP

2009-04-16 20:46 . 2009-04-16 20:46 691 ----a-w c:\users\Tiflo\AppData\Roaming\GetValue.vbs

2009-04-16 20:46 . 2009-04-16 20:46 35 ----a-w c:\users\Tiflo\AppData\Roaming\SetValue.bat

2009-04-16 19:50 . 2009-04-16 19:50 -------- dc-h--w c:\users\All Users\{5C66460E-8CA0-49BD-B660-B4925E7AFA18}

2009-04-16 19:50 . 2009-04-16 19:50 -------- dc-h--w c:\programdata\{5C66460E-8CA0-49BD-B660-B4925E7AFA18}

2009-04-16 19:14 . 2009-04-16 23:06 -------- d-----w c:\users\Tiflo\AppData\Roaming\Command & Conquer 3 Tiberium Wars

2009-04-16 15:24 . 2009-04-16 15:31 -------- d-----w C:\ToolBar SD

2009-04-16 10:10 . 2009-04-16 15:00 -------- d-----w c:\users\Tiflo\workspace

2009-04-15 09:11 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll

2009-04-15 09:11 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll

2009-04-15 09:11 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll

2009-04-14 16:51 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll

2009-04-14 16:51 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2009-04-14 16:51 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll

2009-04-14 16:51 . 2008-06-20 01:14 37384 ----a-w c:\windows\system32\infocardcpl.cpl

2009-04-14 16:51 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll

2009-04-14 16:51 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe

2009-04-14 16:51 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll

2009-04-14 16:51 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe

2009-04-14 16:45 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll

2009-04-14 16:45 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll

2009-04-14 16:45 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll

2009-04-14 16:45 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll

2009-04-14 16:45 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll

2009-04-14 16:27 . 2009-03-19 16:16 2726941 ----a-w c:\windows\system32\GameMon.des

2009-04-14 16:21 . 2005-01-02 21:43 4682 ----a-w c:\windows\system32\npptNT2.sys

2009-04-14 16:21 . 2003-07-19 06:17 5174 ----a-w c:\windows\system32\nppt9x.vxd

2009-04-14 14:32 . 2009-04-14 14:32 -------- d-----w c:\windows\system32\xlive

2009-04-12 13:56 . 2009-04-16 08:54 -------- d-----w c:\users\Tiflo\AppData\Local\Cooliris

2009-04-12 12:21 . 2009-04-12 12:21 -------- d-----w c:\users\Tiflo\AppData\Local\MigWiz

2009-04-12 11:55 . 2009-04-17 09:56 -------- d-----w c:\users\Tiflo\AppData\Roaming\DMCache

2009-04-12 11:55 . 2009-04-16 22:24 -------- d-----w c:\users\Tiflo\AppData\Roaming\IDM

2009-04-10 14:47 . 2009-04-10 14:47 -------- d-----r c:\windows\system32\config\systemprofile\Music

2009-04-09 15:01 . 2009-04-09 15:01 -------- d-----w c:\users\Tiflo\AppData\Roaming\Command & Conquer 3 Kane's Wrath

2009-04-03 13:24 . 2009-03-26 15:35 210352 ----a-w c:\windows\system32\idmmbc.dll

2009-04-02 15:30 . 2009-04-02 15:30 615 ----a-w c:\windows\eReg.dat

2009-03-22 13:09 . 2009-03-22 13:09 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-17 09:49 . 2008-01-21 08:40 713472 ----a-w c:\windows\System32\perfh00C.dat

2009-04-17 09:49 . 2008-01-21 08:40 143510 ----a-w c:\windows\System32\perfc00C.dat

2009-04-17 09:43 . 2009-02-03 21:27 27839 ----a-w c:\users\All Users\nvModes.dat

2009-04-17 09:43 . 2009-02-03 21:27 27839 ----a-w c:\programdata\nvModes.dat

2009-04-16 20:47 . 2009-04-16 20:38 2524 ----a-w C:\rapport.txt

2009-04-16 18:01 . 2009-02-03 20:58 -------- d-----w c:\program files\Electronic Arts

2009-04-16 15:31 . 2009-04-16 15:26 3802 ----a-w C:\TB.txt

2009-04-16 10:03 . 2009-04-16 10:03 -------- d-----w c:\program files\Trend Micro

2009-04-16 09:58 . 2009-02-17 21:05 -------- d-----w c:\program files\eclipse

2009-04-16 09:07 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail

2009-04-16 08:59 . 2009-02-03 22:27 -------- d-----w c:\programdata\Microsoft Help

2009-04-15 23:14 . 2009-02-04 22:59 -------- d-----w c:\users\Tiflo\AppData\Roaming\dvdcss

2009-04-15 11:24 . 2009-02-07 16:00 -------- d-----w c:\users\Tiflo\AppData\Roaming\codeblocks

2009-04-14 17:59 . 2009-02-03 18:34 102192 ----a-w c:\users\Tiflo\AppData\Local\GDIPFONTCACHEV1.DAT

2009-04-14 16:20 . 2009-04-14 16:20 -------- d-----w c:\program files\Common Files\INCA Shared

2009-04-14 15:43 . 2009-04-14 15:43 -------- d-----w c:\program files\Ê¢´óÍøÂç

2009-04-14 14:34 . 2009-04-14 13:40 -------- d-----w c:\program files\Rockstar Games

2009-04-14 14:32 . 2009-04-14 14:32 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE

2009-04-14 13:40 . 2009-01-30 10:30 -------- d--h--w c:\program files\InstallShield Installation Information

2009-04-13 20:20 . 2009-02-03 21:09 -------- d-----w c:\programdata\Media Center Programs

2009-04-13 20:01 . 2009-04-13 20:01 -------- d-----w c:\program files\Ubisoft

2009-04-13 08:55 . 2009-04-12 11:55 -------- d-----w c:\program files\Internet Download Manager

2009-04-12 14:07 . 2008-01-21 02:23 615424 ----a-w c:\windows\System32\themeui.dll

2009-04-12 14:07 . 2008-01-21 02:23 240128 ----a-w c:\windows\System32\uxtheme.dll

2009-04-09 14:38 . 2009-04-09 14:38 -------- d-----w c:\program files\7-Zip

2009-04-02 15:25 . 2009-03-06 16:52 -------- d-----w c:\program files\EA GAMES

2009-04-02 15:22 . 2009-01-30 10:29 -------- d-----w c:\program files\Common Files\InstallShield

2009-03-17 03:38 . 2009-04-15 09:10 40960 ----a-w c:\windows\AppPatch\apihex86.dll

2009-03-17 03:38 . 2009-04-15 09:10 13824 ----a-w c:\windows\System32\apilogen.dll

2009-03-17 03:38 . 2009-04-15 09:10 24064 ----a-w c:\windows\System32\amxread.dll

2009-03-10 17:33 . 2009-02-16 14:28 -------- d-----w c:\users\Tiflo\AppData\Roaming\Hamachi

2009-03-09 17:29 . 2009-03-09 17:29 -------- d-----w c:\program files\Tetris

2009-03-08 18:19 . 2009-03-08 16:00 -------- d-----w c:\users\Tiflo\AppData\Roaming\Crayon Physics Deluxe

2009-03-08 15:58 . 2009-03-08 15:58 -------- d-----w c:\program files\Crayon Physics Deluxe

2009-03-05 17:47 . 2009-03-05 17:47 -------- d-----w c:\programdata\Megaupload

2009-03-05 17:47 . 2009-03-05 17:47 -------- d-----w c:\programdata\EmailNotifier

2009-03-05 17:09 . 2009-03-05 17:09 -------- d-----w c:\program files\Xplosiv

2009-03-05 14:38 . 2009-03-05 14:38 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf

2009-03-05 14:38 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat

2009-03-05 14:38 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat

2009-03-05 14:38 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat

2009-03-03 17:42 . 2009-03-03 17:42 -------- d-----w c:\programdata\Codemasters

2009-03-03 17:32 . 2009-03-03 13:59 444952 ----a-w c:\windows\System32\wrap_oal.dll

2009-03-03 17:32 . 2009-03-03 13:59 109080 ----a-w c:\windows\System32\OpenAL32.dll

2009-03-03 17:01 . 2009-03-03 17:01 216 ----a-w C:\DebugTrace-RockallDLL.log

2009-03-03 16:53 . 2009-03-03 16:53 -------- d-----w c:\program files\Codemasters

2009-03-03 13:59 . 2009-03-03 13:59 -------- d-----w c:\program files\OpenAL

2009-03-03 08:12 . 2009-02-05 20:33 -------- d-----w c:\program files\Activision

2009-03-03 04:40 . 2009-04-15 09:10 827392 ----a-w c:\windows\System32\wininet.dll

2009-03-03 04:39 . 2009-04-15 09:10 183296 ----a-w c:\windows\System32\sdohlp.dll

2009-03-03 04:39 . 2009-04-15 09:10 551424 ----a-w c:\windows\System32\rpcss.dll

2009-03-03 04:39 . 2009-04-15 09:10 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll

2009-03-03 04:37 . 2009-04-15 09:10 3600880 ----a-w c:\windows\System32\ntkrnlpa.exe

2009-03-03 04:37 . 2009-04-15 09:10 3548656 ----a-w c:\windows\System32\ntoskrnl.exe

2009-03-03 04:37 . 2009-04-15 09:10 78336 ----a-w c:\windows\System32\ieencode.dll

2009-03-03 04:37 . 2009-04-15 09:10 98304 ----a-w c:\windows\System32\iasrecst.dll

2009-03-03 04:37 . 2009-04-15 09:10 54784 ----a-w c:\windows\System32\iasads.dll

2009-03-03 04:37 . 2009-04-15 09:10 44032 ----a-w c:\windows\System32\iasdatastore.dll

2009-03-03 03:04 . 2009-04-15 09:10 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe

2009-03-03 02:38 . 2009-04-15 09:10 17408 ----a-w c:\windows\System32\iashost.exe

2009-03-03 02:28 . 2009-04-15 09:10 26624 ----a-w c:\windows\System32\ieUnatt.exe

2009-02-20 21:20 . 2009-02-20 21:20 -------- d-----w c:\programdata\2DBoy

2009-02-18 23:18 . 2009-02-18 23:18 11376 ----a-w c:\windows\system32\drivers\SECDRV.SYS

2009-02-18 22:34 . 2009-02-18 22:34 680 ----a-w c:\users\Tiflo\AppData\Local\d3d9caps.dat

2009-02-18 22:25 . 2009-02-18 22:25 -------- d-----w c:\program files\WorldOfGoo

2009-02-18 22:23 . 2009-02-18 22:23 -------- d-----w c:\program files\Far Cry 2

2009-02-18 22:23 . 2009-02-18 22:22 -------- d-----w c:\program files\Age of Mythology

2009-02-18 18:17 . 2009-02-17 11:56 -------- d-----w c:\program files\Age of Empires II

2009-02-17 20:48 . 2009-02-17 20:49 410984 ----a-w c:\windows\System32\deploytk.dll

2009-02-17 20:48 . 2009-01-30 10:29 -------- d-----w c:\program files\Java

2009-02-16 15:40 . 2006-11-02 12:37 -------- d-----w c:\program files\Microsoft Games

2009-02-16 15:33 . 2009-02-16 15:32 -------- d-----w c:\program files\Windows Live Safety Center

2009-02-16 14:28 . 2009-02-16 14:27 -------- d-----w c:\program files\Hamachi

2009-02-16 14:27 . 2009-02-16 14:27 25280 ----a-w c:\windows\system32\drivers\hamachi.sys

2009-02-13 18:35 . 2009-02-13 18:35 98304 ----a-w c:\windows\System32\CmdLineExt.dll

2009-02-13 08:49 . 2009-04-15 09:10 72704 ----a-w c:\windows\System32\secur32.dll

2009-02-13 08:49 . 2009-04-15 09:10 1255936 ----a-w c:\windows\System32\lsasrv.dll

2009-02-09 03:10 . 2009-03-11 12:59 2033152 ----a-w c:\windows\System32\win32k.sys

2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\System32\sirenacm.dll

2009-02-05 23:18 . 2009-02-05 23:17 69632 ----a-w c:\windows\ScUnin.exe

2009-02-05 23:18 . 2009-02-05 23:17 32172 ----a-w c:\windows\scunin.dat

2009-02-04 16:36 . 2009-02-04 16:36 93 ----a-w c:\users\Tiflo\AppData\Local\fusioncache.dat

2009-02-03 21:10 . 2009-02-03 21:10 22328 ----a-w c:\users\Tiflo\AppData\Roaming\PnkBstrK.sys

2009-02-03 21:10 . 2009-02-03 21:10 103736 ----a-w c:\windows\System32\PnkBstrB.exe

2009-02-03 21:10 . 2009-02-03 21:10 66872 ----a-w c:\windows\System32\PnkBstrA.exe

2009-02-03 21:10 . 2009-02-03 21:10 669184 ----a-w c:\windows\System32\pbsvc.exe

2009-01-30 19:11 . 2009-01-30 19:11 5248 ---ha-r C:\dell.sdr

2009-01-30 19:10 . 2009-01-30 19:10 8704 ----a-w c:\windows\System32\hccoin.dll

2009-01-30 19:10 . 2009-01-30 19:10 15872 ----a-w c:\windows\System32\hcrstco.dll

2009-01-30 19:10 . 2006-11-02 10:25 665600 ----a-w c:\windows\Inf\drvindex.dat

2009-01-30 19:10 . 2009-01-30 19:10 22016 ----a-w c:\windows\System32\hid.dll

2009-01-30 19:10 . 2009-01-30 19:10 26112 ----a-w c:\windows\System32\hidserv.dll

2009-01-30 19:09 . 2009-01-30 19:09 1191936 ----a-w c:\windows\System32\msxml3.dll

2009-01-30 19:09 . 2009-01-30 19:09 74752 ----a-w c:\windows\System32\newdev.exe

2009-01-30 19:09 . 2009-01-30 19:09 468992 ----a-w c:\windows\System32\newdev.dll

2009-01-30 19:07 . 2009-01-30 19:07 738304 ----a-w c:\windows\System32\inetcomm.dll

2009-01-30 19:07 . 2009-01-30 19:07 269312 ----a-w c:\windows\System32\es.dll

2009-01-30 19:04 . 2009-01-30 19:04 361984 ----a-w c:\windows\System32\IPSECSVC.DLL

2009-01-30 19:03 . 2009-01-30 19:03 303616 ----a-w c:\windows\System32\wmpeffects.dll

2009-01-30 19:02 . 2009-01-30 19:02 885248 ----a-w c:\windows\System32\RacEngn.dll

2009-01-30 10:2009-02-03 20:38 42:04 . c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-04-16_20.59.21 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-01-21 01:58 . 2009-04-16 20:37 47184 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-01-21 01:58 . 2009-04-17 09:45 47184 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 13:05 . 2009-04-17 09:45 95374 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-02-03 18:33 . 2009-04-17 09:44 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-02-03 18:33 . 2009-04-16 20:37 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-02-03 18:33 . 2009-04-17 09:44 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-02-03 18:33 . 2009-04-16 20:37 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-02-03 18:33 . 2009-04-17 09:44 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-02-03 18:33 . 2009-04-16 20:37 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-02-03 20:39 . 2009-04-17 09:45 8116 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3028669498-637520200-3870374119-1000_UserData.bin

+ 2006-11-02 10:33 . 2009-04-17 09:49 635898 c:\windows\System32\perfh009.dat

+ 2006-11-02 10:33 . 2009-04-17 09:49 117692 c:\windows\System32\perfc009.dat

- 2006-11-02 12:47 . 2009-04-16 20:59 262144 c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2006-11-02 12:47 . 2009-04-17 09:58 262144 c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

- 2006-11-02 12:47 . 2009-04-16 20:59 262144 c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2006-11-02 12:47 . 2009-04-17 09:58 262144 c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2006-11-02 12:47 . 2009-04-17 09:58 2310272 c:\windows\System32\FNTCACHE.DAT

- 2006-11-02 12:47 . 2009-04-14 19:41 2310272 c:\windows\System32\FNTCACHE.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2007-03-28 18:59 2953216 ----a-w c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2007-03-28 18:59 2953216 ----a-w c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-30 39408]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-04-03 2794928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-17 148888]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]

"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-03-28 49168]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-25 92704]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-09-25 96800]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-25 13552160]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-30 30192]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]

"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2008-11-03 1745648]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2009-01-30 10:49 10536 ----a-w c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2007-03-28 18:46 90112 ----a-w c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk

backup=c:\windows\pss\BTTray.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Tiflo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]

path=c:\users\Tiflo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk

backup=c:\windows\pss\hamachi.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-06-12 01:38 34672 ----a-w c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2008-08-14 06:58 611712 ----a-w c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2008-11-20 12:20 290088 ----a-w c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]

2008-11-14 12:35 305064 ----a-r c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"="0x00000000"

"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{13FF525D-F427-4106-9F9A-19CF9E1EC7D3}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect

"{A78B785E-0D39-4DF6-A028-861BDEE4FBBE}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program

"{FBCF6E50-125D-487D-8309-E9631E45980A}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine

"{19A79081-50C7-4FE9-A2E3-7C17F016235C}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server

"{ECBA36C5-56E4-470F-BDE5-F62A8BC3458B}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{7DBB3073-B4B9-4372-A80C-72ED6AF14D51}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{19FDDC55-3A2B-416B-A762-7DA38FDAD262}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{AA4B586A-98EC-435B-9796-63B18A35FC0A}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{ABF7F3EB-3CA5-45BF-8752-F803CE629B85}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{93C9DE04-224C-4369-98BD-58C8A8265DF6}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{925604E7-675A-47CE-8EA5-F5E464CE9F80}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{86E4A6EB-2A74-469B-853D-236E7B649DAC}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{3891FF4B-2E64-49AC-BDEC-4C5396BC7F2F}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{5C30DB6F-A232-4961-ACC0-0C268E9EAA6C}"= UDP:5353:Adobe CSI CS4

"{B26BD27A-4ADB-4968-B426-936AF503DAF3}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"{04EF4861-9B65-4C7C-9C49-1DD7DD7CBD89}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"TCP Query User{821469E2-C32C-425E-9735-83859A1C87DA}c:\\users\\tiflo\\desktop\\left4dead\\left 4 dead\\left4dead.exe"= UDP:c:\users\tiflo\desktop\left4dead\left 4 dead\left4dead.exe:left4dead.exe

"UDP Query User{56F26CD9-D742-4C01-B6CC-E16A519FF9B0}c:\\users\\tiflo\\desktop\\left4dead\\left 4 dead\\left4dead.exe"= TCP:c:\users\tiflo\desktop\left4dead\left 4 dead\left4dead.exe:left4dead.exe

"TCP Query User{C2978359-5F82-4CCF-87FC-052AC9B5D208}c:\\users\\tiflo\\desktop\\w3-lan\\war3.exe"= UDP:c:\users\tiflo\desktop\w3-lan\war3.exe:war3.exe

"UDP Query User{CACD8F20-6B35-4D71-B272-84B143DC5481}c:\\users\\tiflo\\desktop\\w3-lan\\war3.exe"= TCP:c:\users\tiflo\desktop\w3-lan\war3.exe:war3.exe

"TCP Query User{31C211FB-ED59-4790-81D4-CD7E5FA966DB}c:\\users\\tiflo\\desktop\\starcraft\\starcraft.exe"= UDP:c:\users\tiflo\desktop\starcraft\starcraft.exe:starcraft.exe

"UDP Query User{8E654824-E64D-4230-AFEB-FFCA533F7401}c:\\users\\tiflo\\desktop\\starcraft\\starcraft.exe"= TCP:c:\users\tiflo\desktop\starcraft\starcraft.exe:starcraft.exe

"{F465871E-7ACC-4F76-88AE-0C1F4AC68F43}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{70A1DAEE-5A67-4E8C-931D-962F50F59657}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{93301071-C2A3-410D-81CB-34743F474588}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{ADA9F624-A036-4E2B-8708-B5603D1A8ED3}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{FE908AB6-FAF9-4BC8-9889-783335395EC7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{76927582-8BC6-440A-A2E6-9EF72A7C8453}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"TCP Query User{AB36A5C1-1390-4421-8149-80B97EF1B566}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:Starcraft

"UDP Query User{A5FD8BCB-DA67-4EDC-BA5A-FF12E2AB4907}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:Starcraft

"TCP Query User{ED4538E0-A2FA-4AC0-8630-A392975C3911}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III

"UDP Query User{46A60B20-AE3F-4F40-BC21-6F5BF61F04C5}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III

"TCP Query User{E195AA4B-FA9E-499C-9B49-F0BA95D752F7}c:\\program files\\electronic arts\\dead space\\dead space.exe"= UDP:c:\program files\electronic arts\dead space\dead space.exe:Dead Space ™

"UDP Query User{F9797C48-2A98-48CD-AB6A-EE767866D3E5}c:\\program files\\electronic arts\\dead space\\dead space.exe"= TCP:c:\program files\electronic arts\dead space\dead space.exe:Dead Space ™

"TCP Query User{02AF7884-A012-44CF-B885-C538464B8011}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay

"UDP Query User{89985E75-CFA9-4CE5-A0A9-29527BE20595}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay

"TCP Query User{F5526089-AD4A-432A-93BF-7680E6B19995}c:\\program files\\age of empires ii\\empires2.exe"= UDP:c:\program files\age of empires ii\empires2.exe:Age of Empires II

"UDP Query User{FEB2A9BE-3314-4A40-9061-5401EEC21E0D}c:\\program files\\age of empires ii\\empires2.exe"= TCP:c:\program files\age of empires ii\empires2.exe:Age of Empires II

"TCP Query User{BF65F071-47B5-41CC-AEC3-8C8F029CC435}c:\\users\\tiflo\\desktop\\left4dead\\left 4 dead\\left4dead.exe"= UDP:c:\users\tiflo\desktop\left4dead\left 4 dead\left4dead.exe:left4dead.exe

"UDP Query User{2C6F34FE-A91E-4124-9B59-2C1E374F8425}c:\\users\\tiflo\\desktop\\left4dead\\left 4 dead\\left4dead.exe"= TCP:c:\users\tiflo\desktop\left4dead\left 4 dead\left4dead.exe:left4dead.exe

"TCP Query User{49DABD47-4FDC-4E4A-94D9-D7132F589C84}c:\\users\\tiflo\\downloads\\age of the empire 2\\age2_x1.exe"= UDP:c:\users\tiflo\downloads\age of the empire 2\age2_x1.exe:age2_x1.exe

"UDP Query User{CE2B5641-6666-465C-812F-4936EF51B63B}c:\\users\\tiflo\\downloads\\age of the empire 2\\age2_x1.exe"= TCP:c:\users\tiflo\downloads\age of the empire 2\age2_x1.exe:age2_x1.exe

"TCP Query User{AF98C2C6-091B-403C-8CFD-6854D369ED10}c:\\program files\\far cry 2\\bin\\farcry2.exe"= UDP:c:\program files\far cry 2\bin\farcry2.exe:Far Cry® 2

"UDP Query User{DFAA0CDA-DEF8-43A1-A3FE-FF26E4EA6D0B}c:\\program files\\far cry 2\\bin\\farcry2.exe"= TCP:c:\program files\far cry 2\bin\farcry2.exe:Far Cry® 2

"TCP Query User{46DF4012-BD49-4C08-B5D7-408AE91F8635}c:\\program files\\age of empires ii\\age2_x1.exe"= UDP:c:\program files\age of empires ii\age2_x1.exe:Age of Empires II Expansion

"UDP Query User{ED63084E-89F8-424B-8B3C-997A900089E3}c:\\program files\\age of empires ii\\age2_x1.exe"= TCP:c:\program files\age of empires ii\age2_x1.exe:Age of Empires II Expansion

"{F449FCCD-BA99-4A2C-B66D-F6362AC85538}"= UDP:c:\program files\Codemasters\GRID\GRID.exe:GRID

"{883E8F59-D27C-43A1-A310-B69074EE4010}"= TCP:c:\program files\Codemasters\GRID\GRID.exe:GRID

"TCP Query User{2D06D69C-720A-4B77-BA4A-89529BFBD25A}c:\\program files\\codemasters\\grid\\grid.exe"= UDP:c:\program files\codemasters\grid\grid.exe:GRID Executable

"UDP Query User{53CE5905-6F13-4DA2-987A-A07C3E886FF3}c:\\program files\\codemasters\\grid\\grid.exe"= TCP:c:\program files\codemasters\grid\grid.exe:GRID Executable

"{2D6C944A-9944-4637-913E-620E55A5730C}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X

"{4EA91C0A-DBC8-4DA8-A381-33BF0567A1D7}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:Tom Clancy's H.A.W.X

"{1B8539C4-011E-41A2-B463-84A8FDDE6B36}"= UDP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X

"{9ABDD755-A52B-4A6B-A640-2092367E639C}"= TCP:c:\program files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:Tom Clancy's H.A.W.X

"{8A97ACF2-43BA-45F9-B124-B862A3C01DA2}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club

"{455CE0EC-9BA6-45BD-A962-26332C940B06}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club

"{E6E46FE2-5C04-49F1-BBF0-7933FA58C119}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV

"{27BC7BEE-6FB5-4BF8-B669-F7DEFC885566}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV

"TCP Query User{8B1E8D2F-A80A-4F63-BE19-8B9B97C76FCE}c:\\users\\tiflo\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:c:\users\tiflo\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe

"UDP Query User{5CC9F231-B534-48D1-8A32-D0D2D9AB325D}c:\\users\\tiflo\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:c:\users\tiflo\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe

R2 DockLoginService;Dock Login Service; [x]

R3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-01-30 30192]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-03-19 2726941]

R4 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2007-09-07 209408]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]

S3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2008-03-04 235648]

S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2008-03-04 7424]

--- Other Services/Drivers In Memory ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d4c4e0d-24a0-11de-ac4c-002269c383ea}]

\shell\AutoRun\command - WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4df2f000-f232-11dd-9dff-002269c383ea}]

\shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7775c05c-f38b-11dd-b9fc-002269c383ea}]

\shell\AutoRun\command - b3b9u.com

\shell\explore\Command - b3b9u.com

\shell\open\Command - b3b9u.com

.

.

------- Supplementary Scan -------

.

mWindow Title =

uInternet Settings,ProxyOverride = *.local

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm

IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm

IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm

FF - ProfilePath - c:\users\Tiflo\AppData\Roaming\Mozilla\Firefox\Profiles\jyoh0dyi.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - component: c:\users\Tiflo\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll

.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-17 11:58

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\users\Tiflo\AppData\Roaming\Microsoft\Windows\Cookies\tiflo@c.msn[2].txt 64 bytes

c:\users\Tiflo\AppData\Roaming\Microsoft\Windows\Cookies\tiflo@c.live[1].txt 65 bytes

scan completed successfully

hidden files: 2

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(732)

c:\windows\system32\psqlpwd.dll

c:\program files\Protector Suite QL\homefus2.dll

c:\program files\Protector Suite QL\infra.dll

- - - - - - - > 'Explorer.exe'(4736)

c:\program files\Protector Suite QL\farchns.dll

c:\program files\Protector Suite QL\infra.dll

c:\windows\system32\btncopy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\nvvsvc.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\rundll32.exe

c:\program files\Protector Suite QL\upeksvr.exe

c:\windows\System32\wlanext.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe

c:\windows\System32\conime.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

c:\windows\System32\PnkBstrA.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\windows\System32\stacsv.exe

c:\program files\Protector Suite QL\psqltray.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\rundll32.exe

c:\program files\DellTPad\ApMsgFwd.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\DellTPad\hidfind.exe

c:\program files\DellTPad\ApntEx.exe

c:\program files\Internet Download Manager\IEMonitor.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\program files\Windows Live\Contacts\wlcomm.exe

c:\program files\Mozilla Firefox\firefox.exe

c:\windows\System32\wbem\WMIADAP.exe

.

**************************************************************************

.

Completion time: 2009-04-17 12:04 - machine was rebooted

ComboFix-quarantined-files.txt 2009-04-17 10:04

ComboFix2.txt 2009-04-16 21:04

Pre-Run: 159,444,230,144 octets libres

Post-Run: 159,957,667,840 octets libres

403 --- E O F --- 2009-04-16 09:01

Modifié le 17 avril 2009 par saqhah

pear · le 17 avril 2009

Vous avez fait un couac:

Command switches used :: c:\users\Tiflo\Desktop\CFScript.txt.txt

vous auriez du avoir:

c:\users\Tiflo\Desktop\CFScript.txt

* Attention, ce code a été rédigé spécialement pour cet utilisateur, il serait dangereux de le réutiliser dans d'autres cas !

Enregistrez-le en lui donnant le nom CFScript.txt

saqhah · le 17 avril 2009

J'ai un problème avec comboFix, lorsque je le lance plus rien ne se passe, j'ai une fenetre dos qui s'ouvre avec fond bleu et rien ne se passe, et cela même si je glisse le .txt dessus....

J'ai même réessayer de le retelecharger mais rien à faire.

pear · le 17 avril 2009

Désinstallez Combofix:

Démarrer > Exécuter ->combofix.exe /u

Valider par OK

ComboFix démarre et affiche un message disant que ComboFix est bien éliminé: cliquer sur OK.

Réinstallez le et lancez la procédure proposée à 10.55.

saqhah · le 17 avril 2009

Désinstallez Combofix:
Démarrer > Exécuter ->combofix.exe /u

Valider par OK

ComboFix démarre et affiche un message disant que ComboFix est bien éliminé: cliquer sur OK.

Réinstallez le et lancez la procédure proposée à 10.55.

rien à faire, toujours la même fenêtre DOS...

J'ai eu le message comme quoi ComboFix a bien été supprimé... Je le télécharge à nouveau, clique sur l'exécutable et toujours cette fenêtre bleue....

Tout à l'heure combofix m'a dit de faire une MAJ que j'ai faite, le problème est peu être là...

pear · le 19 avril 2009

Bonjour,

IL y avait un problème avec Combofix lorsdu lancement de CfScript.

Si une fenêtre d'erreur apparaît avec "pv.cfexe has encountered a problem and needs to close" ;

cliquez sur "Ne pas envoyer le rapport" et l'outil poursuivra l'analyse.

Cette erreur peut apparaître deux fois en début d'analyse.

Une nouvelle version(hier à 17.28) corrige le problème.

Connexion

Pas encore inscrit ?

Analyse Hijack - p'tite verif

Messages recommandés

saqhah

pear

saqhah

pear

saqhah

pear

saqhah

pear

saqhah

pear

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer