Spyware secure, security center intempestif
Dernière réponse : dans Sécurité et virus
Spmsk8
22 Juin 2008 10:13:45
J'ai vu que ce probleme est arrivé a beaucoup de personne du forum pouvez vous m'aider a partir de zero à enlever ces pub spyware secure etc.. il y a aussi des icones auquels je n'oserais pas cliquer qui apparraissent sans arret sur mon bureau.
Merci d'avance![:hello:]( ":hello:")
Merci d'avance
Autres pages sur : spyware secure security center intempestif
bonjour
1
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
2
Télécharge Navilog1.exe (IL-MAFIOSO)
Enregistre-le sur ton Bureau.
Lance l'installation en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)
Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
[#ff0000]! N'utilise pas l'option 2, 3 et 4 sans notre accord ![/#f]
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :
-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse
NOTE : Le rapport se trouve également ici : C:\fixnavi.txt
1
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
2
Télécharge Navilog1.exe (IL-MAFIOSO)
Enregistre-le sur ton Bureau.
Lance l'installation en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)
Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
[#ff0000]! N'utilise pas l'option 2, 3 et 4 sans notre accord ![/#f]
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :
-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse
NOTE : Le rapport se trouve également ici : C:\fixnavi.txt
Spmsk8
22 Juin 2008 10:32:37
Rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:33:13, on 22/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\TF1Vision\TF1vision.exe
C:\Program Files\pspvideo9\pspVideo9.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Windows\RtHDVCpl.exe
C:\Sys17D7.exe
C:\Sys1806.exe
C:\Sys1844.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Users\Matt\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\GrabIt\GrabIt.exe
C:\Program Files\GrabIt\external\unrar\unrar.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jeuxvideo.com/etajvbis.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Sys1789.exe] C:\Sys1789.exe
O4 - HKLM\..\Run: [Sys17D7.exe] C:\Sys17D7.exe
O4 - HKLM\..\Run: [Sys1806.exe] C:\Sys1806.exe
O4 - HKLM\..\Run: [Sys1844.exe] C:\Sys1844.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Matt\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [e] ˆexe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5203] command /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD612] cmd /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB551] command /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8944] cmd /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7577] command /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8186] cmd /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6854] command /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD183] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4326] command /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1677] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7433] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3923] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1068] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7744] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7030] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3144] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9231] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3158] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5180] command /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD636] cmd /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9827] command /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2567] cmd /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{62F2D224-FF6A-436F-8617-2EDC58693E7F}: NameServer = 212.27.32.176,212.27.32.177
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
--
End of file - 10997 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:33:13, on 22/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\TF1Vision\TF1vision.exe
C:\Program Files\pspvideo9\pspVideo9.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Windows\RtHDVCpl.exe
C:\Sys17D7.exe
C:\Sys1806.exe
C:\Sys1844.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Users\Matt\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\GrabIt\GrabIt.exe
C:\Program Files\GrabIt\external\unrar\unrar.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jeuxvideo.com/etajvbis.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Sys1789.exe] C:\Sys1789.exe
O4 - HKLM\..\Run: [Sys17D7.exe] C:\Sys17D7.exe
O4 - HKLM\..\Run: [Sys1806.exe] C:\Sys1806.exe
O4 - HKLM\..\Run: [Sys1844.exe] C:\Sys1844.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Matt\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [e] ˆexe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5203] command /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD612] cmd /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB551] command /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8944] cmd /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7577] command /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8186] cmd /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6854] command /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD183] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4326] command /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1677] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7433] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3923] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1068] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7744] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7030] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3144] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9231] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3158] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5180] command /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD636] cmd /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9827] command /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2567] cmd /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{62F2D224-FF6A-436F-8617-2EDC58693E7F}: NameServer = 212.27.32.176,212.27.32.177
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
--
End of file - 10997 bytes
Contenus similaires
- Problème avec Spyware Guard 2009 et Windows Security Center - Forum
- Alerte "Windows security center" +lancement "SPYWARE GUARD 2008" - Forum
- Spyware Internet sécurity center - Forum
- [Résolu] Windows security center ( Spyware ) - Forum
- [Résolu] Fenetre Windows security center alert! --> Spyware + tte fenetres admin - Forum
- [résolu] virus Windows sécurity alerte - SPYWARE-SECURE !! - Forum
Spmsk8
22 Juin 2008 10:36:11
re
C'est Vista...
avant de recommencer, tu vas redémarrer pour que Spybot (que tu as lancé termine ce qu'il faisait)
puis:
désinstalle ta version de Navilog1 et supprime:
C:\Program Files\Navilog1
Installation :
Désactive l'UAC-User Account Control -contrôle des comptes utilisateurs (surtout, bien penser à le réactiver après la désinfection).
Démarrer > Panneau de Configuration
Double clique sur l'icône Comptes d'utilisateurs
Clique ensuite sur Désactiver et valide.
Télécharge maintenant Navilog1 depuis-ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Clique-droit sur le lien ci-dessus et choisis Enregistrer la cible (du lien) sous... et range le sur ton Bureau.
Clique-droit sur navilog1.exe et choisis "Exécuter en tant que... Administrateur" pour l'installer.
Attends la fin de l'installation.
======================================
Option #1 :
Assure-toi que l'UAC-User Account Control -contrôle des comptes utilisateurs est bien désactivé.
Clique-droit sur le raccourci Navilog1 sur le Bureau et choisis "Exécuter en tant que... Administrateur".
Sur le menu principal, choisis 1.
Suis les instructions et patiente.
Patiente jusqu'au message *** Analyse terminée le ….*** (il se peut que ça prenne un certain temps).
Appuie sur une touche ainsi que demandé.
Un document du Bloc-notes est créé : fixnavi.txt.
Copie/colle le contenu de ce compte-rendu dans ta prochaine réponse.
Referme le Bloc-notes.
Le rapport fixnavi.txt est également sauvegardé dans %systemdrive%. (en général C:\)
C'est Vista...
avant de recommencer, tu vas redémarrer pour que Spybot (que tu as lancé termine ce qu'il faisait)
puis:
désinstalle ta version de Navilog1 et supprime:
C:\Program Files\Navilog1
Installation :
Désactive l'UAC-User Account Control -contrôle des comptes utilisateurs (surtout, bien penser à le réactiver après la désinfection).
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
======================================
Option #1 :
Assure-toi que l'UAC-User Account Control -contrôle des comptes utilisateurs est bien désactivé.
Clique-droit sur le raccourci Navilog1 sur le Bureau et choisis "Exécuter en tant que... Administrateur".
Le rapport fixnavi.txt est également sauvegardé dans %systemdrive%. (en général C:\)
Spmsk8
22 Juin 2008 11:02:37
Spmsk8
22 Juin 2008 11:03:25
Search Navipromo version 3.5.8 commencé le 22/06/2008 à 9:54:27,78
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Matt"
Mise à jour le 06.06.2008 à 18h00 par IL-MAFIOSO
Microsoft Windows Vista 6.0.6001
Internet Explorer : 7.0.6001.18000
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\Windows" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\ProgramData" ***
*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***
*** Recherche dossiers dans "c:\users\matt\appdata\roaming\micros~1\windows\startm~1\programs" ***
*** Recherche dossiers dans "C:\Users\Matt\AppData\Local\virtualstore\Program Files" ***
*** Recherche dossiers dans "C:\Users\Matt\AppData\Roaming" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\Windows\system32" *
* Recherche dans "C:\Users\Matt\AppData\Local\Microsoft" *
* Recherche dans "C:\Users\Matt\AppData\Local\virtualstore\windows\system32" *
* Recherche dans "C:\Users\Matt\AppData\Local" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\Windows\system32" :
* Dans "C:\Users\Matt\AppData\Local\Microsoft" :
* Dans "C:\Users\Matt\AppData\Local\virtualstore\windows\system32" :
* Dans "C:\Users\Matt\AppData\Local" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
*** Analyse terminée le 22/06/2008 à 10:06:12,20 ***
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Matt"
Mise à jour le 06.06.2008 à 18h00 par IL-MAFIOSO
Microsoft Windows Vista 6.0.6001
Internet Explorer : 7.0.6001.18000
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\Windows" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\ProgramData" ***
*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***
*** Recherche dossiers dans "c:\users\matt\appdata\roaming\micros~1\windows\startm~1\programs" ***
*** Recherche dossiers dans "C:\Users\Matt\AppData\Local\virtualstore\Program Files" ***
*** Recherche dossiers dans "C:\Users\Matt\AppData\Roaming" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\Windows\system32" *
* Recherche dans "C:\Users\Matt\AppData\Local\Microsoft" *
* Recherche dans "C:\Users\Matt\AppData\Local\virtualstore\windows\system32" *
* Recherche dans "C:\Users\Matt\AppData\Local" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\Windows\system32" :
* Dans "C:\Users\Matt\AppData\Local\Microsoft" :
* Dans "C:\Users\Matt\AppData\Local\virtualstore\windows\system32" :
* Dans "C:\Users\Matt\AppData\Local" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
*** Analyse terminée le 22/06/2008 à 10:06:12,20 ***
re
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
ajoute un nouveau rapport Hijackthis.
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
ajoute un nouveau rapport Hijackthis.
Spmsk8
22 Juin 2008 11:41:27
Combofix :
ComboFix 08-06-20.4 - Matt 2008-06-22 10:21:27.3 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1033.18.1232 [GMT 1:00]
Running from: C:\Users\Matt\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))
.
2058-03-30 12:11 . 2058-03-30 12:11 <REP> d-------- C:\Program Files\Guitar Pro 5
2008-06-22 09:55 . 2008-06-16 17:18 3,262 --a------ C:\Windows\System32\sex2.ico
2008-06-22 09:53 . 2008-06-22 10:06 <REP> d-------- C:\Program Files\Navilog1
2008-06-22 09:51 . 2008-06-16 17:18 31,744 --a------ C:\Sys880C.exe
2008-06-22 09:51 . 2008-06-16 17:18 31,744 --a------ C:\Sys8174.exe
2008-06-22 09:51 . 2008-06-16 17:18 31,744 --a------ C:\Sys8116.exe
2008-06-22 09:51 . 2008-06-16 17:18 30,208 --a------ C:\Sys824F.exe
2008-06-22 09:51 . 2008-06-16 17:18 3,262 --a------ C:\Windows\System32\sex1.ico
2008-06-21 22:23 . 2008-06-21 22:23 944 --a------ C:\Windows\wininit.ini
2008-06-21 22:04 . 2008-06-21 22:24 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-06-21 22:04 . 2008-06-21 22:24 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-06-21 22:04 . 2008-06-21 22:04 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-21 18:42 . 2008-06-21 18:42 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-06-21 18:42 . 2008-06-21 18:42 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-06-21 12:39 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-06-21 12:39 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-06-21 12:39 . 2008-05-29 09:35 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-06-21 12:39 . 2008-05-18 21:40 82,944 --a------ C:\Windows\System32\IEDFix.exe
2008-06-21 12:39 . 2008-06-15 15:28 81,920 --a------ C:\Windows\System32\IEDFix.C.exe
2008-06-21 12:39 . 2008-05-23 18:21 81,920 --a------ C:\Windows\System32\404Fix.exe
2008-06-21 12:39 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-06-21 12:39 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-06-21 12:39 . 2008-06-21 12:39 3,774 --a------ C:\Windows\System32\tmp.reg
2008-06-21 12:35 . 2008-06-21 12:35 <REP> d-------- C:\Program Files\Trend Micro
2008-06-21 12:09 . 2008-06-21 12:09 <REP> d-------- C:\Program Files\Yahoo!
2008-06-21 11:55 . 2008-06-21 11:55 <REP> d-------- C:\PerfLogs
2008-06-21 10:22 . 2008-06-21 10:22 <REP> d-------- C:\Program Files\VAV
2008-06-21 10:22 . 2008-06-21 10:22 <REP> d-------- C:\Program Files\PCHealthCenter
2008-06-21 10:22 . 2008-06-16 17:18 31,744 --a------ C:\Sys17D7.exe
2008-06-21 10:22 . 2008-06-16 17:18 31,744 --a------ C:\Sys1789.exe
2008-06-21 10:22 . 2008-06-16 17:18 30,720 --a------ C:\Sys1844.exe
2008-06-21 10:22 . 2008-06-16 17:18 30,208 --a------ C:\Sys1806.exe
2008-06-21 09:58 . 2007-11-14 15:18 553 -r------- C:\Windows\USetup.iss
2008-06-21 09:56 . 2008-06-21 09:56 <REP> d-------- C:\Program Files\Realtek
2008-06-21 09:54 . 2008-06-21 09:54 <REP> d-------- C:\Medion
2008-06-15 05:40 . 2008-04-23 05:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-15 05:40 . 2008-04-23 05:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-15 05:40 . 2008-04-23 05:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-15 05:40 . 2008-01-19 08:33 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-06-15 05:40 . 2008-01-19 08:33 69,632 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-06-15 05:39 . 2008-04-23 05:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-14 16:31 . 2008-06-14 16:31 <REP> d-------- C:\pandora
2008-06-11 11:31 . 2008-04-25 03:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-11 11:31 . 2008-04-26 09:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 11:31 . 2008-04-25 05:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-11 11:31 . 2008-05-10 02:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-10 21:26 . 2008-06-21 10:24 <REP> d-------- C:\Program Files\Trials 2 Second Edition
2008-06-10 17:23 . 2008-06-10 17:26 <REP> d-------- C:\wamp
2008-06-04 17:10 . 2008-06-04 18:19 <REP> d-------- C:\Users\Matt\AppData\Roaming\Notepad++
2008-06-04 17:10 . 2008-06-04 17:10 <REP> d-------- C:\Program Files\Notepad++
2008-06-04 12:24 . 2008-06-04 12:26 <REP> d-------- C:\Users\Matt\Fonts
2008-06-01 16:08 . 2008-06-01 16:08 <REP> d-------- C:\Windows\PixArt
2008-05-31 23:40 . 2008-05-31 23:59 <REP> d-------- C:\Users\All Users\FLEXnet
2008-05-31 23:40 . 2008-05-31 23:59 <REP> d-------- C:\ProgramData\FLEXnet
2008-05-31 23:30 . 2008-05-31 23:30 <REP> d-------- C:\Program Files\Bonjour
2008-05-31 23:21 . 2008-05-31 23:21 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-31 23:18 . 2008-01-19 08:43 3,600,440 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-05-31 23:18 . 2008-01-19 08:43 3,548,728 --a------ C:\Windows\System32\ntoskrnl.exe
2008-05-31 23:18 . 2008-01-19 08:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
2008-05-31 23:18 . 2008-01-19 08:36 1,541,120 --a------ C:\Windows\System32\onex.dll
2008-05-31 23:18 . 2008-01-19 08:42 51,768 --a------ C:\Windows\System32\PSHED.DLL
2008-05-31 23:16 . 2008-01-19 08:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-05-31 23:15 . 2008-01-19 08:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-05-31 23:14 . 2008-01-19 07:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-05-31 23:13 . 2008-01-19 08:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-05-31 23:13 . 2008-01-05 12:31 145,455 --a------ C:\Windows\System32\perfmon.msc
2008-05-31 23:13 . 2008-01-05 12:32 120,458 --a------ C:\Windows\System32\secpol.msc
2008-05-31 23:13 . 2008-01-05 12:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-05-31 23:12 . 2008-01-19 08:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-05-31 23:12 . 2008-01-19 08:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-05-31 23:12 . 2008-01-19 08:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-05-31 23:11 . 2008-01-19 08:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-05-31 23:11 . 2008-01-19 08:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-05-31 23:11 . 2008-01-19 08:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-05-31 23:11 . 2008-01-19 08:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-05-31 23:11 . 2008-01-19 08:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-05-31 23:11 . 2008-01-19 08:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-05-31 22:40 . 2008-05-31 22:40 <REP> d-------- C:\Program Files\LaBoiteACouleurs
2008-05-28 11:47 . 2008-03-08 03:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 11:47 . 2008-03-08 05:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-26 22:12 . 2008-05-26 22:14 <REP> d-------- C:\Program Files\Dofus
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-22 08:51 --------- d-----w C:\Users\Matt\AppData\Roaming\OpenOffice.org2
2008-06-22 08:39 --------- d-----w C:\Users\Matt\AppData\Roaming\GrabIt
2008-06-21 11:05 --------- d-----w C:\ProgramData\NVIDIA
2008-06-21 11:04 174 --sha-w C:\Program Files\desktop.ini
2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Mail
2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Journal
2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Defender
2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Calendar
2008-06-21 10:29 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-21 10:29 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-21 08:56 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-06-21 08:56 315,392 ----a-w C:\Windows\HideWin.exe
2008-06-21 08:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-14 09:05 --------- d-----w C:\ProgramData\TrackMania
2008-06-11 20:45 --------- d-----w C:\Users\Matt\AppData\Roaming\FileZilla
2008-06-11 05:19 --------- d-----w C:\Program Files\Common Files\Steam
2008-06-10 20:26 --------- d-----w C:\Program Files\OpenAL
2008-06-10 16:44 --------- d-----w C:\Users\Matt\AppData\Roaming\Azureus
2008-05-31 22:30 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-30 19:47 --------- d-----w C:\Users\Matt\AppData\Roaming\teamspeak2
2008-05-27 16:32 --------- d-----w C:\Users\Matt\AppData\Roaming\skypePM
2008-05-27 16:32 --------- d-----w C:\Users\Matt\AppData\Roaming\Skype
2008-05-21 19:41 --------- d-----w C:\Program Files\Savage 2 - A Tortured Soul
2008-05-20 08:59 28 ------r C:\Windows\system32\drivers\VERSION.DAT
2008-05-19 20:21 --------- d-----w C:\Program Files\AGEIA Technologies
2008-05-19 20:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-19 19:58 --------- d-----w C:\Program Files\d3
2008-05-18 20:17 --------- d-----w C:\Users\Matt\AppData\Roaming\mIRC
2008-05-16 16:42 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-15 17:53 --------- d-----w C:\ProgramData\Pinnacle VideoSpin
2008-05-15 17:51 --------- d-----w C:\ProgramData\VideoSpin
2008-05-15 17:51 --------- d-----w C:\Program Files\Pinnacle
2008-05-15 17:51 --------- d-----w C:\Program Files\Common Files\Yahoo!
2008-05-15 17:48 --------- d-----w C:\ProgramData\Pinnacle
2008-05-15 17:41 --------- d-----w C:\Program Files\Movie Maker 2.6
2008-05-15 16:47 --------- d-----w C:\Program Files\DVDVideoSoft
2008-05-15 16:47 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-05-14 16:04 --------- d-----w C:\Program Files\pspvideo9
2008-05-14 16:04 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-14 06:08 --------- d-----w C:\ProgramData\Codemasters
2008-05-13 20:34 444,952 ----a-w C:\Windows\System32\wrap_oal.dll
2008-05-13 20:34 109,080 ----a-w C:\Windows\System32\OpenAL32.dll
2008-05-13 20:25 --------- d-----w C:\Program Files\Codemasters
2008-05-07 18:22 2,134,424 ----a-w C:\Windows\system32\drivers\RTKVHDA.sys
2008-05-07 15:19 694,784 ----a-w C:\Windows\System32\RtkPgExt.dll
2008-05-07 15:19 6,139,904 ----a-w C:\Windows\RtHDVCpl.exe
2008-05-07 15:17 2,172,928 ----a-w C:\Windows\System32\RtkAPO.dll
2008-05-06 14:29 31,232 ----a-w C:\Windows\System32\RtkCoInst.dll
2008-05-01 10:52 --------- d-----w C:\Program Files\Azureus
2008-04-30 23:19 --------- d-----w C:\Program Files\adslTV
2008-04-30 22:53 --------- d-----w C:\Users\Matt\AppData\Roaming\vlc
2008-04-30 11:18 159,744 ----a-w C:\Windows\System32\MaxxAudioAPO20.dll
2008-04-29 13:55 1,933,312 ----a-w C:\Windows\System32\MaxxAudioEQ.dll
2008-04-29 13:55 1,777,664 ----a-w C:\Windows\System32\WavesLib.dll
2008-04-28 11:29 805,400 ----a-r C:\Windows\System32\tmpC749.tmp
2008-04-28 11:29 805,400 ----a-r C:\Windows\System32\tmpC69C.tmp
2008-04-21 15:21 143,360 ----a-w C:\Windows\System32\FMAPO.dll
2008-04-10 14:06 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-04-10 14:06 22,328 ----a-w C:\Users\Matt\AppData\Roaming\PnkBstrK.sys
2008-04-10 14:06 2,337,865 ----a-w C:\Windows\System32\pbsvc.exe
2008-04-10 14:06 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-04-09 21:24 988,216 ----a-w C:\Windows\System32\winload.exe
2008-04-09 21:24 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-04-09 21:24 615,992 ----a-w C:\Windows\System32\ci.dll
2008-04-09 21:24 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-04-09 21:24 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-04-09 21:24 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-04-09 21:24 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-04-09 21:24 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-04-09 21:24 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-04-09 21:24 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-04-09 21:23 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-04-09 21:23 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-04-02 08:27 1,196,032 ----a-w C:\Windows\RtlUpd.exe
2008-03-30 10:08 1,871 ----a-w C:\Windows\Web\def.htm.vir
2008-03-29 20:10 32 ----a-w C:\Users\All Users\ezsid.dat
2008-03-29 20:10 32 ----a-w C:\ProgramData\ezsid.dat
2008-03-28 09:59 285,216 ----a-w C:\Windows\System32\RtkApoApi.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-21_12.58.26.79 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-21 11:49:59 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-22 08:50:52 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-06-21 11:50:00 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-22 08:50:53 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-06-21 11:50:00 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-06-22 08:50:53 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-06-21 11:51:00 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-22 08:52:57 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-22 08:52:57 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-21 11:50:54 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-22 08:52:52 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-22 08:52:52 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-21 11:46:59 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-22 09:20:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-21 11:46:59 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-22 09:20:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-21 11:46:59 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-22 09:20:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-21 11:07:32 104,742 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-06-22 08:58:45 104,742 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-21 11:07:32 127,318 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-06-22 08:58:45 127,318 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-06-21 11:07:32 595,308 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-06-22 08:58:45 595,308 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-21 11:07:32 676,850 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-06-22 08:58:45 676,850 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-06-21 11:52:00 5,982 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2077877471-3655646624-3498813986-1000_UserData.bin
+ 2008-06-21 12:31:01 6,140 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2077877471-3655646624-3498813986-1000_UserData.bin
- 2008-06-21 11:52:00 48,624 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-21 12:31:01 48,758 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-21 11:51:54 31,398 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-21 21:28:49 32,510 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 08:36 2153472 C:\Windows\System32\oobefldr.dll]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 14:58 495616]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-21 09:30 486856]
"Steam"="C:\Program Files\Valve\Steam\Steam.exe" [2008-03-30 15:59 1271032]
"Octoshape Streaming Services"="C:\Users\Matt\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2006-02-13 17:33 214648]
"e"="ˆexe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 00:19 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 19:05 734264]
"e-TF1"="C:\Program Files\TF1Vision\TF1vision.exe" [2008-03-05 13:47 397312]
"PSPVideo9"="C:\Program Files\pspvideo9\pspVideo9.exe" [2005-10-30 01:56 606208]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe" [2006-11-03 11:01 319488]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 16:19 6139904 C:\Windows\RtHDVCpl.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920]
"Sys880C.exe"="C:\Sys880C.exe" [2008-06-16 17:18 31744]
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.mjpg"= pvmjpg30.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7B586D61-E263-42C4-982F-CBD8D80339A8}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E6179681-68CD-4DDC-A696-EC301B01879E}"= UDP:C:\Program Files\Jeux\Sega\Universe At War Earth Assault\UAWEA.exe:Universe at War Earth Assault
"{F7F7C64D-C0DF-4154-9F7C-3A8D781A886F}"= TCP:C:\Program Files\Jeux\Sega\Universe At War Earth Assault\UAWEA.exe:Universe at War Earth Assault
"{D0186287-43F2-4CDE-A6BB-AE347599BD9C}"= UDP:C:\Program Files\Jeux\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
"{8465163C-6400-46E9-9542-1C4C02EEBD82}"= TCP:C:\Program Files\Jeux\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
"TCP Query User{1A14D1F0-6472-4810-8C93-FC31E93F1BEE}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{126DFC70-6620-40BA-82E4-7EADB12CE6C7}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{D6438CDC-75B5-4764-B540-148BBEE7C7DD}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{92E9D729-E4FF-49C0-8F35-C3C8331369DF}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{E0B60AB5-5191-4018-895C-2BCB1C11429E}"= UDP:C:\Program Files\PKR\pkr.exe![:p]( ":p")
lay PKR
"{C45136A1-7CCD-4929-8D57-BE5754E1BBCF}"= TCP:C:\Program Files\PKR\pkr.exe![:p]( ":p")
lay PKR
"TCP Query User{DD295F2B-A6AF-41DB-BB70-5A4C0C552DE3}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"UDP Query User{A93AAF3B-0CD5-4850-AD14-450269541C2C}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"TCP Query User{6F3730BD-A8F7-43F6-9A0C-31C0B7A621A1}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\counter-strike\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\mattkiller7\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{4C9CFD61-3F96-412E-B7F6-A821880F272F}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\counter-strike\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\mattkiller7\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{07236ED9-4F52-4A59-A5D6-07D4B0D7C850}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{ECD1D14C-6C78-4F59-8484-B903CBA79FE3}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{DB75EC1C-A68B-4FAA-98A0-0AF9A76A55E7}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{11F88FD4-D66B-4693-B25D-17A151AD379E}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{590B3ED6-AA5C-4CF2-A07C-AC5FC7E80ADF}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\condition zero\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\mattkiller7\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{44A7D384-925A-43B6-B28A-DBBAD3D27445}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\condition zero\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\mattkiller7\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{EA63027B-7CD6-465E-ABA9-0F6163A8D146}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{61E7B1D9-1101-44F2-BF97-849C50D707DF}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{85D75DF0-3664-41A5-A8CD-579690D0FDC9}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\mattkiller7\counter-strike source\hl2.exe:hl2
"UDP Query User{FA933BCB-44B3-44DB-82FD-B8845E7C0F49}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\mattkiller7\counter-strike source\hl2.exe:hl2
"TCP Query User{9F55431F-F391-4C3A-ADD3-A2EAA8258A00}C:\\program files\\valve\\steam\\steamapps\\daude13\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\daude13\counter-strike source\hl2.exe:hl2
"UDP Query User{C24DACD8-7BC2-4787-AC8A-1F286295F2F1}C:\\program files\\valve\\steam\\steamapps\\daude13\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\daude13\counter-strike source\hl2.exe:hl2
"{92AFF84E-D42A-4B22-818A-81C1519BB1AC}"= UDP:C:\Windows\System32\PnkBstrA.exe![:p]( ":p")
nkBstrA
"{3698746D-2FBE-4FBF-BB89-F5EC1F4806B1}"= TCP:C:\Windows\System32\PnkBstrA.exe![:p]( ":p")
nkBstrA
"{860CDA12-86A1-46B6-A25B-752CDC75BD81}"= UDP:C:\Windows\System32\PnkBstrB.exe![:p]( ":p")
nkBstrB
"{D8172CA5-18C7-486E-B711-4C31A89735B2}"= TCP:C:\Windows\System32\PnkBstrB.exe![:p]( ":p")
nkBstrB
"{9AFF18EF-9BC5-4F7B-8A3B-F83A6AF95F2E}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{972C8765-AB99-4E57-8F2A-57A9C536442B}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{505EAA90-EA35-47C2-BA9A-8D51FFEC711B}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{5240C1B1-1E1C-4B1D-819C-4285B7024F56}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"TCP Query User{CAE6277B-2FD2-45CA-81B9-FF62D1BDDC0D}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{272C9F65-752D-451B-B761-C5A10D98209C}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{F007F1E6-1495-4E10-8D5F-890D0BDC6DD1}C:\\users\\matt\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= UDP:C:\users\matt\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe![:o]( ":o")
ctoshapeclient.exe
"UDP Query User{B4EA1A8E-1C8E-45C7-AD50-9579C1C15267}C:\\users\\matt\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= TCP:C:\users\matt\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe![:o]( ":o")
ctoshapeclient.exe
"TCP Query User{4FD436DA-34BA-4B3E-A2F7-8B46D3588F3E}C:\\program files\\adsltv\\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv
"UDP Query User{A63B0633-2F64-4853-9AD1-6D05BFEE3AC9}C:\\program files\\adsltv\\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv
"TCP Query User{E13A7EA1-D87B-4098-B793-182B3E80D850}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{3EF1FC25-01DE-4A9A-83C4-513836EED15B}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{DBB81B0C-5D2D-4EFA-B139-5FA53E52B3B2}"= UDP:C:\Program Files\Codemasters\GRID Demo\GRID.exe:GRID Demo
"{C778ACC5-C1EA-4EF6-8083-D7C346B466F4}"= TCP:C:\Program Files\Codemasters\GRID Demo\GRID.exe:GRID Demo
"TCP Query User{82273AB4-6C31-45A4-BB50-7F0630D5809B}C:\\users\\matt\\appdata\\locallow\\garagegames\\iaplayer\\products\\5000\\install\\screwjumperpc.exe"= UDP:C:\users\matt\appdata\locallow\garagegames\iaplayer\products\5000\install\screwjumperpc.exe:screwjumperpc.exe
"UDP Query User{233472B0-A002-4EFF-8BAE-0168C9638A91}C:\\users\\matt\\appdata\\locallow\\garagegames\\iaplayer\\products\\5000\\install\\screwjumperpc.exe"= TCP:C:\users\matt\appdata\locallow\garagegames\iaplayer\products\5000\install\screwjumperpc.exe:screwjumperpc.exe
"{E0A7B9FF-2807-45B7-A22D-928C6F1E91BF}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{3688F6EB-D355-4EB6-8D87-FD00126ABF9C}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{01697CD4-48F6-4360-969B-204EE5E55B8E}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe![:p]( ":p")
MSRegisterFile
"{0A16CA36-9254-47F2-A5A8-8864166AFD85}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe![:p]( ":p")
MSRegisterFile
"{B1597868-F18C-49BD-AD67-7438AC69EEB3}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{48993F2A-33A9-47B2-B01A-895E3E8D98AA}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{3DF5794C-604F-49B9-A908-DFF869418BC8}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe![:p]( ":p")
innacle VideoSpin
"{B2653C09-E448-4B95-A1FF-5DD340F3E959}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe![:p]( ":p")
innacle VideoSpin
"TCP Query User{F3ED59D0-EE9A-43D9-9CFC-A5BFB07BD092}C:\\program files\\savage 2 - a tortured soul\\savage2.exe"= UDP:C:\program files\savage 2 - a tortured soul\savage2.exe:savage2
"UDP Query User{A0070EB7-A348-4086-9F62-EA00F59ED9D1}C:\\program files\\savage 2 - a tortured soul\\savage2.exe"= TCP:C:\program files\savage 2 - a tortured soul\savage2.exe:savage2
"TCP Query User{9732088F-9118-4BBC-BFE0-C36D8714224D}C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= UDP:C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
"UDP Query User{101EE57F-4AC4-42A1-B066-A8EF2BE8AAF8}C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= TCP:C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 00:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 00:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 00:18]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 11:34]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-10 19:13]
S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe wampmysqld []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{276be7d8-fb30-11dc-bc69-001617e6b829}]
\shell\AutoRun\command - I:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43e73afe-f92d-11dc-b5af-806e6f6e6963}]
\shell\AutoRun\command - E:\Lance.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4542a2ce-318d-11dd-b35a-001617e6b829}]
\shell\AutoRun\command - K:\LaunchU3.exe -a
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 10:23:08
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\RocketDock\RocketDock.dll
.
Completion time: 2008-06-22 10:24:03
ComboFix-quarantined-files.txt 2008-06-22 09:23:59
ComboFix2.txt 2008-06-21 11:58:50
Pre-Run: 86,702,063,616 octets libres
Post-Run: 86,660,624,384 octets libres
340 --- E O F --- 2008-06-21 10:32:10
ComboFix 08-06-20.4 - Matt 2008-06-22 10:21:27.3 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1033.18.1232 [GMT 1:00]
Running from: C:\Users\Matt\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))
.
2058-03-30 12:11 . 2058-03-30 12:11 <REP> d-------- C:\Program Files\Guitar Pro 5
2008-06-22 09:55 . 2008-06-16 17:18 3,262 --a------ C:\Windows\System32\sex2.ico
2008-06-22 09:53 . 2008-06-22 10:06 <REP> d-------- C:\Program Files\Navilog1
2008-06-22 09:51 . 2008-06-16 17:18 31,744 --a------ C:\Sys880C.exe
2008-06-22 09:51 . 2008-06-16 17:18 31,744 --a------ C:\Sys8174.exe
2008-06-22 09:51 . 2008-06-16 17:18 31,744 --a------ C:\Sys8116.exe
2008-06-22 09:51 . 2008-06-16 17:18 30,208 --a------ C:\Sys824F.exe
2008-06-22 09:51 . 2008-06-16 17:18 3,262 --a------ C:\Windows\System32\sex1.ico
2008-06-21 22:23 . 2008-06-21 22:23 944 --a------ C:\Windows\wininit.ini
2008-06-21 22:04 . 2008-06-21 22:24 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-06-21 22:04 . 2008-06-21 22:24 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-06-21 22:04 . 2008-06-21 22:04 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-21 18:42 . 2008-06-21 18:42 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-06-21 18:42 . 2008-06-21 18:42 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-06-21 12:39 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-06-21 12:39 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-06-21 12:39 . 2008-05-29 09:35 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-06-21 12:39 . 2008-05-18 21:40 82,944 --a------ C:\Windows\System32\IEDFix.exe
2008-06-21 12:39 . 2008-06-15 15:28 81,920 --a------ C:\Windows\System32\IEDFix.C.exe
2008-06-21 12:39 . 2008-05-23 18:21 81,920 --a------ C:\Windows\System32\404Fix.exe
2008-06-21 12:39 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-06-21 12:39 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-06-21 12:39 . 2008-06-21 12:39 3,774 --a------ C:\Windows\System32\tmp.reg
2008-06-21 12:35 . 2008-06-21 12:35 <REP> d-------- C:\Program Files\Trend Micro
2008-06-21 12:09 . 2008-06-21 12:09 <REP> d-------- C:\Program Files\Yahoo!
2008-06-21 11:55 . 2008-06-21 11:55 <REP> d-------- C:\PerfLogs
2008-06-21 10:22 . 2008-06-21 10:22 <REP> d-------- C:\Program Files\VAV
2008-06-21 10:22 . 2008-06-21 10:22 <REP> d-------- C:\Program Files\PCHealthCenter
2008-06-21 10:22 . 2008-06-16 17:18 31,744 --a------ C:\Sys17D7.exe
2008-06-21 10:22 . 2008-06-16 17:18 31,744 --a------ C:\Sys1789.exe
2008-06-21 10:22 . 2008-06-16 17:18 30,720 --a------ C:\Sys1844.exe
2008-06-21 10:22 . 2008-06-16 17:18 30,208 --a------ C:\Sys1806.exe
2008-06-21 09:58 . 2007-11-14 15:18 553 -r------- C:\Windows\USetup.iss
2008-06-21 09:56 . 2008-06-21 09:56 <REP> d-------- C:\Program Files\Realtek
2008-06-21 09:54 . 2008-06-21 09:54 <REP> d-------- C:\Medion
2008-06-15 05:40 . 2008-04-23 05:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-15 05:40 . 2008-04-23 05:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-15 05:40 . 2008-04-23 05:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-15 05:40 . 2008-01-19 08:33 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-06-15 05:40 . 2008-01-19 08:33 69,632 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-06-15 05:39 . 2008-04-23 05:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-14 16:31 . 2008-06-14 16:31 <REP> d-------- C:\pandora
2008-06-11 11:31 . 2008-04-25 03:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-11 11:31 . 2008-04-26 09:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 11:31 . 2008-04-25 05:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-11 11:31 . 2008-05-10 02:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-10 21:26 . 2008-06-21 10:24 <REP> d-------- C:\Program Files\Trials 2 Second Edition
2008-06-10 17:23 . 2008-06-10 17:26 <REP> d-------- C:\wamp
2008-06-04 17:10 . 2008-06-04 18:19 <REP> d-------- C:\Users\Matt\AppData\Roaming\Notepad++
2008-06-04 17:10 . 2008-06-04 17:10 <REP> d-------- C:\Program Files\Notepad++
2008-06-04 12:24 . 2008-06-04 12:26 <REP> d-------- C:\Users\Matt\Fonts
2008-06-01 16:08 . 2008-06-01 16:08 <REP> d-------- C:\Windows\PixArt
2008-05-31 23:40 . 2008-05-31 23:59 <REP> d-------- C:\Users\All Users\FLEXnet
2008-05-31 23:40 . 2008-05-31 23:59 <REP> d-------- C:\ProgramData\FLEXnet
2008-05-31 23:30 . 2008-05-31 23:30 <REP> d-------- C:\Program Files\Bonjour
2008-05-31 23:21 . 2008-05-31 23:21 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-31 23:18 . 2008-01-19 08:43 3,600,440 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-05-31 23:18 . 2008-01-19 08:43 3,548,728 --a------ C:\Windows\System32\ntoskrnl.exe
2008-05-31 23:18 . 2008-01-19 08:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
2008-05-31 23:18 . 2008-01-19 08:36 1,541,120 --a------ C:\Windows\System32\onex.dll
2008-05-31 23:18 . 2008-01-19 08:42 51,768 --a------ C:\Windows\System32\PSHED.DLL
2008-05-31 23:16 . 2008-01-19 08:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-05-31 23:15 . 2008-01-19 08:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-05-31 23:14 . 2008-01-19 07:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-05-31 23:13 . 2008-01-19 08:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-05-31 23:13 . 2008-01-05 12:31 145,455 --a------ C:\Windows\System32\perfmon.msc
2008-05-31 23:13 . 2008-01-05 12:32 120,458 --a------ C:\Windows\System32\secpol.msc
2008-05-31 23:13 . 2008-01-05 12:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-05-31 23:12 . 2008-01-19 08:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-05-31 23:12 . 2008-01-19 08:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-05-31 23:12 . 2008-01-19 08:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-05-31 23:11 . 2008-01-19 08:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-05-31 23:11 . 2008-01-19 08:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-05-31 23:11 . 2008-01-19 08:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-05-31 23:11 . 2008-01-19 08:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-05-31 23:11 . 2008-01-19 08:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-05-31 23:11 . 2008-01-19 08:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-05-31 22:40 . 2008-05-31 22:40 <REP> d-------- C:\Program Files\LaBoiteACouleurs
2008-05-28 11:47 . 2008-03-08 03:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 11:47 . 2008-03-08 05:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-26 22:12 . 2008-05-26 22:14 <REP> d-------- C:\Program Files\Dofus
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-22 08:51 --------- d-----w C:\Users\Matt\AppData\Roaming\OpenOffice.org2
2008-06-22 08:39 --------- d-----w C:\Users\Matt\AppData\Roaming\GrabIt
2008-06-21 11:05 --------- d-----w C:\ProgramData\NVIDIA
2008-06-21 11:04 174 --sha-w C:\Program Files\desktop.ini
2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Mail
2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Journal
2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Defender
2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Calendar
2008-06-21 10:29 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-21 10:29 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-21 08:56 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-06-21 08:56 315,392 ----a-w C:\Windows\HideWin.exe
2008-06-21 08:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-14 09:05 --------- d-----w C:\ProgramData\TrackMania
2008-06-11 20:45 --------- d-----w C:\Users\Matt\AppData\Roaming\FileZilla
2008-06-11 05:19 --------- d-----w C:\Program Files\Common Files\Steam
2008-06-10 20:26 --------- d-----w C:\Program Files\OpenAL
2008-06-10 16:44 --------- d-----w C:\Users\Matt\AppData\Roaming\Azureus
2008-05-31 22:30 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-30 19:47 --------- d-----w C:\Users\Matt\AppData\Roaming\teamspeak2
2008-05-27 16:32 --------- d-----w C:\Users\Matt\AppData\Roaming\skypePM
2008-05-27 16:32 --------- d-----w C:\Users\Matt\AppData\Roaming\Skype
2008-05-21 19:41 --------- d-----w C:\Program Files\Savage 2 - A Tortured Soul
2008-05-20 08:59 28 ------r C:\Windows\system32\drivers\VERSION.DAT
2008-05-19 20:21 --------- d-----w C:\Program Files\AGEIA Technologies
2008-05-19 20:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-19 19:58 --------- d-----w C:\Program Files\d3
2008-05-18 20:17 --------- d-----w C:\Users\Matt\AppData\Roaming\mIRC
2008-05-16 16:42 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-15 17:53 --------- d-----w C:\ProgramData\Pinnacle VideoSpin
2008-05-15 17:51 --------- d-----w C:\ProgramData\VideoSpin
2008-05-15 17:51 --------- d-----w C:\Program Files\Pinnacle
2008-05-15 17:51 --------- d-----w C:\Program Files\Common Files\Yahoo!
2008-05-15 17:48 --------- d-----w C:\ProgramData\Pinnacle
2008-05-15 17:41 --------- d-----w C:\Program Files\Movie Maker 2.6
2008-05-15 16:47 --------- d-----w C:\Program Files\DVDVideoSoft
2008-05-15 16:47 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-05-14 16:04 --------- d-----w C:\Program Files\pspvideo9
2008-05-14 16:04 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-14 06:08 --------- d-----w C:\ProgramData\Codemasters
2008-05-13 20:34 444,952 ----a-w C:\Windows\System32\wrap_oal.dll
2008-05-13 20:34 109,080 ----a-w C:\Windows\System32\OpenAL32.dll
2008-05-13 20:25 --------- d-----w C:\Program Files\Codemasters
2008-05-07 18:22 2,134,424 ----a-w C:\Windows\system32\drivers\RTKVHDA.sys
2008-05-07 15:19 694,784 ----a-w C:\Windows\System32\RtkPgExt.dll
2008-05-07 15:19 6,139,904 ----a-w C:\Windows\RtHDVCpl.exe
2008-05-07 15:17 2,172,928 ----a-w C:\Windows\System32\RtkAPO.dll
2008-05-06 14:29 31,232 ----a-w C:\Windows\System32\RtkCoInst.dll
2008-05-01 10:52 --------- d-----w C:\Program Files\Azureus
2008-04-30 23:19 --------- d-----w C:\Program Files\adslTV
2008-04-30 22:53 --------- d-----w C:\Users\Matt\AppData\Roaming\vlc
2008-04-30 11:18 159,744 ----a-w C:\Windows\System32\MaxxAudioAPO20.dll
2008-04-29 13:55 1,933,312 ----a-w C:\Windows\System32\MaxxAudioEQ.dll
2008-04-29 13:55 1,777,664 ----a-w C:\Windows\System32\WavesLib.dll
2008-04-28 11:29 805,400 ----a-r C:\Windows\System32\tmpC749.tmp
2008-04-28 11:29 805,400 ----a-r C:\Windows\System32\tmpC69C.tmp
2008-04-21 15:21 143,360 ----a-w C:\Windows\System32\FMAPO.dll
2008-04-10 14:06 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-04-10 14:06 22,328 ----a-w C:\Users\Matt\AppData\Roaming\PnkBstrK.sys
2008-04-10 14:06 2,337,865 ----a-w C:\Windows\System32\pbsvc.exe
2008-04-10 14:06 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-04-09 21:24 988,216 ----a-w C:\Windows\System32\winload.exe
2008-04-09 21:24 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-04-09 21:24 615,992 ----a-w C:\Windows\System32\ci.dll
2008-04-09 21:24 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-04-09 21:24 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-04-09 21:24 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-04-09 21:24 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-04-09 21:24 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-04-09 21:24 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-04-09 21:24 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-04-09 21:23 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-04-09 21:23 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-04-02 08:27 1,196,032 ----a-w C:\Windows\RtlUpd.exe
2008-03-30 10:08 1,871 ----a-w C:\Windows\Web\def.htm.vir
2008-03-29 20:10 32 ----a-w C:\Users\All Users\ezsid.dat
2008-03-29 20:10 32 ----a-w C:\ProgramData\ezsid.dat
2008-03-28 09:59 285,216 ----a-w C:\Windows\System32\RtkApoApi.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-21_12.58.26.79 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-21 11:49:59 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-22 08:50:52 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-06-21 11:50:00 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-22 08:50:53 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-06-21 11:50:00 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-06-22 08:50:53 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-06-21 11:51:00 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-22 08:52:57 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-22 08:52:57 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-21 11:50:54 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-22 08:52:52 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-22 08:52:52 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-21 11:46:59 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-22 09:20:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-21 11:46:59 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-22 09:20:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-21 11:46:59 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-22 09:20:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-21 11:07:32 104,742 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-06-22 08:58:45 104,742 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-21 11:07:32 127,318 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-06-22 08:58:45 127,318 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-06-21 11:07:32 595,308 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-06-22 08:58:45 595,308 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-21 11:07:32 676,850 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-06-22 08:58:45 676,850 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-06-21 11:52:00 5,982 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2077877471-3655646624-3498813986-1000_UserData.bin
+ 2008-06-21 12:31:01 6,140 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2077877471-3655646624-3498813986-1000_UserData.bin
- 2008-06-21 11:52:00 48,624 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-21 12:31:01 48,758 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-21 11:51:54 31,398 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-21 21:28:49 32,510 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 08:36 2153472 C:\Windows\System32\oobefldr.dll]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 14:58 495616]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-21 09:30 486856]
"Steam"="C:\Program Files\Valve\Steam\Steam.exe" [2008-03-30 15:59 1271032]
"Octoshape Streaming Services"="C:\Users\Matt\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2006-02-13 17:33 214648]
"e"="ˆexe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 00:19 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 19:05 734264]
"e-TF1"="C:\Program Files\TF1Vision\TF1vision.exe" [2008-03-05 13:47 397312]
"PSPVideo9"="C:\Program Files\pspvideo9\pspVideo9.exe" [2005-10-30 01:56 606208]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe" [2006-11-03 11:01 319488]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 16:19 6139904 C:\Windows\RtHDVCpl.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920]
"Sys880C.exe"="C:\Sys880C.exe" [2008-06-16 17:18 31744]
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.mjpg"= pvmjpg30.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7B586D61-E263-42C4-982F-CBD8D80339A8}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E6179681-68CD-4DDC-A696-EC301B01879E}"= UDP:C:\Program Files\Jeux\Sega\Universe At War Earth Assault\UAWEA.exe:Universe at War Earth Assault
"{F7F7C64D-C0DF-4154-9F7C-3A8D781A886F}"= TCP:C:\Program Files\Jeux\Sega\Universe At War Earth Assault\UAWEA.exe:Universe at War Earth Assault
"{D0186287-43F2-4CDE-A6BB-AE347599BD9C}"= UDP:C:\Program Files\Jeux\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
"{8465163C-6400-46E9-9542-1C4C02EEBD82}"= TCP:C:\Program Files\Jeux\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
"TCP Query User{1A14D1F0-6472-4810-8C93-FC31E93F1BEE}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{126DFC70-6620-40BA-82E4-7EADB12CE6C7}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{D6438CDC-75B5-4764-B540-148BBEE7C7DD}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{92E9D729-E4FF-49C0-8F35-C3C8331369DF}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{E0B60AB5-5191-4018-895C-2BCB1C11429E}"= UDP:C:\Program Files\PKR\pkr.exe
lay PKR"{C45136A1-7CCD-4929-8D57-BE5754E1BBCF}"= TCP:C:\Program Files\PKR\pkr.exe
lay PKR"TCP Query User{DD295F2B-A6AF-41DB-BB70-5A4C0C552DE3}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"UDP Query User{A93AAF3B-0CD5-4850-AD14-450269541C2C}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"TCP Query User{6F3730BD-A8F7-43F6-9A0C-31C0B7A621A1}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\counter-strike\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\mattkiller7\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{4C9CFD61-3F96-412E-B7F6-A821880F272F}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\counter-strike\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\mattkiller7\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{07236ED9-4F52-4A59-A5D6-07D4B0D7C850}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{ECD1D14C-6C78-4F59-8484-B903CBA79FE3}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{DB75EC1C-A68B-4FAA-98A0-0AF9A76A55E7}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{11F88FD4-D66B-4693-B25D-17A151AD379E}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{590B3ED6-AA5C-4CF2-A07C-AC5FC7E80ADF}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\condition zero\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\mattkiller7\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{44A7D384-925A-43B6-B28A-DBBAD3D27445}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\condition zero\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\mattkiller7\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{EA63027B-7CD6-465E-ABA9-0F6163A8D146}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{61E7B1D9-1101-44F2-BF97-849C50D707DF}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{85D75DF0-3664-41A5-A8CD-579690D0FDC9}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\mattkiller7\counter-strike source\hl2.exe:hl2
"UDP Query User{FA933BCB-44B3-44DB-82FD-B8845E7C0F49}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\mattkiller7\counter-strike source\hl2.exe:hl2
"TCP Query User{9F55431F-F391-4C3A-ADD3-A2EAA8258A00}C:\\program files\\valve\\steam\\steamapps\\daude13\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\daude13\counter-strike source\hl2.exe:hl2
"UDP Query User{C24DACD8-7BC2-4787-AC8A-1F286295F2F1}C:\\program files\\valve\\steam\\steamapps\\daude13\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\daude13\counter-strike source\hl2.exe:hl2
"{92AFF84E-D42A-4B22-818A-81C1519BB1AC}"= UDP:C:\Windows\System32\PnkBstrA.exe
nkBstrA"{3698746D-2FBE-4FBF-BB89-F5EC1F4806B1}"= TCP:C:\Windows\System32\PnkBstrA.exe
nkBstrA"{860CDA12-86A1-46B6-A25B-752CDC75BD81}"= UDP:C:\Windows\System32\PnkBstrB.exe
nkBstrB"{D8172CA5-18C7-486E-B711-4C31A89735B2}"= TCP:C:\Windows\System32\PnkBstrB.exe
nkBstrB"{9AFF18EF-9BC5-4F7B-8A3B-F83A6AF95F2E}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{972C8765-AB99-4E57-8F2A-57A9C536442B}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{505EAA90-EA35-47C2-BA9A-8D51FFEC711B}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{5240C1B1-1E1C-4B1D-819C-4285B7024F56}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"TCP Query User{CAE6277B-2FD2-45CA-81B9-FF62D1BDDC0D}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{272C9F65-752D-451B-B761-C5A10D98209C}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{F007F1E6-1495-4E10-8D5F-890D0BDC6DD1}C:\\users\\matt\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= UDP:C:\users\matt\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe
ctoshapeclient.exe"UDP Query User{B4EA1A8E-1C8E-45C7-AD50-9579C1C15267}C:\\users\\matt\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= TCP:C:\users\matt\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe
ctoshapeclient.exe"TCP Query User{4FD436DA-34BA-4B3E-A2F7-8B46D3588F3E}C:\\program files\\adsltv\\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv
"UDP Query User{A63B0633-2F64-4853-9AD1-6D05BFEE3AC9}C:\\program files\\adsltv\\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv
"TCP Query User{E13A7EA1-D87B-4098-B793-182B3E80D850}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{3EF1FC25-01DE-4A9A-83C4-513836EED15B}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{DBB81B0C-5D2D-4EFA-B139-5FA53E52B3B2}"= UDP:C:\Program Files\Codemasters\GRID Demo\GRID.exe:GRID Demo
"{C778ACC5-C1EA-4EF6-8083-D7C346B466F4}"= TCP:C:\Program Files\Codemasters\GRID Demo\GRID.exe:GRID Demo
"TCP Query User{82273AB4-6C31-45A4-BB50-7F0630D5809B}C:\\users\\matt\\appdata\\locallow\\garagegames\\iaplayer\\products\\5000\\install\\screwjumperpc.exe"= UDP:C:\users\matt\appdata\locallow\garagegames\iaplayer\products\5000\install\screwjumperpc.exe:screwjumperpc.exe
"UDP Query User{233472B0-A002-4EFF-8BAE-0168C9638A91}C:\\users\\matt\\appdata\\locallow\\garagegames\\iaplayer\\products\\5000\\install\\screwjumperpc.exe"= TCP:C:\users\matt\appdata\locallow\garagegames\iaplayer\products\5000\install\screwjumperpc.exe:screwjumperpc.exe
"{E0A7B9FF-2807-45B7-A22D-928C6F1E91BF}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{3688F6EB-D355-4EB6-8D87-FD00126ABF9C}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{01697CD4-48F6-4360-969B-204EE5E55B8E}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe
MSRegisterFile"{0A16CA36-9254-47F2-A5A8-8864166AFD85}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe
MSRegisterFile"{B1597868-F18C-49BD-AD67-7438AC69EEB3}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{48993F2A-33A9-47B2-B01A-895E3E8D98AA}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{3DF5794C-604F-49B9-A908-DFF869418BC8}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe
innacle VideoSpin"{B2653C09-E448-4B95-A1FF-5DD340F3E959}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe
innacle VideoSpin"TCP Query User{F3ED59D0-EE9A-43D9-9CFC-A5BFB07BD092}C:\\program files\\savage 2 - a tortured soul\\savage2.exe"= UDP:C:\program files\savage 2 - a tortured soul\savage2.exe:savage2
"UDP Query User{A0070EB7-A348-4086-9F62-EA00F59ED9D1}C:\\program files\\savage 2 - a tortured soul\\savage2.exe"= TCP:C:\program files\savage 2 - a tortured soul\savage2.exe:savage2
"TCP Query User{9732088F-9118-4BBC-BFE0-C36D8714224D}C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= UDP:C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
"UDP Query User{101EE57F-4AC4-42A1-B066-A8EF2BE8AAF8}C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= TCP:C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 00:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 00:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 00:18]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 11:34]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-10 19:13]
S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe wampmysqld []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{276be7d8-fb30-11dc-bc69-001617e6b829}]
\shell\AutoRun\command - I:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43e73afe-f92d-11dc-b5af-806e6f6e6963}]
\shell\AutoRun\command - E:\Lance.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4542a2ce-318d-11dd-b35a-001617e6b829}]
\shell\AutoRun\command - K:\LaunchU3.exe -a
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 10:23:08
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\RocketDock\RocketDock.dll
.
Completion time: 2008-06-22 10:24:03
ComboFix-quarantined-files.txt 2008-06-22 09:23:59
ComboFix2.txt 2008-06-21 11:58:50
Pre-Run: 86,702,063,616 octets libres
Post-Run: 86,660,624,384 octets libres
340 --- E O F --- 2008-06-21 10:32:10
Spmsk8
22 Juin 2008 11:42:38
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:22, on 22/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\TF1Vision\TF1vision.exe
C:\Program Files\pspvideo9\pspVideo9.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Users\Matt\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jeuxvideo.com/etajvbis.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Sys8AEA.exe] C:\Sys8AEA.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Matt\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [e] ˆexe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{62F2D224-FF6A-436F-8617-2EDC58693E7F}: NameServer = 212.27.32.176,212.27.32.177
O17 - HKLM\System\CS1\Services\Tcpip\..\{62F2D224-FF6A-436F-8617-2EDC58693E7F}: NameServer = 212.27.32.176,212.27.32.177
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
--
End of file - 8019 bytes
Scan saved at 10:45:22, on 22/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\TF1Vision\TF1vision.exe
C:\Program Files\pspvideo9\pspVideo9.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Users\Matt\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jeuxvideo.com/etajvbis.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Sys8AEA.exe] C:\Sys8AEA.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Matt\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [e] ˆexe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{62F2D224-FF6A-436F-8617-2EDC58693E7F}: NameServer = 212.27.32.176,212.27.32.177
O17 - HKLM\System\CS1\Services\Tcpip\..\{62F2D224-FF6A-436F-8617-2EDC58693E7F}: NameServer = 212.27.32.176,212.27.32.177
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
--
End of file - 8019 bytes
Spmsk8
22 Juin 2008 12:09:05
Spmsk8
22 Juin 2008 13:25:33
Spmsk8
22 Juin 2008 16:40:09
re
tu peux être patient? j'ai une vie...
1
Copie (Ctrl+C) le texte ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt
Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
![]()
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
2
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
tu peux être patient? j'ai une vie...
1
Copie (Ctrl+C) le texte ci-dessous :
File::
C:\Windows\System32\sex2.ico
C:\Sys880C.exe
C:\Sys8174.exe
C:\Sys8116.exe
C:\Sys824F.exe
C:\Windows\System32\sex1.ico
C:\Sys17D7.exe
C:\Sys1789.exe
C:\Sys1844.exe
C:\Sys1806.exe
Folder::
C:\Program Files\VAV
C:\Program Files\PCHealthCenter
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"e"=-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sys880C.exe"=-
C:\Windows\System32\sex2.ico
C:\Sys880C.exe
C:\Sys8174.exe
C:\Sys8116.exe
C:\Sys824F.exe
C:\Windows\System32\sex1.ico
C:\Sys17D7.exe
C:\Sys1789.exe
C:\Sys1844.exe
C:\Sys1806.exe
Folder::
C:\Program Files\VAV
C:\Program Files\PCHealthCenter
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"e"=-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sys880C.exe"=-
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt
Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
Ne touche à rien tant que le scan n'est pas terminé.
2
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Spmsk8
23 Juin 2008 20:17:29
dsl
ComboFix 08-06-20.4 - Matt 2008-06-23 18:52:53.4 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1033.18.1152 [GMT 1:00]
Running from: C:\Users\Matt\Desktop\ComboFix.exe
Command switches used :: C:\Users\Matt\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\Sys1789.exe
C:\Sys17D7.exe
C:\Sys1806.exe
C:\Sys1844.exe
C:\Sys8116.exe
C:\Sys8174.exe
C:\Sys824F.exe
C:\Sys880C.exe
C:\Windows\System32\sex1.ico
C:\Windows\System32\sex2.ico
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\0.exe
C:\Program Files\PCHealthCenter\0.gif
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\sc.html
C:\Program Files\PCHealthCenter\sex1.ico
C:\Program Files\PCHealthCenter\sex2.ico
C:\Program Files\VAV
C:\Program Files\VAV\vav.cpl
C:\Program Files\VAV\vav.exe
C:\Program Files\VAV\vav.ooo
C:\Program Files\VAV\vav0.dat
C:\Program Files\VAV\vav1.dat
C:\Sys1789.exe
C:\Sys17D7.exe
C:\Sys1806.exe
C:\Sys1844.exe
C:\Sys8116.exe
C:\Sys880C.exe
C:\Windows\System32\sex1.ico
C:\Windows\System32\sex2.ico
.
((((((((((((((((((((((((( Files Created from 2008-05-23 to 2008-06-23 )))))))))))))))))))))))))))))))
.
2058-03-30 12:11 . 2058-03-30 12:11 <REP> d-------- C:\Program Files\Guitar Pro 5
2008-06-23 18:51 . 2008-06-23 18:52 <REP> d-------- C:\327882R2FWJFW
2008-06-23 06:56 . 2008-06-23 06:56 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-23 06:29 . 2008-06-16 17:18 31,744 --a------ C:\Sys7F03.exe
2008-06-22 18:23 . 2008-06-16 17:18 31,744 --a------ C:\Sys8869.exe
2008-06-22 10:28 . 2008-06-16 17:18 31,744 --a------ C:\Sys8AEA.exe
2008-06-22 09:53 . 2008-06-22 10:06 <REP> d-------- C:\Program Files\Navilog1
2008-06-21 22:23 . 2008-06-21 22:23 944 --a------ C:\Windows\wininit.ini
2008-06-21 22:04 . 2008-06-22 18:25 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-06-21 22:04 . 2008-06-22 18:25 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-06-21 18:42 . 2008-06-21 18:42 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-06-21 18:42 . 2008-06-21 18:42 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-06-21 12:39 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-06-21 12:39 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-06-21 12:39 . 2008-05-29 09:35 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-06-21 12:39 . 2008-05-18 21:40 82,944 --a------ C:\Windows\System32\IEDFix.exe
2008-06-21 12:39 . 2008-06-15 15:28 81,920 --a------ C:\Windows\System32\IEDFix.C.exe
2008-06-21 12:39 . 2008-05-23 18:21 81,920 --a------ C:\Windows\System32\404Fix.exe
2008-06-21 12:39 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-06-21 12:39 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-06-21 12:39 . 2008-06-21 12:39 3,774 --a------ C:\Windows\System32\tmp.reg
2008-06-21 12:35 . 2008-06-21 12:35 <REP> d-------- C:\Program Files\Trend Micro
2008-06-21 12:09 . 2008-06-21 12:09 <REP> d-------- C:\Program Files\Yahoo!
2008-06-21 11:55 . 2008-06-21 11:55 <REP> d-------- C:\PerfLogs
2008-06-21 09:58 . 2007-11-14 15:18 553 -r------- C:\Windows\USetup.iss
2008-06-21 09:56 . 2008-06-21 09:56 <REP> d-------- C:\Program Files\Realtek
2008-06-21 09:54 . 2008-06-21 09:54 <REP> d-------- C:\Medion
2008-06-15 05:40 . 2008-04-23 05:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-15 05:40 . 2008-04-23 05:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-15 05:40 . 2008-04-23 05:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-15 05:40 . 2008-01-19 08:33 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-06-15 05:40 . 2008-01-19 08:33 69,632 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-06-15 05:39 . 2008-04-23 05:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-14 16:31 . 2008-06-14 16:31 <REP> d-------- C:\pandora
2008-06-11 11:31 . 2008-04-25 03:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-11 11:31 . 2008-04-26 09:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 11:31 . 2008-04-25 05:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-11 11:31 . 2008-05-10 02:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-10 21:26 . 2008-06-21 10:24 <REP> d-------- C:\Program Files\Trials 2 Second Edition
2008-06-10 17:23 . 2008-06-10 17:26 <REP> d-------- C:\wamp
2008-06-04 17:10 . 2008-06-04 18:19 <REP> d-------- C:\Users\Matt\AppData\Roaming\Notepad++
2008-06-04 17:10 . 2008-06-04 17:10 <REP> d-------- C:\Program Files\Notepad++
2008-06-04 12:24 . 2008-06-04 12:26 <REP> d-------- C:\Users\Matt\Fonts
2008-06-01 16:08 . 2008-06-01 16:08 <REP> d-------- C:\Windows\PixArt
2008-05-31 23:40 . 2008-05-31 23:59 <REP> d-------- C:\Users\All Users\FLEXnet
2008-05-31 23:40 . 2008-05-31 23:59 <REP> d-------- C:\ProgramData\FLEXnet
2008-05-31 23:30 . 2008-05-31 23:30 <REP> d-------- C:\Program Files\Bonjour
2008-05-31 23:21 . 2008-05-31 23:21 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-31 23:18 . 2008-01-19 08:43 3,600,440 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-05-31 23:18 . 2008-01-19 08:43 3,548,728 --a------ C:\Windows\System32\ntoskrnl.exe
2008-05-31 23:18 . 2008-01-19 08:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
2008-05-31 23:18 . 2008-01-19 08:36 1,541,120 --a------ C:\Windows\System32\onex.dll
2008-05-31 23:18 . 2008-01-19 08:42 51,768 --a------ C:\Windows\System32\PSHED.DLL
2008-05-31 23:16 . 2008-01-19 08:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-05-31 23:15 . 2008-01-19 08:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-05-31 23:14 . 2008-01-19 07:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-05-31 23:13 . 2008-01-19 08:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-05-31 23:13 . 2008-01-05 12:31 145,455 --a------ C:\Windows\System32\perfmon.msc
2008-05-31 23:13 . 2008-01-05 12:32 120,458 --a------ C:\Windows\System32\secpol.msc
2008-05-31 23:13 . 2008-01-05 12:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-05-31 23:12 . 2008-01-19 08:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-05-31 23:12 . 2008-01-19 08:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-05-31 23:12 . 2008-01-19 08:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-05-31 23:11 . 2008-01-19 08:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-05-31 23:11 . 2008-01-19 08:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-05-31 23:11 . 2008-01-19 08:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-05-31 23:11 . 2008-01-19 08:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-05-31 23:11 . 2008-01-19 08:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-05-31 23:11 . 2008-01-19 08:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-05-31 22:40 . 2008-05-31 22:40 <REP> d-------- C:\Program Files\LaBoiteACouleurs
2008-05-28 11:47 . 2008-03-08 03:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 11:47 . 2008-03-08 05:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-26 22:12 . 2008-05-26 22:14 <REP> d-------- C:\Program Files\Dofus
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 05:30 --------- d-----w C:\Users\Matt\AppData\Roaming\OpenOffice.org2
2008-06-22 11:29 --------- d-----w C:\Users\Matt\AppData\Roaming\GrabIt
2008-06-21 11:05 --------- d-----w C:\ProgramData\NVIDIA
2008-06-21 11:04 174 --sha-w C:\Program Files\desktop.ini
2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Mail
2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Journal
2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Defender
2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Calendar
2008-06-21 10:29 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-21 10:29 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-21 08:56 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-06-21 08:56 315,392 ----a-w C:\Windows\HideWin.exe
2008-06-21 08:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-14 09:05 --------- d-----w C:\ProgramData\TrackMania
2008-06-11 20:45 --------- d-----w C:\Users\Matt\AppData\Roaming\FileZilla
2008-06-11 05:19 --------- d-----w C:\Program Files\Common Files\Steam
2008-06-10 20:26 --------- d-----w C:\Program Files\OpenAL
2008-06-10 16:44 --------- d-----w C:\Users\Matt\AppData\Roaming\Azureus
2008-05-31 22:30 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-30 19:47 --------- d-----w C:\Users\Matt\AppData\Roaming\teamspeak2
2008-05-27 16:32 --------- d-----w C:\Users\Matt\AppData\Roaming\skypePM
2008-05-27 16:32 --------- d-----w C:\Users\Matt\AppData\Roaming\Skype
2008-05-21 19:41 --------- d-----w C:\Program Files\Savage 2 - A Tortured Soul
2008-05-20 08:59 28 ------r C:\Windows\system32\drivers\VERSION.DAT
2008-05-19 20:21 --------- d-----w C:\Program Files\AGEIA Technologies
2008-05-19 20:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-19 19:58 --------- d-----w C:\Program Files\d3
2008-05-18 20:17 --------- d-----w C:\Users\Matt\AppData\Roaming\mIRC
2008-05-16 16:42 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-15 17:53 --------- d-----w C:\ProgramData\Pinnacle VideoSpin
2008-05-15 17:51 --------- d-----w C:\ProgramData\VideoSpin
2008-05-15 17:51 --------- d-----w C:\Program Files\Pinnacle
2008-05-15 17:51 --------- d-----w C:\Program Files\Common Files\Yahoo!
2008-05-15 17:48 --------- d-----w C:\ProgramData\Pinnacle
2008-05-15 17:41 --------- d-----w C:\Program Files\Movie Maker 2.6
2008-05-15 16:47 --------- d-----w C:\Program Files\DVDVideoSoft
2008-05-15 16:47 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-05-14 16:04 --------- d-----w C:\Program Files\pspvideo9
2008-05-14 16:04 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-14 06:08 --------- d-----w C:\ProgramData\Codemasters
2008-05-13 20:34 444,952 ----a-w C:\Windows\System32\wrap_oal.dll
2008-05-13 20:34 109,080 ----a-w C:\Windows\System32\OpenAL32.dll
2008-05-13 20:25 --------- d-----w C:\Program Files\Codemasters
2008-05-07 18:22 2,134,424 ----a-w C:\Windows\system32\drivers\RTKVHDA.sys
2008-05-07 15:19 694,784 ----a-w C:\Windows\System32\RtkPgExt.dll
2008-05-07 15:19 6,139,904 ----a-w C:\Windows\RtHDVCpl.exe
2008-05-07 15:17 2,172,928 ----a-w C:\Windows\System32\RtkAPO.dll
2008-05-06 14:29 31,232 ----a-w C:\Windows\System32\RtkCoInst.dll
2008-05-01 10:52 --------- d-----w C:\Program Files\Azureus
2008-04-30 23:19 --------- d-----w C:\Program Files\adslTV
2008-04-30 22:53 --------- d-----w C:\Users\Matt\AppData\Roaming\vlc
2008-04-30 11:18 159,744 ----a-w C:\Windows\System32\MaxxAudioAPO20.dll
2008-04-29 13:55 1,933,312 ----a-w C:\Windows\System32\MaxxAudioEQ.dll
2008-04-29 13:55 1,777,664 ----a-w C:\Windows\System32\WavesLib.dll
2008-04-28 11:29 805,400 ----a-r C:\Windows\System32\tmpC749.tmp
2008-04-28 11:29 805,400 ----a-r C:\Windows\System32\tmpC69C.tmp
2008-04-21 15:21 143,360 ----a-w C:\Windows\System32\FMAPO.dll
2008-04-10 14:06 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-04-10 14:06 22,328 ----a-w C:\Users\Matt\AppData\Roaming\PnkBstrK.sys
2008-04-10 14:06 2,337,865 ----a-w C:\Windows\System32\pbsvc.exe
2008-04-10 14:06 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-04-09 21:24 988,216 ----a-w C:\Windows\System32\winload.exe
2008-04-09 21:24 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-04-09 21:24 615,992 ----a-w C:\Windows\System32\ci.dll
2008-04-09 21:24 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-04-09 21:24 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-04-09 21:24 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-04-09 21:24 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-04-09 21:24 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-04-09 21:24 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-04-09 21:24 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-04-09 21:23 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-04-09 21:23 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-04-02 08:27 1,196,032 ----a-w C:\Windows\RtlUpd.exe
2008-03-30 10:08 1,871 ----a-w C:\Windows\Web\def.htm.vir
2008-03-29 20:10 32 ----a-w C:\Users\All Users\ezsid.dat
2008-03-29 20:10 32 ----a-w C:\ProgramData\ezsid.dat
2008-03-28 09:59 285,216 ----a-w C:\Windows\System32\RtkApoApi.dll
.
((((((((((((((((((((((((((((( snapshot_2008-06-22_10.23.42,39 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-22 08:50:52 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-23 05:28:53 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-06-22 08:50:53 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-23 05:28:54 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-06-22 08:50:53 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-06-23 05:28:54 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-06-22 08:52:57 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-23 06:15:04 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-23 06:15:04 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-22 08:52:52 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-23 05:29:57 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-23 05:29:57 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-22 09:20:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-23 17:33:18 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-22 09:20:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-23 17:33:18 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-22 09:20:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-23 17:33:18 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-22 08:58:45 104,742 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-06-23 06:16:04 104,742 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-22 08:58:45 127,318 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-06-23 06:16:04 127,318 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-06-22 08:58:45 595,308 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-06-23 06:16:04 595,308 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-22 08:58:45 676,850 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-06-23 06:16:04 676,850 ----a-w C:\Windows\System32\perfh00C.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 08:36 2153472 C:\Windows\System32\oobefldr.dll]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 14:58 495616]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-21 09:30 486856]
"Steam"="C:\Program Files\Valve\Steam\Steam.exe" [2008-03-30 15:59 1271032]
"Octoshape Streaming Services"="C:\Users\Matt\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2006-02-13 17:33 214648]
"Sys7F03.exe"="C:\Sys7F03.exe" [2008-06-16 17:18 31744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 00:19 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 19:05 734264]
"e-TF1"="C:\Program Files\TF1Vision\TF1vision.exe" [2008-03-05 13:47 397312]
"PSPVideo9"="C:\Program Files\pspvideo9\pspVideo9.exe" [2005-10-30 01:56 606208]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe" [2006-11-03 11:01 319488]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 16:19 6139904 C:\Windows\RtHDVCpl.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920]
"Sys7F03.exe"="C:\Sys7F03.exe" [2008-06-16 17:18 31744]
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.mjpg"= pvmjpg30.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7B586D61-E263-42C4-982F-CBD8D80339A8}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E6179681-68CD-4DDC-A696-EC301B01879E}"= UDP:C:\Program Files\Jeux\Sega\Universe At War Earth Assault\UAWEA.exe:Universe at War Earth Assault
"{F7F7C64D-C0DF-4154-9F7C-3A8D781A886F}"= TCP:C:\Program Files\Jeux\Sega\Universe At War Earth Assault\UAWEA.exe:Universe at War Earth Assault
"{D0186287-43F2-4CDE-A6BB-AE347599BD9C}"= UDP:C:\Program Files\Jeux\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
"{8465163C-6400-46E9-9542-1C4C02EEBD82}"= TCP:C:\Program Files\Jeux\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
"TCP Query User{1A14D1F0-6472-4810-8C93-FC31E93F1BEE}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{126DFC70-6620-40BA-82E4-7EADB12CE6C7}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{D6438CDC-75B5-4764-B540-148BBEE7C7DD}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{92E9D729-E4FF-49C0-8F35-C3C8331369DF}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{E0B60AB5-5191-4018-895C-2BCB1C11429E}"= UDP:C:\Program Files\PKR\pkr.exe![:p]( ":p")
lay PKR
"{C45136A1-7CCD-4929-8D57-BE5754E1BBCF}"= TCP:C:\Program Files\PKR\pkr.exe![:p]( ":p")
lay PKR
"TCP Query User{DD295F2B-A6AF-41DB-BB70-5A4C0C552DE3}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"UDP Query User{A93AAF3B-0CD5-4850-AD14-450269541C2C}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"TCP Query User{6F3730BD-A8F7-43F6-9A0C-31C0B7A621A1}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\counter-strike\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\mattkiller7\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{4C9CFD61-3F96-412E-B7F6-A821880F272F}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\counter-strike\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\mattkiller7\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{07236ED9-4F52-4A59-A5D6-07D4B0D7C850}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{ECD1D14C-6C78-4F59-8484-B903CBA79FE3}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{DB75EC1C-A68B-4FAA-98A0-0AF9A76A55E7}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{11F88FD4-D66B-4693-B25D-17A151AD379E}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{590B3ED6-AA5C-4CF2-A07C-AC5FC7E80ADF}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\condition zero\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\mattkiller7\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{44A7D384-925A-43B6-B28A-DBBAD3D27445}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\condition zero\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\mattkiller7\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{EA63027B-7CD6-465E-ABA9-0F6163A8D146}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{61E7B1D9-1101-44F2-BF97-849C50D707DF}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{85D75DF0-3664-41A5-A8CD-579690D0FDC9}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\mattkiller7\counter-strike source\hl2.exe:hl2
"UDP Query User{FA933BCB-44B3-44DB-82FD-B8845E7C0F49}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\mattkiller7\counter-strike source\hl2.exe:hl2
"TCP Query User{9F55431F-F391-4C3A-ADD3-A2EAA8258A00}C:\\program files\\valve\\steam\\steamapps\\daude13\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\daude13\counter-strike source\hl2.exe:hl2
"UDP Query User{C24DACD8-7BC2-4787-AC8A-1F286295F2F1}C:\\program files\\valve\\steam\\steamapps\\daude13\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\daude13\counter-strike source\hl2.exe:hl2
"{92AFF84E-D42A-4B22-818A-81C1519BB1AC}"= UDP:C:\Windows\System32\PnkBstrA.exe![:p]( ":p")
nkBstrA
"{3698746D-2FBE-4FBF-BB89-F5EC1F4806B1}"= TCP:C:\Windows\System32\PnkBstrA.exe![:p]( ":p")
nkBstrA
"{860CDA12-86A1-46B6-A25B-752CDC75BD81}"= UDP:C:\Windows\System32\PnkBstrB.exe![:p]( ":p")
nkBstrB
"{D8172CA5-18C7-486E-B711-4C31A89735B2}"= TCP:C:\Windows\System32\PnkBstrB.exe![:p]( ":p")
nkBstrB
"{9AFF18EF-9BC5-4F7B-8A3B-F83A6AF95F2E}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{972C8765-AB99-4E57-8F2A-57A9C536442B}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{505EAA90-EA35-47C2-BA9A-8D51FFEC711B}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{5240C1B1-1E1C-4B1D-819C-4285B7024F56}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"TCP Query User{CAE6277B-2FD2-45CA-81B9-FF62D1BDDC0D}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{272C9F65-752D-451B-B761-C5A10D98209C}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{F007F1E6-1495-4E10-8D5F-890D0BDC6DD1}C:\\users\\matt\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= UDP:C:\users\matt\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe![:o]( ":o")
ctoshapeclient.exe
"UDP Query User{B4EA1A8E-1C8E-45C7-AD50-9579C1C15267}C:\\users\\matt\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= TCP:C:\users\matt\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe![:o]( ":o")
ctoshapeclient.exe
"TCP Query User{4FD436DA-34BA-4B3E-A2F7-8B46D3588F3E}C:\\program files\\adsltv\\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv
"UDP Query User{A63B0633-2F64-4853-9AD1-6D05BFEE3AC9}C:\\program files\\adsltv\\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv
"TCP Query User{E13A7EA1-D87B-4098-B793-182B3E80D850}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{3EF1FC25-01DE-4A9A-83C4-513836EED15B}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{DBB81B0C-5D2D-4EFA-B139-5FA53E52B3B2}"= UDP:C:\Program Files\Codemasters\GRID Demo\GRID.exe:GRID Demo
"{C778ACC5-C1EA-4EF6-8083-D7C346B466F4}"= TCP:C:\Program Files\Codemasters\GRID Demo\GRID.exe:GRID Demo
"TCP Query User{82273AB4-6C31-45A4-BB50-7F0630D5809B}C:\\users\\matt\\appdata\\locallow\\garagegames\\iaplayer\\products\\5000\\install\\screwjumperpc.exe"= UDP:C:\users\matt\appdata\locallow\garagegames\iaplayer\products\5000\install\screwjumperpc.exe:screwjumperpc.exe
"UDP Query User{233472B0-A002-4EFF-8BAE-0168C9638A91}C:\\users\\matt\\appdata\\locallow\\garagegames\\iaplayer\\products\\5000\\install\\screwjumperpc.exe"= TCP:C:\users\matt\appdata\locallow\garagegames\iaplayer\products\5000\install\screwjumperpc.exe:screwjumperpc.exe
"{E0A7B9FF-2807-45B7-A22D-928C6F1E91BF}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{3688F6EB-D355-4EB6-8D87-FD00126ABF9C}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{01697CD4-48F6-4360-969B-204EE5E55B8E}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe![:p]( ":p")
MSRegisterFile
"{0A16CA36-9254-47F2-A5A8-8864166AFD85}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe![:p]( ":p")
MSRegisterFile
"{B1597868-F18C-49BD-AD67-7438AC69EEB3}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{48993F2A-33A9-47B2-B01A-895E3E8D98AA}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{3DF5794C-604F-49B9-A908-DFF869418BC8}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe![:p]( ":p")
innacle VideoSpin
"{B2653C09-E448-4B95-A1FF-5DD340F3E959}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe![:p]( ":p")
innacle VideoSpin
"TCP Query User{F3ED59D0-EE9A-43D9-9CFC-A5BFB07BD092}C:\\program files\\savage 2 - a tortured soul\\savage2.exe"= UDP:C:\program files\savage 2 - a tortured soul\savage2.exe:savage2
"UDP Query User{A0070EB7-A348-4086-9F62-EA00F59ED9D1}C:\\program files\\savage 2 - a tortured soul\\savage2.exe"= TCP:C:\program files\savage 2 - a tortured soul\savage2.exe:savage2
"TCP Query User{9732088F-9118-4BBC-BFE0-C36D8714224D}C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= UDP:C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
"UDP Query User{101EE57F-4AC4-42A1-B066-A8EF2BE8AAF8}C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= TCP:C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 00:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 00:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 00:18]
S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 11:34]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-10 19:13]
S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe wampmysqld []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{276be7d8-fb30-11dc-bc69-001617e6b829}]
\shell\AutoRun\command - I:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43e73afe-f92d-11dc-b5af-806e6f6e6963}]
\shell\AutoRun\command - E:\Lance.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4542a2ce-318d-11dd-b35a-001617e6b829}]
\shell\AutoRun\command - K:\LaunchU3.exe -a
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 18:56:26
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-23 18:57:29
ComboFix-quarantined-files.txt 2008-06-23 17:57:25
ComboFix2.txt 2008-06-22 09:24:04
ComboFix3.txt 2008-06-21 11:58:50
Pre-Run: 80,369,319,936 octets libres
Post-Run: 80,225,427,456 octets libres
363 --- E O F --- 2008-06-21 10:32:10
ComboFix 08-06-20.4 - Matt 2008-06-23 18:52:53.4 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1033.18.1152 [GMT 1:00]
Running from: C:\Users\Matt\Desktop\ComboFix.exe
Command switches used :: C:\Users\Matt\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\Sys1789.exe
C:\Sys17D7.exe
C:\Sys1806.exe
C:\Sys1844.exe
C:\Sys8116.exe
C:\Sys8174.exe
C:\Sys824F.exe
C:\Sys880C.exe
C:\Windows\System32\sex1.ico
C:\Windows\System32\sex2.ico
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\0.exe
C:\Program Files\PCHealthCenter\0.gif
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\sc.html
C:\Program Files\PCHealthCenter\sex1.ico
C:\Program Files\PCHealthCenter\sex2.ico
C:\Program Files\VAV
C:\Program Files\VAV\vav.cpl
C:\Program Files\VAV\vav.exe
C:\Program Files\VAV\vav.ooo
C:\Program Files\VAV\vav0.dat
C:\Program Files\VAV\vav1.dat
C:\Sys1789.exe
C:\Sys17D7.exe
C:\Sys1806.exe
C:\Sys1844.exe
C:\Sys8116.exe
C:\Sys880C.exe
C:\Windows\System32\sex1.ico
C:\Windows\System32\sex2.ico
.
((((((((((((((((((((((((( Files Created from 2008-05-23 to 2008-06-23 )))))))))))))))))))))))))))))))
.
2058-03-30 12:11 . 2058-03-30 12:11 <REP> d-------- C:\Program Files\Guitar Pro 5
2008-06-23 18:51 . 2008-06-23 18:52 <REP> d-------- C:\327882R2FWJFW
2008-06-23 06:56 . 2008-06-23 06:56 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-23 06:29 . 2008-06-16 17:18 31,744 --a------ C:\Sys7F03.exe
2008-06-22 18:23 . 2008-06-16 17:18 31,744 --a------ C:\Sys8869.exe
2008-06-22 10:28 . 2008-06-16 17:18 31,744 --a------ C:\Sys8AEA.exe
2008-06-22 09:53 . 2008-06-22 10:06 <REP> d-------- C:\Program Files\Navilog1
2008-06-21 22:23 . 2008-06-21 22:23 944 --a------ C:\Windows\wininit.ini
2008-06-21 22:04 . 2008-06-22 18:25 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-06-21 22:04 . 2008-06-22 18:25 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-06-21 18:42 . 2008-06-21 18:42 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-06-21 18:42 . 2008-06-21 18:42 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-06-21 12:39 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-06-21 12:39 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-06-21 12:39 . 2008-05-29 09:35 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-06-21 12:39 . 2008-05-18 21:40 82,944 --a------ C:\Windows\System32\IEDFix.exe
2008-06-21 12:39 . 2008-06-15 15:28 81,920 --a------ C:\Windows\System32\IEDFix.C.exe
2008-06-21 12:39 . 2008-05-23 18:21 81,920 --a------ C:\Windows\System32\404Fix.exe
2008-06-21 12:39 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-06-21 12:39 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-06-21 12:39 . 2008-06-21 12:39 3,774 --a------ C:\Windows\System32\tmp.reg
2008-06-21 12:35 . 2008-06-21 12:35 <REP> d-------- C:\Program Files\Trend Micro
2008-06-21 12:09 . 2008-06-21 12:09 <REP> d-------- C:\Program Files\Yahoo!
2008-06-21 11:55 . 2008-06-21 11:55 <REP> d-------- C:\PerfLogs
2008-06-21 09:58 . 2007-11-14 15:18 553 -r------- C:\Windows\USetup.iss
2008-06-21 09:56 . 2008-06-21 09:56 <REP> d-------- C:\Program Files\Realtek
2008-06-21 09:54 . 2008-06-21 09:54 <REP> d-------- C:\Medion
2008-06-15 05:40 . 2008-04-23 05:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-15 05:40 . 2008-04-23 05:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-15 05:40 . 2008-04-23 05:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-15 05:40 . 2008-01-19 08:33 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-06-15 05:40 . 2008-01-19 08:33 69,632 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-06-15 05:39 . 2008-04-23 05:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-14 16:31 . 2008-06-14 16:31 <REP> d-------- C:\pandora
2008-06-11 11:31 . 2008-04-25 03:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-11 11:31 . 2008-04-26 09:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 11:31 . 2008-04-25 05:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-11 11:31 . 2008-05-10 02:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-10 21:26 . 2008-06-21 10:24 <REP> d-------- C:\Program Files\Trials 2 Second Edition
2008-06-10 17:23 . 2008-06-10 17:26 <REP> d-------- C:\wamp
2008-06-04 17:10 . 2008-06-04 18:19 <REP> d-------- C:\Users\Matt\AppData\Roaming\Notepad++
2008-06-04 17:10 . 2008-06-04 17:10 <REP> d-------- C:\Program Files\Notepad++
2008-06-04 12:24 . 2008-06-04 12:26 <REP> d-------- C:\Users\Matt\Fonts
2008-06-01 16:08 . 2008-06-01 16:08 <REP> d-------- C:\Windows\PixArt
2008-05-31 23:40 . 2008-05-31 23:59 <REP> d-------- C:\Users\All Users\FLEXnet
2008-05-31 23:40 . 2008-05-31 23:59 <REP> d-------- C:\ProgramData\FLEXnet
2008-05-31 23:30 . 2008-05-31 23:30 <REP> d-------- C:\Program Files\Bonjour
2008-05-31 23:21 . 2008-05-31 23:21 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-31 23:18 . 2008-01-19 08:43 3,600,440 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-05-31 23:18 . 2008-01-19 08:43 3,548,728 --a------ C:\Windows\System32\ntoskrnl.exe
2008-05-31 23:18 . 2008-01-19 08:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
2008-05-31 23:18 . 2008-01-19 08:36 1,541,120 --a------ C:\Windows\System32\onex.dll
2008-05-31 23:18 . 2008-01-19 08:42 51,768 --a------ C:\Windows\System32\PSHED.DLL
2008-05-31 23:16 . 2008-01-19 08:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-05-31 23:15 . 2008-01-19 08:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-05-31 23:14 . 2008-01-19 07:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-05-31 23:13 . 2008-01-19 08:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-05-31 23:13 . 2008-01-05 12:31 145,455 --a------ C:\Windows\System32\perfmon.msc
2008-05-31 23:13 . 2008-01-05 12:32 120,458 --a------ C:\Windows\System32\secpol.msc
2008-05-31 23:13 . 2008-01-05 12:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-05-31 23:12 . 2008-01-19 08:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-05-31 23:12 . 2008-01-19 08:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-05-31 23:12 . 2008-01-19 08:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-05-31 23:11 . 2008-01-19 08:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-05-31 23:11 . 2008-01-19 08:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-05-31 23:11 . 2008-01-19 08:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-05-31 23:11 . 2008-01-19 08:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-05-31 23:11 . 2008-01-19 08:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-05-31 23:11 . 2008-01-19 08:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-05-31 22:40 . 2008-05-31 22:40 <REP> d-------- C:\Program Files\LaBoiteACouleurs
2008-05-28 11:47 . 2008-03-08 03:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 11:47 . 2008-03-08 05:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-26 22:12 . 2008-05-26 22:14 <REP> d-------- C:\Program Files\Dofus
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 05:30 --------- d-----w C:\Users\Matt\AppData\Roaming\OpenOffice.org2
2008-06-22 11:29 --------- d-----w C:\Users\Matt\AppData\Roaming\GrabIt
2008-06-21 11:05 --------- d-----w C:\ProgramData\NVIDIA
2008-06-21 11:04 174 --sha-w C:\Program Files\desktop.ini
2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Mail
2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Journal
2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Defender
2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-21 10:56 --------- d-----w C:\Program Files\Windows Calendar
2008-06-21 10:29 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-21 10:29 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-21 08:56 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-06-21 08:56 315,392 ----a-w C:\Windows\HideWin.exe
2008-06-21 08:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-14 09:05 --------- d-----w C:\ProgramData\TrackMania
2008-06-11 20:45 --------- d-----w C:\Users\Matt\AppData\Roaming\FileZilla
2008-06-11 05:19 --------- d-----w C:\Program Files\Common Files\Steam
2008-06-10 20:26 --------- d-----w C:\Program Files\OpenAL
2008-06-10 16:44 --------- d-----w C:\Users\Matt\AppData\Roaming\Azureus
2008-05-31 22:30 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-30 19:47 --------- d-----w C:\Users\Matt\AppData\Roaming\teamspeak2
2008-05-27 16:32 --------- d-----w C:\Users\Matt\AppData\Roaming\skypePM
2008-05-27 16:32 --------- d-----w C:\Users\Matt\AppData\Roaming\Skype
2008-05-21 19:41 --------- d-----w C:\Program Files\Savage 2 - A Tortured Soul
2008-05-20 08:59 28 ------r C:\Windows\system32\drivers\VERSION.DAT
2008-05-19 20:21 --------- d-----w C:\Program Files\AGEIA Technologies
2008-05-19 20:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-19 19:58 --------- d-----w C:\Program Files\d3
2008-05-18 20:17 --------- d-----w C:\Users\Matt\AppData\Roaming\mIRC
2008-05-16 16:42 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-15 17:53 --------- d-----w C:\ProgramData\Pinnacle VideoSpin
2008-05-15 17:51 --------- d-----w C:\ProgramData\VideoSpin
2008-05-15 17:51 --------- d-----w C:\Program Files\Pinnacle
2008-05-15 17:51 --------- d-----w C:\Program Files\Common Files\Yahoo!
2008-05-15 17:48 --------- d-----w C:\ProgramData\Pinnacle
2008-05-15 17:41 --------- d-----w C:\Program Files\Movie Maker 2.6
2008-05-15 16:47 --------- d-----w C:\Program Files\DVDVideoSoft
2008-05-15 16:47 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-05-14 16:04 --------- d-----w C:\Program Files\pspvideo9
2008-05-14 16:04 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-14 06:08 --------- d-----w C:\ProgramData\Codemasters
2008-05-13 20:34 444,952 ----a-w C:\Windows\System32\wrap_oal.dll
2008-05-13 20:34 109,080 ----a-w C:\Windows\System32\OpenAL32.dll
2008-05-13 20:25 --------- d-----w C:\Program Files\Codemasters
2008-05-07 18:22 2,134,424 ----a-w C:\Windows\system32\drivers\RTKVHDA.sys
2008-05-07 15:19 694,784 ----a-w C:\Windows\System32\RtkPgExt.dll
2008-05-07 15:19 6,139,904 ----a-w C:\Windows\RtHDVCpl.exe
2008-05-07 15:17 2,172,928 ----a-w C:\Windows\System32\RtkAPO.dll
2008-05-06 14:29 31,232 ----a-w C:\Windows\System32\RtkCoInst.dll
2008-05-01 10:52 --------- d-----w C:\Program Files\Azureus
2008-04-30 23:19 --------- d-----w C:\Program Files\adslTV
2008-04-30 22:53 --------- d-----w C:\Users\Matt\AppData\Roaming\vlc
2008-04-30 11:18 159,744 ----a-w C:\Windows\System32\MaxxAudioAPO20.dll
2008-04-29 13:55 1,933,312 ----a-w C:\Windows\System32\MaxxAudioEQ.dll
2008-04-29 13:55 1,777,664 ----a-w C:\Windows\System32\WavesLib.dll
2008-04-28 11:29 805,400 ----a-r C:\Windows\System32\tmpC749.tmp
2008-04-28 11:29 805,400 ----a-r C:\Windows\System32\tmpC69C.tmp
2008-04-21 15:21 143,360 ----a-w C:\Windows\System32\FMAPO.dll
2008-04-10 14:06 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-04-10 14:06 22,328 ----a-w C:\Users\Matt\AppData\Roaming\PnkBstrK.sys
2008-04-10 14:06 2,337,865 ----a-w C:\Windows\System32\pbsvc.exe
2008-04-10 14:06 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-04-09 21:24 988,216 ----a-w C:\Windows\System32\winload.exe
2008-04-09 21:24 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-04-09 21:24 615,992 ----a-w C:\Windows\System32\ci.dll
2008-04-09 21:24 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-04-09 21:24 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-04-09 21:24 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-04-09 21:24 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-04-09 21:24 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-04-09 21:24 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-04-09 21:24 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-04-09 21:23 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-04-09 21:23 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-04-02 08:27 1,196,032 ----a-w C:\Windows\RtlUpd.exe
2008-03-30 10:08 1,871 ----a-w C:\Windows\Web\def.htm.vir
2008-03-29 20:10 32 ----a-w C:\Users\All Users\ezsid.dat
2008-03-29 20:10 32 ----a-w C:\ProgramData\ezsid.dat
2008-03-28 09:59 285,216 ----a-w C:\Windows\System32\RtkApoApi.dll
.
((((((((((((((((((((((((((((( snapshot_2008-06-22_10.23.42,39 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-22 08:50:52 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-23 05:28:53 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-06-22 08:50:53 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-23 05:28:54 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-06-22 08:50:53 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-06-23 05:28:54 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-06-22 08:52:57 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-23 06:15:04 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-23 06:15:04 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-22 08:52:52 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-23 05:29:57 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-23 05:29:57 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-22 09:20:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-23 17:33:18 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-22 09:20:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-23 17:33:18 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-22 09:20:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-23 17:33:18 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-22 08:58:45 104,742 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-06-23 06:16:04 104,742 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-22 08:58:45 127,318 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-06-23 06:16:04 127,318 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-06-22 08:58:45 595,308 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-06-23 06:16:04 595,308 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-22 08:58:45 676,850 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-06-23 06:16:04 676,850 ----a-w C:\Windows\System32\perfh00C.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 08:36 2153472 C:\Windows\System32\oobefldr.dll]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 14:58 495616]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-21 09:30 486856]
"Steam"="C:\Program Files\Valve\Steam\Steam.exe" [2008-03-30 15:59 1271032]
"Octoshape Streaming Services"="C:\Users\Matt\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2006-02-13 17:33 214648]
"Sys7F03.exe"="C:\Sys7F03.exe" [2008-06-16 17:18 31744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 00:19 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 19:05 734264]
"e-TF1"="C:\Program Files\TF1Vision\TF1vision.exe" [2008-03-05 13:47 397312]
"PSPVideo9"="C:\Program Files\pspvideo9\pspVideo9.exe" [2005-10-30 01:56 606208]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe" [2006-11-03 11:01 319488]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 16:19 6139904 C:\Windows\RtHDVCpl.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920]
"Sys7F03.exe"="C:\Sys7F03.exe" [2008-06-16 17:18 31744]
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.mjpg"= pvmjpg30.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7B586D61-E263-42C4-982F-CBD8D80339A8}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E6179681-68CD-4DDC-A696-EC301B01879E}"= UDP:C:\Program Files\Jeux\Sega\Universe At War Earth Assault\UAWEA.exe:Universe at War Earth Assault
"{F7F7C64D-C0DF-4154-9F7C-3A8D781A886F}"= TCP:C:\Program Files\Jeux\Sega\Universe At War Earth Assault\UAWEA.exe:Universe at War Earth Assault
"{D0186287-43F2-4CDE-A6BB-AE347599BD9C}"= UDP:C:\Program Files\Jeux\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
"{8465163C-6400-46E9-9542-1C4C02EEBD82}"= TCP:C:\Program Files\Jeux\THQ\Juiced2_HIN\Juiced2_HIN.exe:Juiced2_HIN
"TCP Query User{1A14D1F0-6472-4810-8C93-FC31E93F1BEE}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{126DFC70-6620-40BA-82E4-7EADB12CE6C7}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{D6438CDC-75B5-4764-B540-148BBEE7C7DD}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{92E9D729-E4FF-49C0-8F35-C3C8331369DF}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{E0B60AB5-5191-4018-895C-2BCB1C11429E}"= UDP:C:\Program Files\PKR\pkr.exe
lay PKR"{C45136A1-7CCD-4929-8D57-BE5754E1BBCF}"= TCP:C:\Program Files\PKR\pkr.exe
lay PKR"TCP Query User{DD295F2B-A6AF-41DB-BB70-5A4C0C552DE3}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"UDP Query User{A93AAF3B-0CD5-4850-AD14-450269541C2C}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
"TCP Query User{6F3730BD-A8F7-43F6-9A0C-31C0B7A621A1}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\counter-strike\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\mattkiller7\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{4C9CFD61-3F96-412E-B7F6-A821880F272F}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\counter-strike\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\mattkiller7\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{07236ED9-4F52-4A59-A5D6-07D4B0D7C850}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{ECD1D14C-6C78-4F59-8484-B903CBA79FE3}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{DB75EC1C-A68B-4FAA-98A0-0AF9A76A55E7}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{11F88FD4-D66B-4693-B25D-17A151AD379E}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{590B3ED6-AA5C-4CF2-A07C-AC5FC7E80ADF}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\condition zero\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\mattkiller7\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{44A7D384-925A-43B6-B28A-DBBAD3D27445}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\condition zero\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\mattkiller7\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{EA63027B-7CD6-465E-ABA9-0F6163A8D146}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{61E7B1D9-1101-44F2-BF97-849C50D707DF}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{85D75DF0-3664-41A5-A8CD-579690D0FDC9}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\mattkiller7\counter-strike source\hl2.exe:hl2
"UDP Query User{FA933BCB-44B3-44DB-82FD-B8845E7C0F49}C:\\program files\\valve\\steam\\steamapps\\mattkiller7\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\mattkiller7\counter-strike source\hl2.exe:hl2
"TCP Query User{9F55431F-F391-4C3A-ADD3-A2EAA8258A00}C:\\program files\\valve\\steam\\steamapps\\daude13\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\daude13\counter-strike source\hl2.exe:hl2
"UDP Query User{C24DACD8-7BC2-4787-AC8A-1F286295F2F1}C:\\program files\\valve\\steam\\steamapps\\daude13\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\daude13\counter-strike source\hl2.exe:hl2
"{92AFF84E-D42A-4B22-818A-81C1519BB1AC}"= UDP:C:\Windows\System32\PnkBstrA.exe
nkBstrA"{3698746D-2FBE-4FBF-BB89-F5EC1F4806B1}"= TCP:C:\Windows\System32\PnkBstrA.exe
nkBstrA"{860CDA12-86A1-46B6-A25B-752CDC75BD81}"= UDP:C:\Windows\System32\PnkBstrB.exe
nkBstrB"{D8172CA5-18C7-486E-B711-4C31A89735B2}"= TCP:C:\Windows\System32\PnkBstrB.exe
nkBstrB"{9AFF18EF-9BC5-4F7B-8A3B-F83A6AF95F2E}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{972C8765-AB99-4E57-8F2A-57A9C536442B}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{505EAA90-EA35-47C2-BA9A-8D51FFEC711B}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{5240C1B1-1E1C-4B1D-819C-4285B7024F56}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"TCP Query User{CAE6277B-2FD2-45CA-81B9-FF62D1BDDC0D}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{272C9F65-752D-451B-B761-C5A10D98209C}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{F007F1E6-1495-4E10-8D5F-890D0BDC6DD1}C:\\users\\matt\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= UDP:C:\users\matt\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe
ctoshapeclient.exe"UDP Query User{B4EA1A8E-1C8E-45C7-AD50-9579C1C15267}C:\\users\\matt\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= TCP:C:\users\matt\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe
ctoshapeclient.exe"TCP Query User{4FD436DA-34BA-4B3E-A2F7-8B46D3588F3E}C:\\program files\\adsltv\\adsltv.exe"= UDP:C:\program files\adsltv\adsltv.exe:adsltv
"UDP Query User{A63B0633-2F64-4853-9AD1-6D05BFEE3AC9}C:\\program files\\adsltv\\adsltv.exe"= TCP:C:\program files\adsltv\adsltv.exe:adsltv
"TCP Query User{E13A7EA1-D87B-4098-B793-182B3E80D850}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{3EF1FC25-01DE-4A9A-83C4-513836EED15B}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{DBB81B0C-5D2D-4EFA-B139-5FA53E52B3B2}"= UDP:C:\Program Files\Codemasters\GRID Demo\GRID.exe:GRID Demo
"{C778ACC5-C1EA-4EF6-8083-D7C346B466F4}"= TCP:C:\Program Files\Codemasters\GRID Demo\GRID.exe:GRID Demo
"TCP Query User{82273AB4-6C31-45A4-BB50-7F0630D5809B}C:\\users\\matt\\appdata\\locallow\\garagegames\\iaplayer\\products\\5000\\install\\screwjumperpc.exe"= UDP:C:\users\matt\appdata\locallow\garagegames\iaplayer\products\5000\install\screwjumperpc.exe:screwjumperpc.exe
"UDP Query User{233472B0-A002-4EFF-8BAE-0168C9638A91}C:\\users\\matt\\appdata\\locallow\\garagegames\\iaplayer\\products\\5000\\install\\screwjumperpc.exe"= TCP:C:\users\matt\appdata\locallow\garagegames\iaplayer\products\5000\install\screwjumperpc.exe:screwjumperpc.exe
"{E0A7B9FF-2807-45B7-A22D-928C6F1E91BF}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{3688F6EB-D355-4EB6-8D87-FD00126ABF9C}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{01697CD4-48F6-4360-969B-204EE5E55B8E}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe
MSRegisterFile"{0A16CA36-9254-47F2-A5A8-8864166AFD85}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe
MSRegisterFile"{B1597868-F18C-49BD-AD67-7438AC69EEB3}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{48993F2A-33A9-47B2-B01A-895E3E8D98AA}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{3DF5794C-604F-49B9-A908-DFF869418BC8}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe
innacle VideoSpin"{B2653C09-E448-4B95-A1FF-5DD340F3E959}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe
innacle VideoSpin"TCP Query User{F3ED59D0-EE9A-43D9-9CFC-A5BFB07BD092}C:\\program files\\savage 2 - a tortured soul\\savage2.exe"= UDP:C:\program files\savage 2 - a tortured soul\savage2.exe:savage2
"UDP Query User{A0070EB7-A348-4086-9F62-EA00F59ED9D1}C:\\program files\\savage 2 - a tortured soul\\savage2.exe"= TCP:C:\program files\savage 2 - a tortured soul\savage2.exe:savage2
"TCP Query User{9732088F-9118-4BBC-BFE0-C36D8714224D}C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= UDP:C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
"UDP Query User{101EE57F-4AC4-42A1-B066-A8EF2BE8AAF8}C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"= TCP:C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:Apache HTTP Server
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 00:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 00:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 00:18]
S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 11:34]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-10 19:13]
S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe wampmysqld []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{276be7d8-fb30-11dc-bc69-001617e6b829}]
\shell\AutoRun\command - I:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43e73afe-f92d-11dc-b5af-806e6f6e6963}]
\shell\AutoRun\command - E:\Lance.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4542a2ce-318d-11dd-b35a-001617e6b829}]
\shell\AutoRun\command - K:\LaunchU3.exe -a
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 18:56:26
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-23 18:57:29
ComboFix-quarantined-files.txt 2008-06-23 17:57:25
ComboFix2.txt 2008-06-22 09:24:04
ComboFix3.txt 2008-06-21 11:58:50
Pre-Run: 80,369,319,936 octets libres
Post-Run: 80,225,427,456 octets libres
363 --- E O F --- 2008-06-21 10:32:10
bonsoir
1
Copie (Ctrl+C) le texte ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt
Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
![]()
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
2
Passe MalwareByte's Anti-Malware comme je te l'ai demandé dans mon post précédent.
1
Copie (Ctrl+C) le texte ci-dessous :
File::
C:\Sys7F03.exe
C:\Sys8869.exe
C:\Sys8AEA.exe
Folder::
C:\327882R2FWJFW
C:\Sys7F03.exe
C:\Sys8869.exe
C:\Sys8AEA.exe
Folder::
C:\327882R2FWJFW
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt
Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
Ne touche à rien tant que le scan n'est pas terminé.
2
Passe MalwareByte's Anti-Malware comme je te l'ai demandé dans mon post précédent.
Spmsk8
24 Juin 2008 12:24:25
Malwarebytes' Anti-Malware 1.18
Version de la base de données: 883
11:27:35 24/06/2008
mbam-log-6-24-2008 (11-27-35).txt
Type de recherche: Examen complet (A:\|C:\|D:\|E:\|G:\|H:\|I:\|J:\|)
Eléments examinés: 360354
Temps écoulé: 1 hour(s), 14 minute(s), 0 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 21
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{09797a7f-36ba-468b-bc71-b65e061783de} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5e5c9077-0e64-4a3c-bd42-f9d8fc2b6dd7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{5b886f01-527a-4f05-90e2-14eacd2f8870} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Sys7C44.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Sys7C44.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Sys802C.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Sys802C.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Sys84D0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Sys84D0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Sys7C44.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Sys802C.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Sys84D0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Sys7F03.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Sys8869.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Sys8AEA.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Sys9162.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Sys9376.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\SysBCD7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\SysBEDB.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Sys1789.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Sys17D7.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Sys1844.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Sys8116.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Sys880C.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\1.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\2.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\4.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\VAV\vav.exe.vir (Rogue.VistaAntivirus) -> Quarantined and deleted successfully.
C:\Users\Matt\Downloads\Firefox\Patch_Redlynx.Trials.2.Second.Edition.v1.07.exe.part (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\Documents and Settings\Matthieu.L\BureauRoyalhack\RoyalHack v1.0d\Public-1d.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
Version de la base de données: 883
11:27:35 24/06/2008
mbam-log-6-24-2008 (11-27-35).txt
Type de recherche: Examen complet (A:\|C:\|D:\|E:\|G:\|H:\|I:\|J:\|)
Eléments examinés: 360354
Temps écoulé: 1 hour(s), 14 minute(s), 0 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 21
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{09797a7f-36ba-468b-bc71-b65e061783de} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5e5c9077-0e64-4a3c-bd42-f9d8fc2b6dd7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{5b886f01-527a-4f05-90e2-14eacd2f8870} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Sys7C44.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Sys7C44.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Sys802C.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Sys802C.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Sys84D0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Sys84D0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Sys7C44.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Sys802C.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Sys84D0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Sys7F03.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Sys8869.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Sys8AEA.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Sys9162.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Sys9376.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\SysBCD7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\SysBEDB.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Sys1789.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Sys17D7.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Sys1844.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Sys8116.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Sys880C.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\1.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\2.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\4.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\VAV\vav.exe.vir (Rogue.VistaAntivirus) -> Quarantined and deleted successfully.
C:\Users\Matt\Downloads\Firefox\Patch_Redlynx.Trials.2.Second.Edition.v1.07.exe.part (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\Documents and Settings\Matthieu.L\BureauRoyalhack\RoyalHack v1.0d\Public-1d.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
Spmsk8
29 Juin 2008 01:41:37
Spmsk8
1 Juillet 2008 12:55:06
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54, on 2008-07-01
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jeuxvideo.com/etajvbis.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: gxvpsafm - {8205021C-E7BC-4D51-AB19-A4C500F01720} - C:\Windows\gxvpsafm.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{62F2D224-FF6A-436F-8617-2EDC58693E7F}: NameServer = 212.27.32.176,212.27.32.177
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
--
End of file - 6353 bytes
Scan saved at 11:54, on 2008-07-01
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jeuxvideo.com/etajvbis.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: gxvpsafm - {8205021C-E7BC-4D51-AB19-A4C500F01720} - C:\Windows\gxvpsafm.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{62F2D224-FF6A-436F-8617-2EDC58693E7F}: NameServer = 212.27.32.176,212.27.32.177
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
--
End of file - 6353 bytes
bonjour
tu as réussi à te prendre une nouvelle infection. je suppose que tu sais comment tu l'as attrapé celle là...
~Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
~Lance Hijackthis comme suit:
clic-droit sur Hijackthis.exe et choisir "Exécuter en tant qu'administrateur" puis:
Do a system scan only.
Coche les lignes qui suivent si encore présentes et uniquement celles-là.
O3 - Toolbar: gxvpsafm - {8205021C-E7BC-4D51-AB19-A4C500F01720} - C:\Windows\gxvpsafm.dll
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
Clique sur Fix checked (en bas à gauche)
Sélectionne TOUS les emplacements en gras ci-dessous :
C:\Windows\gxvpsafm.dll
C:\Program Files\Antivirus 2008 PRO
---> Clique-droit puis Copier (ou Ctrl+C)
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur MoveIt![/#f]
[#ff0e00]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
tu as réussi à te prendre une nouvelle infection. je suppose que tu sais comment tu l'as attrapé celle là...
~Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
~Lance Hijackthis comme suit:
clic-droit sur Hijackthis.exe et choisir "Exécuter en tant qu'administrateur" puis:
Do a system scan only.
Coche les lignes qui suivent si encore présentes et uniquement celles-là.
O3 - Toolbar: gxvpsafm - {8205021C-E7BC-4D51-AB19-A4C500F01720} - C:\Windows\gxvpsafm.dll
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
Clique sur Fix checked (en bas à gauche)
Sélectionne TOUS les emplacements en gras ci-dessous :
C:\Windows\gxvpsafm.dll
C:\Program Files\Antivirus 2008 PRO
---> Clique-droit puis Copier (ou Ctrl+C)
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur MoveIt![/#f]
[#ff0e00]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
Spmsk8
2 Juillet 2008 19:05:27
C:\Windows\gxvpsafm.dll unregistered successfully.
C:\Windows\gxvpsafm.dll moved successfully.
C:\Program Files\Antivirus 2008 PRO\Suspicious moved successfully.
C:\Program Files\Antivirus 2008 PRO\Infected moved successfully.
C:\Program Files\Antivirus 2008 PRO moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07022008_180126
Merci énormément de ton aide.
C:\Windows\gxvpsafm.dll moved successfully.
C:\Program Files\Antivirus 2008 PRO\Suspicious moved successfully.
C:\Program Files\Antivirus 2008 PRO\Infected moved successfully.
C:\Program Files\Antivirus 2008 PRO moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07022008_180126
Merci énormément de ton aide.
re
supprime:
C:\QooBox
C:\_OTMoveIt
Voilà ce que je te propose, tu vas remplacer Avast! par Antivir, qui est gratuit aussi mais beaucoup plus efficace, tu vas faire un scan avec et poster le rapport.![:)]( ":)")
Désinstalle correctement Avast!
Pour le remplacer par Antivir.
-->Tuto<--
Pourquoi changer ? : Avast! vs Antivir
mais aussi:
14 antivirus au banc d'essai
supprime:
C:\QooBox
C:\_OTMoveIt
Voilà ce que je te propose, tu vas remplacer Avast! par Antivir, qui est gratuit aussi mais beaucoup plus efficace, tu vas faire un scan avec et poster le rapport.
Désinstalle correctement Avast!
Pour le remplacer par Antivir.
-->Tuto<--
Pourquoi changer ? : Avast! vs Antivir
mais aussi:
14 antivirus au banc d'essai
Citation :
Antivir : le plus efficace des gratuitsContenus similaires
- anti spyware secure intempestif Forum
- Spyware secure pub intempestif Forum
- Secure spyware, pubs intempestives Forum
- spyware secure et fenètres de pub intempestives[Résolu] Forum
- Ouvertures intempestives de fenêtres publicitaires (Spyware-Secure) Forum
- pub intempestive (spyware secure et autres) et trojan Forum
- Voir plus
