(Resolu) Securisation

[Titso]

Salut, comme je ne faisais pas confiance a McAfee alors j'ai installe Avira Antivir Personnal. Je cherchais des

 

photos de rainforest, coniferous et autres et voila qu'Avira détecte 15 logiciels malveillants tandis que McAfee détecte

 

786 chevaux de Troie (une vraie étable). Ce dernier les a mis en quarantaine tandis qu'Avira les a juste détectés. Que

 

faire et pourquoi que 15 et pas 786?

 

J'ai jamais vu ça!!!!! J'ai peur que mon ordi ne se bousille. Que faire?

 

Ensuite que signifie mise en quarantaine? Vont-ils disparaitre ou non?

 

Merci

Modifié le 8 juin 2009 par Titso

[ticlou]

Salut Titso

As-tu désinstaller McAfee avant l'installation Antivir,

Avira détecte 15 logiciels malveillants tandis que McAfee détecte 786 chevaux de Troie (une vraie étable)

 

Si tu n'as pas désinstaller McAfee, je dirais que c'est une vraie encan! ... ou surenchère.

Amicalement

Ticlou

[Zonk]

Allo a vous deux...

Si des items ont été mis en quarantaine alors ils sont hors état de nuire tant et aussi longtemps qu'il ne sont pas restaurer.....chose que seul toi peut faire...il n'y a pas y s'en faire tant qu'il y reste ou qu'ils sont supprimer ...

Comme le dit Ticlou je serais surpris que tu ais autant de menaces que ce que te dit McAfee dans ton ordi....mais qui sait.....a prime abord je ferais d'avantage confiance à Antivir

Normalement tu auras des infos sur les items en quarantaine de chaque antivirus.....et ne espérant que tu ne tourne pas sur deux antivirus en temps réel en même temps !!! (sinon les ennuis sont possible).....si tu as les infos des détections ,amène les...

 

Je te conseillerait d'amener un rapport RSIT

http://forum.pcastuces.com/randoms_system_...rsit-f31s31.htm

et tu auras normalement un suivit de la part de l'Équipe Sécurité

@+

[Falkra]

Comme le dit Ticlou je serais surpris que tu ais autant de menaces que ce que te dit McAfee dans ton ordi....mais qui sait.....a prime abord je ferais d'avantage confiance à Antivir

Lol, et moi donc. a moins que McAfee ait été configuré pour scanner aussi la machine en quête de joke/programs et autres joyeusetés (pour rien quoi).

[Titso]

Salut,

 

Non je n'ai pas désinstaller McAfee, je voulais simplement savoir s'il marchait vraiment. Car a l'inverse d'Antivira, lui ne m'informe pas, en temps réel, qu'il a détecté des virus ou autres. Concernant les detections il y en a trop impossible de copier le rapport.

 

Merci.

 

Voici mon rapport RSIT :

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Abi at 2009-06-06 17:04:23

Microsoft Windows XP Professional Service Pack 2

System drive C: has 145 GB (95%) free of 153 GB

Total RAM: 1014 MB (49% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:06:21, on 06/06/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Documents and Settings\Abi\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Abi\My Documents\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Abi\Desktop\RSIT.exe

C:\Program Files\trend micro\Abi.exe

C:\Program Files\Avira\AntiVir Desktop\update.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Abi\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

 

--

End of file - 8543 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\McDefragTask.job

C:\WINDOWS\tasks\McQcTask.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-04-16 1088296]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]

McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-01-09 246800]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-05-31 312928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

MyPlayCity Toolbar - C:\Program Files\MyPlayCity\tbMyPl.dll [2009-04-23 2087448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]

scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-03-25 62784]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-05-31 259696]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-06-02 668656]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-31 470512]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-05-31 259696]

{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - MyPlayCity Toolbar - C:\Program Files\MyPlayCity\tbMyPl.dll [2009-04-23 2087448]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]

"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]

"AzMixerSel"=C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe [2006-07-17 53248]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-01-29 16859648]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-04-05 77824]

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-28 141848]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-28 166424]

"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-28 137752]

"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-03-25 645328]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-05-31 198160]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

"cdoosoft"=C:\WINDOWS\system32\olhrwef.exe []

"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-04-16 24267560]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-05-31 39408]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

 

C:\Documents and Settings\Abi\Start Menu\Programs\Startup

Notification de cadeaux MSN.lnk - C:\Documents and Settings\Abi\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

======List of files/folders created in the last 1 months======

 

2009-06-06 17:04:24 ----D---- C:\Program Files\trend micro

2009-06-06 17:04:23 ----D---- C:\rsit

2009-06-06 14:45:37 ----D---- C:\WINDOWS\system32\SoftwareDistribution

2009-06-06 14:45:34 ----D---- C:\WINDOWS\LastGood

2009-06-03 20:35:21 ----D---- C:\Program Files\Easy MEMOry

2009-06-03 17:24:14 ----D---- C:\Program Files\MyPlayCity

2009-06-03 17:24:14 ----D---- C:\Program Files\Conduit

2009-06-02 14:31:53 ----D---- C:\Program Files\SiteAdvisor

2009-05-31 21:54:46 ----D---- C:\Program Files\Microsoft

2009-05-31 21:54:32 ----D---- C:\Program Files\Windows Live SkyDrive

2009-05-31 21:54:11 ----D---- C:\Program Files\Windows Live

2009-05-31 21:09:20 ----D---- C:\Program Files\Common Files\Windows Live

2009-05-31 18:41:30 ----D---- C:\Documents and Settings\Abi\Application Data\Google

2009-05-31 18:30:18 ----D---- C:\Program Files\Common Files\xing shared

2009-05-31 18:30:14 ----A---- C:\WINDOWS\system32\rmoc3260.dll

2009-05-31 18:30:02 ----A---- C:\WINDOWS\system32\pndx5032.dll

2009-05-31 18:30:02 ----A---- C:\WINDOWS\system32\pndx5016.dll

2009-05-31 18:30:01 ----D---- C:\Program Files\Real

2009-05-31 18:30:01 ----A---- C:\WINDOWS\system32\pncrt.dll

2009-05-31 18:29:59 ----D---- C:\Program Files\Common Files\Real

2009-05-31 18:29:57 ----D---- C:\Documents and Settings\Abi\Application Data\Real

2009-05-31 18:28:16 ----D---- C:\Documents and Settings\All Users\Application Data\Google

2009-05-31 18:28:14 ----D---- C:\Program Files\Google

2009-05-31 15:05:54 ----D---- C:\Program Files\Avira

2009-05-31 15:05:54 ----D---- C:\Documents and Settings\All Users\Application Data\Avira

2009-05-30 17:02:22 ----D---- C:\Documents and Settings\Abi\Application Data\Skype

2009-05-30 17:02:12 ----RD---- C:\Program Files\Skype

2009-05-30 17:02:11 ----D---- C:\Documents and Settings\All Users\Application Data\Skype

2009-05-29 23:47:05 ----D---- C:\Documents and Settings\Abi\Application Data\Macromedia

2009-05-29 23:44:10 ----D---- C:\Documents and Settings\Abi\Application Data\MSNInstaller

2009-05-29 23:22:23 ----RH---- C:\WINDOWS\system32\NTIMPEG2.dll

2009-05-29 23:22:23 ----RH---- C:\WINDOWS\system32\NTIMP3.dll

2009-05-29 23:22:23 ----RH---- C:\WINDOWS\system32\NTICDMK7.dll

2009-05-29 23:13:42 ----A---- C:\WINDOWS\system32\dunzip32.dll

2009-05-29 23:11:55 ----D---- C:\Program Files\McAfee.com

2009-05-29 23:11:53 ----D---- C:\Program Files\Common Files\McAfee

2009-05-29 23:11:42 ----D---- C:\Program Files\McAfee

2009-05-29 23:08:46 ----D---- C:\WINDOWS\IIS Temporary Compressed Files

 

======List of files/folders modified in the last 1 months======

 

2009-06-06 17:06:17 ----D---- C:\WINDOWS\Temp

2009-06-06 17:04:24 ----RD---- C:\Program Files

2009-06-06 14:47:39 ----D---- C:\WINDOWS\system32\inetsrv

2009-06-06 14:45:55 ----D---- C:\WINDOWS\system32

2009-06-06 14:45:55 ----D---- C:\WINDOWS\SoftwareDistribution

2009-06-06 14:45:55 ----D---- C:\WINDOWS\Help

2009-06-06 14:45:43 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-06-06 14:45:38 ----HD---- C:\WINDOWS\inf

2009-06-06 14:45:34 ----D---- C:\WINDOWS

2009-06-06 14:44:03 ----D---- C:\WINDOWS\system32\CatRoot2

2009-06-06 14:42:34 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-06-04 20:51:28 ----SD---- C:\Documents and Settings\Abi\Application Data\Microsoft

2009-06-04 20:46:39 ----SHD---- C:\WINDOWS\Installer

2009-06-04 20:46:36 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2009-06-02 14:54:35 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee

2009-06-02 14:52:32 ----D---- C:\WINDOWS\system32\drivers

2009-06-01 14:08:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-06-01 14:04:46 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor

2009-05-31 21:55:18 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-05-31 21:54:55 ----D---- C:\WINDOWS\WinSxS

2009-05-31 21:54:36 ----D---- C:\Program Files\Common Files\Microsoft Shared

2009-05-31 21:54:16 ----RSD---- C:\WINDOWS\Fonts

2009-05-31 21:53:57 ----D---- C:\WINDOWS\pchealth

2009-05-31 21:09:20 ----D---- C:\Program Files\Common Files

2009-05-31 18:30:01 ----A---- C:\WINDOWS\system32\msvcr71.dll

2009-05-31 18:30:01 ----A---- C:\WINDOWS\system32\msvcp71.dll

2009-05-31 15:54:37 ----D---- C:\Documents and Settings\Abi\Application Data\Help

2009-05-31 13:33:42 ----RSH---- C:\WINDOWS\system32\nmdfgds0.dll

2009-05-31 13:33:38 ----D---- C:\WINDOWS\Minidump

2009-05-30 15:30:37 ----D---- C:\Program Files\Zahra Coloring Game

2009-05-30 00:47:54 ----A---- C:\WINDOWS\ModemLog_Standard 300 bps Modem.txt

2009-05-29 23:44:24 ----RSH---- C:\WINDOWS\system32\nmdfgds1.dll

2009-05-29 23:12:06 ----SD---- C:\WINDOWS\Tasks

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]

R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-03-25 214024]

R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-10-23 120136]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]

R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2004-08-04 223616]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]

R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]

R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-05 9600]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-01-30 4725760]

R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-03-25 79880]

R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-03-25 35272]

R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-03-25 40552]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-05 12160]

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-05 5888]

R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-07-02 94592]

R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-04 12416]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]

S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys []

S3 dhbbd;dhbbd; \??\C:\WINDOWS\system32\01.tmp []

S3 eurcbxuh;eurcbxuh; \??\C:\WINDOWS\system32\07.tmp []

S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-03-25 34216]

S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []

S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []

S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []

S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []

S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []

S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 xyqdhvxai;xyqdhvxai; \??\C:\WINDOWS\system32\04.tmp []

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]

R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]

R2 Iprip;RIP Listener; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-03-11 210216]

R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2009-01-08 303104]

R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-03-25 797864]

R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-01-09 2482848]

R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-01-09 359952]

R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-03-25 144704]

R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-03-19 884360]

R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-01-09 26640]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-08 171040]

R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\system32\tcpsvcs.exe [2001-10-05 19456]

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]

R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2004-08-04 32768]

R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]

R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-03-24 606736]

S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-02 182768]

S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-04-01 365072]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

S3 p2psvc;Peer Networking; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2004-08-04 8704]

 

-----------------EOF-----------------

 

info.txt logfile of random's system information tool 1.06 2009-06-06 17:06:23

 

======Uninstall list======

 

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Acrobat 5.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}

Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE

Canon MP Navigator 3.1-->"C:\Program Files\Canon\MP Navigator 3.1\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.1\uninst.ini

Canon MP140 series User Registration-->C:\Program Files\Canon\IJEREG\MP140 series\UNINST.EXE

Canon MP140 series-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series /L0x0009

Canon Utilities Easy-LayoutPrint-->C:\Program Files\Canon\Easy-LayoutPrint\uninst.exe uninst.ini

Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

Drawing for Children 2.2-->C:\Program Files\Drawing for Children\Uninstal.exe

Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall

Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}

High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}

Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall

Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}

McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe

Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Mozilla Firefox (3.0.10)-->C:\Documents and Settings\Abi\My Documents\Mozilla Firefox\uninstall\helper.exe

MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MyPlayCity Toolbar-->C:\PROGRA~1\MYPLAY~1\UNWISE.EXE /U C:\PROGRA~1\MYPLAY~1\INSTALL.LOG

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log

RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x0009 -removeonly

Realtek High Definition Audio Driver-->RtlUpd.exe -r -m

Ringed Racing Fun-->"C:\Program Files\MyPlayCity.com\Ringed Racing Fun\unins000.exe"

Sammy Suricate Demo-->C:\PROGRA~1\SAMMYS~1\UNWISE.EXE C:\PROGRA~1\SAMMYS~1\INSTALL.LOG

ScanSoft OmniPage SE 4-->MsiExec.exe /I{DEE88727-779B-47A9-ACEF-F87CA5F92A65}

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

Skype™ 4.0-->MsiExec.exe /I{375943E2-B268-4AD7-B7A4-0FD90E9C2AC7}

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919}

Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}

Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}

Zahra Coloring Game-->"C:\WINDOWS\Zahra Coloring Game\uninstall.exe" "/U:C:\Program Files\Zahra Coloring Game\Uninstall\uninstall.xml"

 

======Security center information======

 

AV: AntiVir Desktop (disabled) (outdated)

AV: McAfee VirusScan

FW: McAfee Personal Firewall

 

======System event log======

 

Computer Name: FAMILY-3DBCF2DE

Event Code: 7000

Message: The crd service failed to start due to the following error:

The system cannot find the path specified.

 

 

Record Number: 6059

Source Name: Service Control Manager

Time Written: 20090318125643.000000+180

Event Type: error

User:

 

Computer Name: FAMILY-3DBCF2DE

Event Code: 7023

Message: The Security Image service terminated with the following error:

A dynamic link library (DLL) initialization routine failed.

 

 

Record Number: 6036

Source Name: Service Control Manager

Time Written: 20090318113245.000000+180

Event Type: error

User:

 

Computer Name: FAMILY-3DBCF2DE

Event Code: 7000

Message: The crd service failed to start due to the following error:

The system cannot find the path specified.

 

 

Record Number: 6035

Source Name: Service Control Manager

Time Written: 20090318113245.000000+180

Event Type: error

User:

 

Computer Name: FAMILY-3DBCF2DE

Event Code: 7023

Message: The Security Image service terminated with the following error:

A dynamic link library (DLL) initialization routine failed.

 

 

Record Number: 6013

Source Name: Service Control Manager

Time Written: 20090318001004.000000+180

Event Type: error

User:

 

Computer Name: FAMILY-3DBCF2DE

Event Code: 7000

Message: The crd service failed to start due to the following error:

The system cannot find the path specified.

 

 

Record Number: 6012

Source Name: Service Control Manager

Time Written: 20090318001004.000000+180

Event Type: error

User:

 

=====Application event log=====

 

Computer Name: FAMILY-3DBCF2DE

Event Code: 1002

Message: Hanging application HorseLand.exe, version 11.0.0.426, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Record Number: 456

Source Name: Application Hang

Time Written: 20090121223345.000000+180

Event Type: error

User:

 

Computer Name: FAMILY-3DBCF2DE

Event Code: 1002

Message: Hanging application HorseLand.exe, version 11.0.0.426, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

Record Number: 455

Source Name: Application Hang

Time Written: 20090121222402.000000+180

Event Type: error

User:

 

Computer Name: FAMILY-3DBCF2DE

Event Code: 1517

Message: Windows saved user FAMILY-3DBCF2DE\Omi registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

 

 

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

 

Record Number: 445

Source Name: Userenv

Time Written: 20090121202508.000000+180

Event Type: warning

User: NT AUTHORITY\SYSTEM

 

Computer Name: FAMILY-3DBCF2DE

Event Code: 1517

Message: Windows saved user FAMILY-3DBCF2DE\Omi registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

 

 

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

 

Record Number: 429

Source Name: Userenv

Time Written: 20090121172826.000000+180

Event Type: warning

User: NT AUTHORITY\SYSTEM

 

Computer Name: FAMILY-3DBCF2DE

Event Code: 1517

Message: Windows saved user FAMILY-3DBCF2DE\Abi registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

 

 

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

 

Record Number: 419

Source Name: Userenv

Time Written: 20090121011026.000000+180

Event Type: warning

User: NT AUTHORITY\SYSTEM

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel

"PROCESSOR_REVISION"=0f0d

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

 

-----------------EOF-----------------

[Falkra]

Infecté, tout ça. Je transfère.

 

Tu as McAfee et antivir, ça va te ralentir considérablement ta machine. Il ne faut en avoir qu'un des deux !

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

• Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  
• Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  
• Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  
• Sélectionne "Exécuter un examen rapide"
  
• Clique sur "Rechercher"
  
• L'analyse démarre.
  
• A la fin de l'analyse (mais ce n'est pas fini), un message s'affiche :

  L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi. N'oublie pas la suite.
  
• Ferme tes navigateurs.
  
• Si des malwares ont été détectés, clique sur Afficher les résultats.
  Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.
  

 

NB : Si MBAM te demande à redémarrer, fais-le.

[Titso]

Salut,

 

Voici le rapport d'analyse de MBAM :

 

Malwarebytes' Anti-Malware 1.37

Version de la base de données: 2237

Windows 5.1.2600 Service Pack 2

 

06/06/2009 18:59:57

mbam-log-2009-06-06 (18-59-57).txt

 

Type de recherche: Examen rapide

Eléments examinés: 106193

Temps écoulé: 8 minute(s), 53 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 1

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 2

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

c:\WINDOWS\system32\nmdfgds0.dll (Spyware.OnLineGames) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\nmdfgds1.dll (Spyware.OnLineGames) -> Quarantined and deleted successfully.

 

 

Ensuite j'aimerai savoir quand dois-je utiliser le MBAM? Et peux-tu me conseiller sur des sites de jeux a éviter?

 

Merci pour ton aide c'est sympa et rapide.

[Falkra]

Ensuite j'aimerai savoir quand dois-je utiliser le MBAM? Et peux-tu me conseiller sur des sites de jeux a éviter?

tu peux faire ce scan rapide une ofis par semaine, ou ponctuellement si tu crains une infection. Il faut faire la mise à jour avant chaque scan. C'est un outil tout public, contrairement à certains utilisés pour nettoyer les machines.

Le module résident (qui tourne à l'arrière plan) est payant, mais le programme fonctionne en mode gratuit, ce module ne s'active simplement pas. Du coup dans sa version gratuite il cohabite avec tout, en tant que scanneur à la demande.

Spybot et Ad-aware sont de conception obsolète, le modèle de MBAM est bien plus pertinent face aux infections actuelles, et donne d'excellents résultats.

 

 

on doit continuer pour nettoyer le reste de la machine. Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure ou seul : dangereux. Suis bien les instructions suivantes :

 

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

• Assure toi que tous les programmes sont fermés avant de commencer.
  
• Désactive l'antivirus, sinon combofix va te mettre un message (sinon, dis ok au message).
  
• Double-clique combofix.exe afin de l'exécuter.
  
• Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  
• Si on te propose de redémarrer parc qu'un rootkit a été trouvé, fais-le.
  
• On va te proposer de télécharger et installer la console de récupération, clique sur "Oui" au message, autorise le téléchargement dans ton firewall si demandé, puis accepte le message de contrat utilisateur final.
  
• Le bureau disparaît, c'est normal, et il va revenir.
  
• Ne ferme pas la fenêtre qui s'ouvre, tu te retrouverais avec un bureau vide.
  
• Lorsque l'analyse sera terminée, un rapport apparaîtra.
  
• Copie-colle ce rapport dans ta prochaine réponse.
  Le rapport se trouve dans : C:\Combofix.txt (si jamais).
  

[Titso]

Salut,

 

Lorsque je télécharge combofix.exe, un message me dit : C:\Documents and Settings\Abi\Desktop\ComboFix.exe ne pourra être enregistré car le fichier source ne peut être lu.

 

Réessayez plus tard ou contactez l'administrateur du serveur.

 

Que faire?

[Titso]

Salut, c'est ok, voici le rapport :

 

ComboFix 09-06-05.07 - Abi 06/06/2009 20:11.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.640 [GMT 3:00]

Running from: c:\documents and settings\Abi\Desktop\ComboFix.exe

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

* Resident AV is active

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Autorun.inf

c:\windows\system32\Cache

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_IPRIP

-------\Service_AVPsys

-------\Service_Iprip

 

 

((((((((((((((((((((((((( Files Created from 2009-05-06 to 2009-06-06 )))))))))))))))))))))))))))))))

.

 

2009-06-06 16:32 . 2009-06-06 17:00 -------- d--h--w- c:\windows\$hf_mig$

2009-06-06 15:46 . 2009-06-06 15:46 -------- d-----w- c:\documents and settings\Abi\Application Data\Malwarebytes

2009-06-06 15:45 . 2009-05-26 10:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-06 15:45 . 2009-06-06 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-06-06 15:45 . 2009-06-06 15:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-06-06 15:45 . 2009-05-26 10:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-06 14:04 . 2009-06-06 14:06 -------- d-----w- c:\program files\trend micro

2009-06-06 14:04 . 2009-06-06 14:06 -------- d-----w- C:\rsit

2009-06-03 17:35 . 2009-06-03 17:39 -------- d-----w- c:\program files\Easy MEMOry

2009-06-03 14:44 . 2009-06-03 14:44 -------- d-----w- c:\documents and settings\Omi\Local Settings\Application Data\Google

2009-06-02 11:31 . 2009-06-02 11:31 -------- d-----w- c:\program files\SiteAdvisor

2009-05-31 20:57 . 2009-06-03 14:45 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore

2009-05-31 20:57 . 2009-05-31 20:57 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore

2009-05-31 18:56 . 2009-06-06 17:16 -------- d-----w- c:\documents and settings\Abi\Tracing

2009-05-31 18:55 . 2009-02-06 15:08 55152 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys

2009-05-31 18:54 . 2009-05-31 18:54 -------- d-----w- c:\program files\Microsoft

2009-05-31 18:54 . 2009-05-31 18:54 -------- d-----w- c:\program files\Windows Live SkyDrive

2009-05-31 18:54 . 2009-05-31 18:55 -------- d-----w- c:\program files\Windows Live

2009-05-31 18:09 . 2009-05-31 18:09 -------- d-----w- c:\program files\Common Files\Windows Live

2009-05-31 15:30 . 2009-05-31 15:30 -------- d-----w- c:\program files\Common Files\xing shared

2009-05-31 15:30 . 2009-05-31 15:30 -------- d-----w- c:\program files\Real

2009-05-31 15:29 . 2009-05-31 15:30 -------- d-----w- c:\program files\Common Files\Real

2009-05-31 15:28 . 2009-06-06 17:15 -------- d-----w- c:\program files\Google

2009-05-31 12:26 . 2009-05-31 12:26 86576 ----a-w- c:\documents and settings\Abi\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe

2009-05-31 12:26 . 2009-05-31 12:26 392728 ----a-w- c:\documents and settings\Abi\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll

2009-05-31 12:26 . 2009-05-31 12:26 135680 ----a-w- c:\documents and settings\Abi\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

2009-05-31 12:26 . 2009-05-31 12:26 132672 ----a-w- c:\documents and settings\Abi\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe

2009-05-31 12:05 . 2009-03-24 13:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-05-30 14:02 . 2009-06-06 17:14 -------- d-----w- c:\documents and settings\Abi\Application Data\Skype

2009-05-30 14:02 . 2009-05-30 14:02 -------- d-----r- c:\program files\Skype

2009-05-30 14:02 . 2009-05-30 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2009-05-29 20:44 . 2009-05-29 21:46 -------- d-----w- c:\documents and settings\Abi\Application Data\MSNInstaller

2009-05-29 20:22 . 2009-05-29 20:22 1024 ---h--r- c:\windows\system32\NTIMPEG2.dll

2009-05-29 20:22 . 2009-05-29 20:22 1024 ---h--r- c:\windows\system32\NTIMP3.dll

2009-05-29 20:22 . 2009-05-29 20:22 1024 ---h--r- c:\windows\system32\NTICDMK7.dll

2009-05-29 20:13 . 2006-03-03 08:07 143360 ----a-w- c:\windows\system32\dunzip32.dll

2009-05-29 20:12 . 2009-03-25 08:05 34216 ----a-w- c:\windows\system32\drivers\mferkdk.sys

2009-05-29 20:12 . 2009-03-25 08:06 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys

2009-05-29 20:12 . 2009-03-25 08:06 79880 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2009-05-29 20:12 . 2009-03-25 08:06 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2009-05-29 20:12 . 2009-03-25 08:06 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2009-05-29 20:12 . 2008-10-23 10:08 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys

2009-05-29 20:11 . 2009-05-29 20:12 -------- d-----w- c:\program files\McAfee.com

2009-05-29 20:11 . 2009-05-29 20:12 -------- d-----w- c:\program files\Common Files\McAfee

2009-05-29 20:11 . 2009-06-02 17:52 -------- d-----w- c:\program files\McAfee

2009-05-29 20:08 . 2009-05-29 20:08 -------- d-----w- c:\windows\IIS Temporary Compressed Files

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-06 16:12 . 2009-01-15 18:01 -------- d-----w- c:\program files\Common Files\Adobe

2009-06-02 11:54 . 2009-01-15 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2009-06-01 11:04 . 2009-01-15 18:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor

2009-05-31 18:55 . 2009-01-15 18:26 58080 ----a-w- c:\documents and settings\Abi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-05-31 15:30 . 2003-03-18 17:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

2009-05-31 15:30 . 2003-02-21 01:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

2009-05-30 12:30 . 2009-03-21 13:36 -------- d-----w- c:\program files\Zahra Coloring Game

2009-03-25 20:53 . 2009-03-25 20:40 343218 ----a-w- c:\windows\zomorroda_clock5.scr

2009-03-25 20:49 . 2009-03-25 20:49 376963 ----a-w- c:\windows\zomorroda_clock4.scr

2009-03-25 20:48 . 2009-03-25 20:48 374566 ----a-w- c:\windows\zomorroda_clock1.scr

2009-03-25 20:47 . 2009-03-25 20:47 373285 ----a-w- c:\windows\zomorroda_clock2.scr

2009-03-25 20:39 . 2009-03-25 20:39 375051 ----a-w- c:\windows\zomorroda_clock3.scr

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24267560]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]

"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-31 198160]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-01-29 16859648]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\Abi\Start Menu\Programs\Startup\

Notification de cadeaux MSN.lnk - c:\documents and settings\Abi\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-5-31 135680]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4192:TCP"= 4192:TCP:pvavb

"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping

"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

 

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [31/05/2009 21:55 55152]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [31/05/2009 23:18 210216]

S2 ldafvbkjq;Security Image;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 10:56 14336]

S3 eurcbxuh;eurcbxuh;\??\c:\windows\system32\07.tmp --> c:\windows\system32\07.tmp [?]

S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]

S3 xyqdhvxai;xyqdhvxai;\??\c:\windows\system32\04.tmp --> c:\windows\system32\04.tmp [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ldafvbkjq

.

Contents of the 'Scheduled Tasks' folder

 

2009-05-29 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-29 07:53]

 

2009-05-31 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-29 07:53]

.

- - - - ORPHANS REMOVED - - - -

 

SafeBoot-procexp90.Sys

 

 

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-06 20:16

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\eurcbxuh]

"ImagePath"="\??\c:\windows\system32\07.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xyqdhvxai]

"ImagePath"="\??\c:\windows\system32\04.tmp"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'explorer.exe'(3616)

c:\program files\McAfee\SiteAdvisor\saHook.dll

c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll

c:\windows\system32\msi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\inetsrv\inetinfo.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\system32\tcpsvcs.exe

c:\windows\system32\snmp.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2009-06-06 20:18 - machine was rebooted

ComboFix-quarantined-files.txt 2009-06-06 17:18

 

Pre-Run: 151 560 908 800 bytes free

Post-Run: 152 623 656 960 bytes free

 

191 --- E O F --- 2009-06-06 16:32