Se connecter / S'enregistrer
Votre question

probleme virus (smitfraud-C.Toolbar 888)

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
12 Février 2007 19:20:19

Bonjours,
Depuis hier soir, Kerio firewall m'indique sans cesse des tentative d'intrusion vers winlogon.exe. J'ai alors lancé des analyses Avast, SpyBot, Ad-Aware, AVG Anti-Spyware en mode normal puis en mode sans echec qui m'ont déjà supprimés de nombreux virus. Mais j'arrive pas à supprimer "Smitfraud-C.Toolbar 888" et les alertes d'intrusions continuent à s'afficher.

Autres pages sur : probleme virus smitfraud toolbar 888

12 Février 2007 19:28:36

quelqu'un peut répondre svp c'est assez urgent
merci d'avance
a b 8 Sécurité
12 Février 2007 19:58:23

Bonjour,

- Télécharge Hijackthis (de Merjin).
- Dézippe le dans un dossier ou sur ton bureau.

- Lance l'application.
- Choisis l'option "Do a system scan and save a logfile"
-- Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier
- Colle le rapport ici.

AIDE : Tuto sur Hijackthis (Malekal)
Contenus similaires
12 Février 2007 20:21:08

Logfile of HijackThis v1.99.1
Scan saved at 20:19:55, on 12/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\AlertModule\AlertModule.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/wdgt3/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SearchPageURL.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {324E352E-D2FD-D1D4-6386-093CD5E162C4} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {79A1F979-253C-43E0-A0CA-295A569443DC} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {EFBFE8F4-9C2C-454B-AD24-F58D19405561} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sunbelt Kerio Firewall Service] C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.8.0.0812.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.8.0.0812.00.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrkq32 - C:\WINDOWS\SYSTEM32\winrkq32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

a b 8 Sécurité
12 Février 2007 20:22:08

Re,

Télécharge ce fichier Combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs !

Clique sur le menu Démarrer puis executer et copie/colle ceci :
"%userprofile%\Bureau\combofix.exe" /v winrkq32
puis clic sur OK.

Suis les invites.

Ne touche a rien et attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
12 Février 2007 20:48:41

"HP_Propri‚taire" - 07-02-12 20:34:05 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\HP_Propri‚taire\Bureau"
Command switches used :: /v winrkq32

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\winrkq32.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\DOCUME~1\HP_PRO~1
C:\qoobox\purity\DOCUME~1\HP_PRO~1\Application Data
C:\qoobox\purity\DOCUME~1\HP_PRO~1\Mes documents
C:\qoobox\purity\DOCUME~1\HP_PRO~1\Application Data\from.txt
C:\qoobox\purity\DOCUME~1\HP_PRO~1\Mes documents\from.txt


((((((((((((((((((((((((((((((( Files Created from 2007-01-12 to 2007-02-12 ))))))))))))))))))))))))))))))))))


2007-02-12 18:38 <REP> d-------- C:\DOCUME~1\LOCALS~1\Application Data\Spyware Terminator
2007-02-11 21:53 <REP> d-------- C:\Program Files\ToniArts
2007-02-11 19:29 <REP> d-------- C:\Program Files\CCleaner
2007-02-11 19:25 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-11 19:25 <REP> d-------- C:\Program Files\Grisoft
2007-02-11 19:13 <REP> d-------- C:\WINDOWS\ERDNT
2007-02-11 18:42 <REP> d-------- C:\VundoFix Backups
2007-02-11 18:10 33,792 --a------ C:\WINDOWS\system32\rundll32.exe
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\Webroot
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\W?nSxS
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\T?sks
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\s?stem32
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\s?stem
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\s?mbols
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\S?mantec
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\s?curity
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\M?crosoft.NET
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\M?crosoft
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\F?nts
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\F?nts
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\a?sembly
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\A?pPatch
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\?ystem32
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\?ystem
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\?ymbols
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\?ymantec
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\?ssembly
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\?racle
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\?racle
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\?ppPatch
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\?ppPatch
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\?icrosoft.NET
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\?icrosoft.NET
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\?icrosoft
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\?icrosoft
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\?ecurity
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\?dobe
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\?dobe
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\?asks
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\?asks
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\??stem32
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\??stem
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\??sks
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\??sks
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\??sembly
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\??pPatch
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\??pPatch
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\??mbols
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\??mantec
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\??curity
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\??crosoft.NET
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\??crosoft.NET
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\??crosoft
2007-02-11 16:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\??crosoft
2007-02-11 16:04 164 --a------ C:\install.dat
2007-02-11 15:25 <REP> d-------- C:\Program Files\Spyware Terminator
2007-02-10 12:46 <REP> d-------- C:\Program Files\MKVtoolnix
2007-02-10 12:44 <REP> d-------- C:\Program Files\Ripp-it_AM
2007-02-07 18:54 <REP> d-------- C:\Program Files\EA GAMES
2007-02-07 17:36 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\ATI
2007-02-07 16:36 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-02-07 16:34 <REP> d-------- C:\ATI
2007-02-06 19:36 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-02-01 05:56 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-02-01 05:56 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-02-01 05:56 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-02-01 05:56 639,066 --a------ C:\WINDOWS\system32\DivX.dll
2007-01-31 22:27 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-01-31 16:50 <REP> d-------- C:\Program Files\TrackMania Nations ESWC
2007-01-31 16:05 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2007-01-31 16:05 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2007-01-31 13:53 <REP> d-------- C:\PSP
2007-01-31 13:53 <REP> d-------- C:\ISO
2007-01-31 13:52 <REP> d-------- C:\MP_ROOT
2007-01-31 13:51 <REP> d-------- C:\Program Files\Personal Media Manager
2007-01-31 00:15 118,784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-01-30 05:56 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-01-30 05:56 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-01-30 05:56 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-01-30 05:56 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-01-24 16:33 2,321,152 --a------ C:\WINDOWS\system32\TUKernel.exe
2007-01-24 15:53 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-01-24 15:51 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-01-20 11:50 <REP> d-------- C:\Program Files\Pocket Tanks Deluxe
2007-01-20 10:54 <REP> d-------- C:\Program Files\Fichiers communs\DirectX
2007-01-20 10:29 <REP> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
2007-01-20 10:27 <REP> d-------- C:\Program Files\DAEMON Tools
2007-01-19 23:09 <REP> d-------- C:\Program Files\Pocket Tanks
2007-01-19 23:00 307,200 --a------ C:\WINDOWS\system32\PolarZIPLight.dll
2007-01-19 22:59 <REP> d-------- C:\Program Files\Micro Application
2007-01-17 15:19 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Sony
2007-01-17 15:08 <REP> d-------- C:\Program Files\Sony
2007-01-17 14:45 <REP> d-------- C:\Program Files\Microsoft SQL Server
2007-01-17 14:28 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\Sony
2007-01-17 13:43 <REP> d-------- C:\Program Files\Sony Setup
2007-01-17 11:03 <REP> d-------- C:\Program Files\PSPWare
2007-01-17 11:03 <REP> d-------- C:\DOCUME~1\HP_PRO~1\Application Data\Nullriver
2007-01-17 10:57 <REP> d-------- C:\Program Files\Fichiers communs\Mediafour
2007-01-17 10:57 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Mediafour
2007-01-16 21:43 <REP> d-------- C:\Program Files\Datel
2007-01-16 21:02 <REP> d-------- C:\Program Files\Any Video Converter
2007-01-14 20:50 <REP> d-------- C:\Program Files\Mediafour


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-12 19:42 -------- d-------- C:\Program Files\wanadoo
2007-02-12 19:04 -------- d-------- C:\Program Files\mozilla firefox
2007-02-11 21:53 -------- d--h----- C:\Program Files\installshield installation information
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\webroot
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\w?nsxs
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\t?sks
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\t?sks
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\s?stem32
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\s?stem
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\s?mbols
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\s?mantec
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\s?curity
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\m?crosoft.net
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\f?nts
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\f?nts
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\a?sembly
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\a?ppatch
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\a?ppatch
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\?ystem32
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\?ystem
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\?ymbols
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\?ymantec
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\?ssembly
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\?racle
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\?racle
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\?pppatch
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\?icrosoft.net
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\?ecurity
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\?asks
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\??stem32
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\??stem
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\??sks
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\??sembly
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\??ppatch
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\??mbols
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\??mantec
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\??curity
2007-02-11 16:49 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\??crosoft.net
2007-02-10 11:48 -------- d-------- C:\Program Files\mediacoder
2007-02-10 10:42 -------- d-------- C:\Program Files\zeb-utility
2007-02-09 21:03 -------- d-------- C:\Program Files\emule
2007-02-09 16:41 -------- d-------- C:\Program Files\Fichiers communs\avsmedia
2007-02-09 16:40 -------- d-------- C:\Program Files\avsmedia
2007-02-08 08:29 -------- d-------- C:\Program Files\quicktime
2007-02-08 08:28 -------- d-------- C:\Program Files\apple software update
2007-02-07 17:36 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\ati
2007-02-07 16:38 -------- d-------- C:\Program Files\ati technologies
2007-02-06 19:36 -------- d-------- C:\Program Files\divx
2007-01-31 16:06 73286 --a------ C:\WINDOWS\system32\perfc00c.dat
2007-01-31 16:06 467570 --a------ C:\WINDOWS\system32\perfh00c.dat
2007-01-31 13:10 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\adobe
2007-01-31 13:10 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\adobe
2007-01-31 13:10 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\?dobe
2007-01-30 06:03 36624 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-01-30 06:03 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-01-30 06:03 2560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-01-30 06:03 2432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-01-30 06:03 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-01-30 06:03 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-01-30 06:03 116472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-01-30 06:03 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-01-30 05:56 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-01-30 05:56 593920 --a------ C:\WINDOWS\system32\dpugui11.dll
2007-01-30 05:56 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-01-30 05:56 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-01-24 15:54 -------- d-------- C:\Program Files\tuneup utilities 2007
2007-01-20 17:09 -------- d-------- C:\Program Files\microsoft games
2007-01-20 10:22 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-01-17 15:19 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\sony
2007-01-17 11:03 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\nullriver
2007-01-15 18:32 689280 --a------ C:\WINDOWS\system32\aswboot.exe
2007-01-15 18:26 23352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-01-15 18:25 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-01-15 18:23 90112 --a------ C:\WINDOWS\system32\avastss.scr
2007-01-08 19:44 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\tuneup software
2006-12-21 00:56 94424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2006-12-21 00:56 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-12-21 00:51 31560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-12-20 15:19 -------- d-------- C:\Program Files\intervideo information service
2006-12-20 15:19 -------- d-------- C:\Program Files\Fichiers communs\ulead
2006-12-20 15:18 -------- d-------- C:\Program Files\intervideo
2006-12-20 15:18 -------- d-------- C:\Program Files\Fichiers communs\intervideo
2006-12-19 19:21 -------- d-------- C:\Program Files\windows media connect 2
2006-12-18 16:20 -------- d-------- C:\Program Files\yahoo!
2006-12-18 16:16 -------- d-------- C:\Program Files\mta san andreas
2006-12-17 03:50 263168 --a------ C:\WINDOWS\system32\ati2dvag.dll
2006-12-17 03:50 1918464 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-12-17 03:44 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll
2006-12-17 03:44 26112 --a------ C:\WINDOWS\system32\ati2mdxx.exe
2006-12-17 03:44 118784 --a------ C:\WINDOWS\system32\atipdlxx.dll
2006-12-17 03:44 110592 --a------ C:\WINDOWS\system32\ati2evxx.dll
2006-12-17 03:44 102400 --a------ C:\WINDOWS\system32\oemdspif.dll
2006-12-17 03:42 53248 --a------ C:\WINDOWS\system32\atiddc.dll
2006-12-17 03:42 434176 --a------ C:\WINDOWS\system32\ati2evxx.exe
2006-12-17 03:41 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2006-12-17 03:35 2676672 --a------ C:\WINDOWS\system32\ati3duag.dll
2006-12-17 03:30 3107788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2006-12-17 03:30 1289472 --a------ C:\WINDOWS\system32\ativvaxx.dll
2006-12-17 03:23 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll
2006-12-17 03:21 5304320 --a------ C:\WINDOWS\system32\atioglxx.dll
2006-12-17 03:17 241664 --a------ C:\WINDOWS\system32\atikvmag.dll
2006-12-17 03:16 303104 --a------ C:\WINDOWS\system32\atidemgr.dll
2006-12-17 03:16 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2006-12-17 03:10 315392 --a------ C:\WINDOWS\system32\ati2cqag.dll
2006-12-12 19:14 -------- d-------- C:\Documents and Settings\HP_Propri‚taire\Application Data\identities
2006-12-12 17:24 12288 --a------ C:\WINDOWS\system32\divxwmpexttype.dll
2006-11-28 20:55 142347 --a------ C:\WINDOWS\system32\atiicdxx.dat
2006-11-18 12:44 60416 --------- C:\WINDOWS\system32\tzchange.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"WOOKIT"="C:\\PROGRA~1\\Wanadoo\\Shell.exe appLaunchClientZone.shl|PARAM= cnx"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Sunbelt Kerio Firewall Service"="C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4ss.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"HPHUPD08"="c:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"WOOWATCH"="C:\\PROGRA~1\\Wanadoo\\Watch.exe"
"WOOTASKBARICON"="C:\\PROGRA~1\\Wanadoo\\GestMaj.exe TaskBarIcon.exe"
"SSBkgdUpdate"="C:\\Program Files\\Fichiers communs\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe -Embedding -boot"
"avast!"="\"C:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe\""
"NeroFilterCheck"="C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NeroCheck.exe"
"ISUSPM"="\"C:\\Program Files\\Fichiers communs\\InstallShield\\UpdateService\\ISUSPM.exe\" -scheduler"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"SpywareTerminator"="\"C:\\PROGRA~1\\Spyware Terminator\\SpywareTerminatorShield.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"AlcxMonitor"="ALCXMNTR.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Shareaza"="\"C:\\Program Files\\Shareaza\\Shareaza.exe\" -tray"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0\\bin\\jusched.exe"
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPwuSchd2.exe"
"YCentral"="c:\\progra~1\\yahoo!\\YCentral\\YahooCentral.exe"
"ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
"Tweak UI"="RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"MPTBox"="C:\\Program Files\\Canon\\MultiPASS4\\MPTBox.exe"
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"RoxioAudioCentral"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\AudioCentral\\RxMon.exe\""
"RoxioEngineUtility"="\"C:\\Program Files\\Fichiers communs\\Roxio Shared\\System\\EngUtil.exe\""
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1036"
"pcruaul.dll"="C:\\WINDOWS\\system32\\rundll32.exe \"C:\\Documents and Settings\\HP_Propriétaire\\Local Settings\\Application Data\\pcruaul.dll\",ekbaet"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{8dc1f789-e073-4363-b40d-07376bc5ecc5}"="articulation"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EFBFE8F4-9C2C-454B-AD24-F58D19405561}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"=dword:00000000
"NoConfigPage"=dword:00000000
"NoVirtMemPage"=dword:00000000
"NoDevMgrPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000
"NoRecentDocsHistory"=dword:00000000
"ClearRecentDocsOnExit"=dword:00000000
"NoSMHelp"=dword:00000000
"NoFavoritesMenu"=dword:00000000
"NoLogOff"=dword:00000000
"NoRecentDocsMenu"=dword:00000000
"NoInstrumentation"=dword:00000000
"NoRun"=dword:00000000
"NoStartBanner"=hex:00,00,00,00
"NoFileUrl"=dword:00000000
"NoSimpleStartMenu"=dword:00000000
"NoStartMenuMFUprogramsList"=dword:00000000
"NoStartMenuMorePrograms"=dword:00000000
"MemCheckBoxInRunDlg"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrkq32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
Shell\AutoRun\command G:\Setup.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H]
Shell\AutoRun\command H:\RunGame.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d5df99e-a868-11db-92b7-0013d3bb8efb}]
Shell\AutoRun\command G:\Setup.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d5df99f-a868-11db-92b7-0013d3bb8efb}]
Shell\AutoRun\command H:\RunGame.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb367ce4-c274-11da-9767-806d6172696f}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Maintenance en 1 clic.job


********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-12 20:44:36
C:\ComboFix2.txt ... 07-02-11 19:21
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS