Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bagle Trojan Virus


  • This topic is locked This topic is locked
10 replies to this topic

#1 jomenace

jomenace

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 05 January 2009 - 05:52 AM

I accidentally downloaded this malicious file pretending to be Gordion Knot, seemed like a kind of Aviation application then it abruptly shutted down my avast anti detector and my access to my firewall, please help ASAP.


DDS (Version 1.1.0) - NTFSx86
Run by Admin at 11:36:12,53 on 05/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.512.43 [GMT 1:00]

AV: avast! antivirus 4.8.1296 [VPS 090104-0] *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\eMule\emule.exe
C:\Documents and Settings\Admin\Application Data\drivers\downld\323890.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe
C:\Documents and Settings\Admin\Bureau\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.dogpile.com
uSearch Page = hxxp://www.dogpile.com
uSearch Bar = hxxp://www.google.fr/ie
mSearch Page = hxxp://www.dogpile.com
mStart Page = hxxp://www.dogpile.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.fr/
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
mSearchAssistant = hxxp://www.google.fr/ie
mWinlogon: SfcDisable=4 (0x4)
BHO: Aide pour le lien d'Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [WFIPS] "c:\documents and settings\admin\bureau\ip hider.exe" -autoboot
mRun: [Module Loader] c:\program files\creative\shared files\module loader\DLLML.exe -StartUpRun
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi surround 5.1\volume panel\VolPanlu.exe" /r
mRun: [Creative KSRun Persistence Module] RunDll32 KSRun.dll,RunDLLEntry
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRunOnce: [Config] %systemroot%\system32\run.cmd
dRunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
uPolicies-explorer: NoSMHelp = 1 (0x1)
uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
uPolicies-explorer: NoAutoUpdate = 1 (0x1)
uPolicies-system: DisableRegedit = 0 (0x0)
uPolicies-system: HideClock = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
dPolicies-explorer: NoSMBalloonTip = 1 (0x1)
dPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: NoWelcomeScreen = 1 (0x1)
dPolicies-explorer: NoAutoUpdate = 1 (0x1)
IE: &Download All with FlashGet - c:\documents and settings\admin\bureau\flashget.v1.72.multilanguage.winall.cracked-czw\crack\jc_all.htm
IE: &Download with FlashGet - c:\documents and settings\admin\bureau\flashget.v1.72.multilanguage.winall.cracked-czw\crack\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichie~1\skype\SKYPE4~1.DLL
SSODL: drvsvp - {BC867189-F5EE-40DD-9ADC-255F36F99ABA} - No File
SSODL: msduo2 - {BA9CB520-5267-4562-869D-C99100B25475} - No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\cu5vaq8h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.dogpile.com/
FF - plugin: c:\documents and settings\admin\application data\mozilla\firefox\profiles\cu5vaq8h.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\admin\application data\mozilla\firefox\profiles\cu5vaq8h.default\extensions\tcastv1@tom.com\plugins\nptcast40.dll
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll

============= SERVICES / DRIVERS ===============

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2005-12-20 26112]
R1 sK9Ou0s;sK9Ou0s;c:\documents and settings\admin\application data\drivers\srosa2.sys [2009-1-5 7168]
R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2008-12-11 768768]
R3 ksaudfl;ksaudfl;c:\windows\system32\drivers\ksaudfl.sys [2008-10-24 1830912]
S1 aswSP;avast! Self Protection; [x]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2007-2-17 163328]
S4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswfsblk.sys --> c:\windows\system32\drivers\aswFsBlk.sys [?]

=============== Created Last 30 ================

2009-01-05 10:53 <DIR> --d-h--- c:\docume~1\admin\applic~1\m
2009-01-05 10:44 <DIR> --d-h--- c:\docume~1\admin\applic~1\drivers
2009-01-05 10:05 <DIR> --d----- c:\windows\system32\URTTemp
2009-01-05 10:01 77,824 a------- c:\windows\system32\MMSwitch.dll
2009-01-05 10:01 62,464 a------- c:\windows\system32\MMSwitch.ax
2009-01-05 10:01 40,960 a------- c:\windows\system32\MMAVILNG.exe
2009-01-05 10:01 <DIR> --d----- c:\program files\Morgan
2009-01-05 10:01 180,224 a------- c:\windows\system32\ac3filter.cpl
2009-01-05 10:01 <DIR> --d----- c:\program files\AC3Filter
2009-01-05 10:01 <DIR> --d----- c:\program files\XviD
2009-01-05 10:00 90,112 a------- c:\windows\unvise32.exe
2009-01-05 09:56 <DIR> --d----- c:\program files\Matroska Pack
2009-01-02 18:14 189,440 a------- c:\windows\system32\KSXPPI32.dll
2009-01-02 18:14 7,556 a------- c:\windows\system32\MixerDefaultXP.reg
2009-01-02 18:14 3,556 a------- c:\windows\system32\DeviceDefaultsXP.reg
2009-01-02 18:12 <DIR> --d----- c:\program files\fichiers communs\Creative Labs Shared
2009-01-02 17:30 7,062 a------- c:\windows\system32\audiopid.vxd
2009-01-02 17:30 647,872 -------- c:\windows\system32\Mscomct2.ocx
2009-01-02 17:30 53,248 -------- c:\windows\Ctregrun.exe
2009-01-02 17:29 44,032 -------- c:\windows\system32\CTSVCCDA.EXE
2009-01-02 17:29 25,088 -------- c:\windows\system32\CTSVCCTL.EXE
2009-01-02 17:28 <DIR> --d----- c:\program files\fichiers communs\Creative
2009-01-02 17:28 <DIR> --d-h--- c:\program files\Creative Installation Information
2009-01-02 17:27 782,336 a----r-- c:\windows\system32\tmp5.tmp
2009-01-02 17:27 782,336 a----r-- c:\windows\system32\tmp4.tmp
2009-01-02 17:27 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-01-02 17:27 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-01-02 17:10 33,126 a------- c:\windows\system32\kschimp.ini
2009-01-02 17:10 2,630 a------- c:\windows\MixerName.reg
2009-01-02 17:10 295 a---hr-- c:\windows\ctfile.rfc
2009-01-02 17:10 25,022 a------- c:\windows\ksaudFRN.reg
2009-01-02 17:10 23,292 a------- c:\windows\ksaudENG.reg
2009-01-02 16:59 59,264 ac------ c:\windows\system32\dllcache\usbaudio.sys
2009-01-02 16:59 59,264 a------- c:\windows\system32\drivers\USBAUDIO.sys
2008-12-11 11:04 768,768 a------- c:\windows\system32\drivers\ksaud.sys

==================== Find3M ====================

2009-01-05 10:08 501,480 a------- c:\windows\system32\perfh00C.dat
2009-01-05 10:08 69,072 a------- c:\windows\system32\perfc00C.dat
2008-11-28 11:25 86,528 a------- c:\windows\system32\CtCoInst.dll
2008-11-28 11:24 184,320 a------- c:\windows\system32\CtDvInst.dll
2008-11-10 05:43 410,984 a------- c:\windows\system32\deploytk.dll
2008-10-23 14:00 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-16 21:18 826,368 a------- c:\windows\system32\wininet.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 12:24 22,200 a------- c:\docume~1\admin\applic~1\GDIPFONTCACHEV1.DAT
2008-04-23 19:02 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2008-04-23 19:02 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2008-04-23 19:02 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 11:39:52,98 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 jomenace

jomenace
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 05 January 2009 - 07:27 AM

A few more observations:

Xoft Spy won't remove it.

the full name is Downloader Bagle GI Trojan (Registry Value)

What I NEED is to recover my access through my firewall and my avast anti-virus,

Thank You!!

#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 05 January 2009 - 08:21 AM

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 jomenace

jomenace
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 06 January 2009 - 08:40 AM

Ok, here are the two logs starting with combo-fix.

I am also concerned because I have lost my official CD XP Pro SP2

I got myself an XP SP3 instead, will it cause any conflicts?

Due to that, I pressed No during the microsoft contract and appearenly I have no back ups, please enlighten me.

Would be great if I could just recover my anti virus and not have to reformat everything...

Combo-Fix Log:

ComboFix 09-01-05.05 - Admin 2009-01-06 14:08:30.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.512.333 [GMT 1:00]
Lancé depuis: c:\documents and settings\Admin\Bureau\Combo-Fix.exe
* Un nouveau point de restauration a été créé

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Admin\Application Data\drivers\downld
c:\documents and settings\Admin\Application Data\drivers\downld\121812.exe
c:\documents and settings\Admin\Application Data\drivers\downld\122359.exe
c:\documents and settings\Admin\Application Data\drivers\downld\122671.exe
c:\documents and settings\Admin\Application Data\drivers\downld\137000.exe
c:\documents and settings\Admin\Application Data\drivers\downld\219062.exe
c:\documents and settings\Admin\Application Data\drivers\downld\225234.exe
c:\documents and settings\Admin\Application Data\drivers\downld\226296.exe
c:\documents and settings\Admin\Application Data\drivers\downld\226546.exe
c:\documents and settings\Admin\Application Data\drivers\downld\234436171.exe
c:\documents and settings\Admin\Application Data\drivers\downld\234438421.exe
c:\documents and settings\Admin\Application Data\drivers\downld\234438453.exe
c:\documents and settings\Admin\Application Data\drivers\downld\234442765.exe
c:\documents and settings\Admin\Application Data\drivers\downld\234464140.exe
c:\documents and settings\Admin\Application Data\drivers\downld\234464828.exe
c:\documents and settings\Admin\Application Data\drivers\downld\234465171.exe
c:\documents and settings\Admin\Application Data\drivers\downld\255859.exe
c:\documents and settings\Admin\Application Data\drivers\downld\256406.exe
c:\documents and settings\Admin\Application Data\drivers\downld\256421.exe
c:\documents and settings\Admin\Application Data\drivers\downld\267640.exe
c:\documents and settings\Admin\Application Data\drivers\downld\268765.exe
c:\documents and settings\Admin\Application Data\drivers\downld\269234.exe
c:\documents and settings\Admin\Application Data\drivers\downld\270562.exe
c:\documents and settings\Admin\Application Data\drivers\downld\271312.exe
c:\documents and settings\Admin\Application Data\drivers\downld\271968.exe
c:\documents and settings\Admin\Application Data\drivers\downld\289843.exe
c:\documents and settings\Admin\Application Data\drivers\downld\290515.exe
c:\documents and settings\Admin\Application Data\drivers\downld\290828.exe
c:\documents and settings\Admin\Application Data\drivers\downld\297734.exe
c:\documents and settings\Admin\Application Data\drivers\downld\304031.exe
c:\documents and settings\Admin\Application Data\drivers\downld\304656.exe
c:\documents and settings\Admin\Application Data\drivers\downld\305031.exe
c:\documents and settings\Admin\Application Data\drivers\downld\334062.exe
c:\documents and settings\Admin\Application Data\drivers\downld\334500.exe
c:\documents and settings\Admin\Application Data\drivers\downld\335000.exe
c:\documents and settings\Admin\Application Data\drivers\downld\93890.exe
c:\documents and settings\Admin\Application Data\drivers\downld\95796.exe
c:\documents and settings\Admin\Application Data\drivers\downld\95843.exe
c:\documents and settings\Admin\Application Data\drivers\downld\99437.exe
c:\documents and settings\Admin\Application Data\drivers\srosa.sys
c:\documents and settings\Admin\Application Data\drivers\srosa2.sys
c:\documents and settings\Admin\Application Data\drivers\winupgro.exe
c:\documents and settings\Admin\Application Data\m
c:\documents and settings\Admin\Application Data\m\data.oct
c:\documents and settings\Admin\Application Data\m\flec006.exe
c:\documents and settings\Admin\Application Data\m\list.oct
c:\documents and settings\Admin\Application Data\m\shared\.NET Matrix Library 2.5.5000.811.zip
c:\documents and settings\Admin\Application Data\m\shared\[HGame_XP][AVG][jpn_jpn][吸血殲鬼ヴェドゴニア].zip
c:\documents and settings\Admin\Application Data\m\shared\0.zip
c:\documents and settings\Admin\Application Data\m\shared\3D Photo Browser for 3D Users 9.31.zip
c:\documents and settings\Admin\Application Data\m\shared\Abexo Defragmenter Pro 6.1.0.zip
c:\documents and settings\Admin\Application Data\m\shared\Absolute Pop Up Maker 2.1.zip
c:\documents and settings\Admin\Application Data\m\shared\ACADSee 3.00.zip
c:\documents and settings\Admin\Application Data\m\shared\Advanced Crypto Drive 1.0.zip
c:\documents and settings\Admin\Application Data\m\shared\Advanced File Shredder 1.15.zip
c:\documents and settings\Admin\Application Data\m\shared\Alt MP3 to WMA Converter 2.5.zip
c:\documents and settings\Admin\Application Data\m\shared\Arkanoid j2Me(Nokia n73) v1.2.5 Ddj.zip
c:\documents and settings\Admin\Application Data\m\shared\Ashale Cleaner Tool 1.0.0.0.zip
c:\documents and settings\Admin\Application Data\m\shared\At the Depth - Animated Wallpaper 5.07.zip
c:\documents and settings\Admin\Application Data\m\shared\autodesk Volo View Express 3.0 Build 996.zip
c:\documents and settings\Admin\Application Data\m\shared\avast!.Antivirus.avast!.4.Professional.4.7.871.zip
c:\documents and settings\Admin\Application Data\m\shared\Avast.Antivirus.By.Angelofdarkness.zip
c:\documents and settings\Admin\Application Data\m\shared\AVG.Free.Edition.7.33.zip
c:\documents and settings\Admin\Application Data\m\shared\Avira Antivir Personaledition Premium 7 Key.zip
c:\documents and settings\Admin\Application Data\m\shared\Aya PSP PS3 WII Video Converter 1.2.2.zip
c:\documents and settings\Admin\Application Data\m\shared\BaSoMail 1.24.zip
c:\documents and settings\Admin\Application Data\m\shared\BitDefender.Professional.Plus.9.Build.9.5-Kg.zip
c:\documents and settings\Admin\Application Data\m\shared\Bodie's Typing 1.04.zip
c:\documents and settings\Admin\Application Data\m\shared\Bogemic Spreadsheet Studio 1.2.zip
c:\documents and settings\Admin\Application Data\m\shared\Break.com Video Downloader 3.13.zip
c:\documents and settings\Admin\Application Data\m\shared\Bundesliga Statistics in Excel (Season 2005-06) 1.0.zip
c:\documents and settings\Admin\Application Data\m\shared\Campaign 2008 Screensaver (Huckabee) 1.0.zip
c:\documents and settings\Admin\Application Data\m\shared\CB Browser 1.0.zip
c:\documents and settings\Admin\Application Data\m\shared\ChakraWeb 1.01A.zip
c:\documents and settings\Admin\Application Data\m\shared\Clean Assistant 1.61.zip
c:\documents and settings\Admin\Application Data\m\shared\Clustone 3.0.zip
c:\documents and settings\Admin\Application Data\m\shared\Clyton 1.4.zip
c:\documents and settings\Admin\Application Data\m\shared\Color Picker 1.5.zip
c:\documents and settings\Admin\Application Data\m\shared\Compegps Mobile 2.0 Rc1 (Original).zip
c:\documents and settings\Admin\Application Data\m\shared\CSRenameMultipleFiles 1.3.0.0.zip
c:\documents and settings\Admin\Application Data\m\shared\Desktop Dot 1.01.zip
c:\documents and settings\Admin\Application Data\m\shared\Digital MC 1.0.zip
c:\documents and settings\Admin\Application Data\m\shared\Digitalk Easy Recorder 1.4.1.2363.zip
c:\documents and settings\Admin\Application Data\m\shared\Dream Aquarium 3D Screensaver 1.0.zip
c:\documents and settings\Admin\Application Data\m\shared\Dwyco Video Conferencing System (CDC32) 2.97.zip
c:\documents and settings\Admin\Application Data\m\shared\EasyDVD Player 2.0.zip
c:\documents and settings\Admin\Application Data\m\shared\Embedded Speaker Verification Kit 1.0.zip
c:\documents and settings\Admin\Application Data\m\shared\eMule Acceleration Tool 2.3.1.0.zip
c:\documents and settings\Admin\Application Data\m\shared\Extasy 1.0.zip
c:\documents and settings\Admin\Application Data\m\shared\EyeFidelityTools FE 1.0 Beta.zip
c:\documents and settings\Admin\Application Data\m\shared\Eztoo WMV Video Converter 2.00.zip
c:\documents and settings\Admin\Application Data\m\shared\Family Genie Toolbar 3.5.1.0.zip
c:\documents and settings\Admin\Application Data\m\shared\FC-Win 2.50.zip
c:\documents and settings\Admin\Application Data\m\shared\FFS File System Driver 0.5.1.zip
c:\documents and settings\Admin\Application Data\m\shared\Filehand Search 3.0 build 488.zip
c:\documents and settings\Admin\Application Data\m\shared\FotoArchive 3.1.0.zip
c:\documents and settings\Admin\Application Data\m\shared\Free Accounting 2.0.0.10.zip
c:\documents and settings\Admin\Application Data\m\shared\Free DVD Decrypter 1.3.3.1.zip
c:\documents and settings\Admin\Application Data\m\shared\Free Space Screensaver 1.0.zip
c:\documents and settings\Admin\Application Data\m\shared\Frequency Analyzer 2.0.zip
c:\documents and settings\Admin\Application Data\m\shared\Game Organizer 1.0.zip
c:\documents and settings\Admin\Application Data\m\shared\Gamelan 1.0.zip
c:\documents and settings\Admin\Application Data\m\shared\GigaOM RSS Reader 1.0.zip
c:\documents and settings\Admin\Application Data\m\shared\Grain Generator 1.4.zip
c:\documents and settings\Admin\Application Data\m\shared\Grapholic 1.0.zip
c:\documents and settings\Admin\Application Data\m\shared\GreenPad 1.07.4.zip
c:\documents and settings\Admin\Application Data\m\shared\GScheduler 1.0.zip
c:\documents and settings\Admin\Application Data\m\shared\Hermod 1.0 Beta.zip
c:\documents and settings\Admin\Application Data\m\shared\I2P 0.6.4.zip
c:\documents and settings\Admin\Application Data\m\shared\IL Case Changer 2.0.zip
c:\documents and settings\Admin\Application Data\m\shared\Innovasys Freeware Controls Suite V1.0.zip
c:\documents and settings\Admin\Application Data\m\shared\InOOl Sidebar Extension 0.1.zip
c:\documents and settings\Admin\Application Data\m\shared\Instant Quote Professional 6.61.zip
c:\documents and settings\Admin\Application Data\m\shared\IntegralUI TreeView 2.0.zip
c:\documents and settings\Admin\Application Data\m\shared\inTone Bass Pro 1.1.1.zip
c:\documents and settings\Admin\Application Data\m\shared\Isg WinCommand 1.11.zip
c:\documents and settings\Admin\Application Data\m\shared\Ivan Video to 3GP Spliter 1.11.1.zip
c:\documents and settings\Admin\Application Data\m\shared\IXSF Search 1.2.zip
c:\documents and settings\Admin\Application Data\m\shared\Jazz HTML 1.12.zip
c:\documents and settings\Admin\Application Data\m\shared\Jukebox for Kids 1.0.zip
c:\documents and settings\Admin\Application Data\m\shared\Junction 1.04.zip
c:\documents and settings\Admin\Application Data\m\shared\Kaspersky.Antivirus.Personal.Pro.v5.0.388.Español.+.Keys.año.2007.zip
c:\documents and settings\Admin\Application Data\m\shared\kBuddy 1.0.zip
c:\documents and settings\Admin\Application Data\m\shared\libuninum 2.5.zip
c:\documents and settings\Admin\Application Data\m\shared\LinkHunter 1.2.zip
c:\documents and settings\Admin\Application Data\m\shared\Log-me in 1.0.zip
c:\documents and settings\Admin\Application Data\m\shared\Lotto Number Generator 1.0.zip
c:\documents and settings\Admin\Application Data\m\shared\McPherran Utilities XP 1.0.zip
c:\documents and settings\Admin\Application Data\m\shared\MEDA PDF2HTM 1.2.zip
c:\documents and settings\Admin\Application Data\m\shared\MIME Indexer for Google Desktop 1.0.zip
c:\documents and settings\Admin\Application Data\m\shared\Mixaz 1.0 Beta.zip
c:\documents and settings\Admin\Application Data\m\shared\mp3-Arranger 6.2-1.zip
c:\documents and settings\Admin\Application Data\m\shared\MP3 File Organiser Lite 1.03.01.zip
c:\documents and settings\Admin\Application Data\m\shared\MP3 Remove ID3 Tags From Multiple Files Software 7.0.zip
c:\documents and settings\Admin\Application Data\m\shared\MultiMon 1.03.zip
c:\documents and settings\Admin\Application Data\m\shared\NetXtremeBounceFilter 1.4.zip
c:\documents and settings\Admin\Application Data\m\shared\new orleans toolbar for IE 4.5.131.0.zip
c:\documents and settings\Admin\Application Data\m\shared\NoBlankQuote 0.3.3.zip
c:\documents and settings\Admin\Application Data\m\shared\NOD32.v2.70.16.Full.zip
c:\documents and settings\Admin\Application Data\m\shared\NoiseCradle 1.4.zip
c:\documents and settings\Admin\Application Data\m\shared\Norton Add-on Pack 2.1.zip
c:\documents and settings\Admin\Application Data\m\shared\Norton Internet Security 2006 Crack-Serial-Keygen.zip
c:\documents and settings\Admin\Application Data\m\shared\Offline Navigator 1.01.zip
c:\documents and settings\Admin\Application Data\m\shared\ORACLE OCA DBA 10g Practice Tests 9.0.0.zip
c:\documents and settings\Admin\Application Data\m\shared\Panda.Titanium.Antivirus.20054.00.00.Multilingual.Retail.WinALL-F4CG.zip
c:\documents and settings\Admin\Application Data\m\shared\Proxy Firewall 1.0.4.253 beta.zip
c:\documents and settings\Admin\Application Data\m\shared\QMSys Threads and Gauges 4.9 Build 08.10.30.zip
c:\documents and settings\Admin\Application Data\m\shared\Remembrance 1.1.zip
c:\documents and settings\Admin\Application Data\m\shared\RS Light Button 1.02.0.0001.zip
c:\documents and settings\Admin\Application Data\m\shared\RTMirror 1.0.zip
c:\documents and settings\Admin\Application Data\m\shared\Run 1.0.zip
c:\documents and settings\Admin\Application Data\m\shared\Répertoire 2.9.zip
c:\documents and settings\Admin\Application Data\m\shared\ScreenMeditation abstract visual art generator 1.1.zip
c:\documents and settings\Admin\Application Data\m\shared\Security System Analyzer 1.6 Beta 2.zip
c:\documents and settings\Admin\Application Data\m\shared\Shark 3GP Video Converter 6.8.2.0.zip
c:\documents and settings\Admin\Application Data\m\shared\SimpleBT 0.1.8.zip
c:\documents and settings\Admin\Application Data\m\shared\Sleep 1.0.zip
c:\documents and settings\Admin\Application Data\m\shared\Smart Partition Recovery 2.0.zip
c:\documents and settings\Admin\Application Data\m\shared\SMConerButton component.zip
c:\documents and settings\Admin\Application Data\m\shared\Sound Mine 2006.08.zip
c:\documents and settings\Admin\Application Data\m\shared\Space Gems 2.3.zip
c:\documents and settings\Admin\Application Data\m\shared\Splittur 2.1.zip
c:\documents and settings\Admin\Application Data\m\shared\Symantec.Norton.Ghost.9.-.ITA.zip
c:\documents and settings\Admin\Application Data\m\shared\Tonometer.zip
c:\documents and settings\Admin\Application Data\m\shared\Town Clock Screensaver 2.4.zip
c:\documents and settings\Admin\Application Data\m\shared\TranspApps 1.1.zip
c:\documents and settings\Admin\Application Data\m\shared\Txt2PDF 2.31.zip
c:\documents and settings\Admin\Application Data\m\shared\Vibrating Sun Screensaver 1.0.zip
c:\documents and settings\Admin\Application Data\m\shared\VPNetMon 1.1.2010 Beta.zip
c:\documents and settings\Admin\Application Data\m\shared\wiki2xhtml 3.3.1.zip
c:\documents and settings\Admin\Application Data\m\shared\Win32.Bagle.AL@mm free removal tool 1.0.zip
c:\documents and settings\Admin\Application Data\m\shared\Window on the World 1.0.zip
c:\documents and settings\Admin\Application Data\m\shared\Wine Library 1.1.098.zip
c:\documents and settings\Admin\Application Data\m\srvlist.oct
c:\documents and settings\Admin\Bureau\ip hider.exe
c:\documents and settings\Admin\new.txt
c:\program files\VideoAccessCodec
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\dat.txt
c:\windows\images45.zip
c:\windows\rs.txt
c:\windows\search_res.txt
c:\windows\system32\ban_list.txt
c:\windows\system32\mdelk.exe
c:\windows\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SROSA
-------\Legacy_SROSA
-------\Legacy_SK9OU0S
-------\Service_sK9Ou0s


((((((((((((((((((((((((((((( Fichiers créés du 2008-12-06 au 2009-01-06 ))))))))))))))))))))))))))))))))))))
.

2009-01-06 14:14 . 2009-01-05 12:10 81,920 --a------ c:\documents and settings\Admin\Application Data\comrepl.exe
2009-01-05 14:14 . 2009-01-05 14:14 <REP> d-------- c:\program files\Trend Micro
2009-01-05 12:10 . 2009-01-05 12:10 81,920 --a------ c:\windows\logman.exe
2009-01-05 12:04 . 2009-01-05 12:04 <REP> d-------- c:\program files\Combined Community Codec Pack
2009-01-05 10:44 . 2009-01-06 14:10 <REP> d--h----- c:\documents and settings\Admin\Application Data\drivers
2009-01-05 10:05 . 2009-01-05 10:06 <REP> d-------- c:\windows\system32\URTTemp
2009-01-05 10:01 . 2009-01-05 10:01 <REP> d-------- c:\program files\XviD
2009-01-05 10:01 . 2009-01-05 10:01 <REP> d-------- c:\program files\Morgan
2009-01-05 10:01 . 2009-01-05 10:01 <REP> d-------- c:\program files\AC3Filter
2009-01-05 10:01 . 2003-08-19 08:20 180,224 --a------ c:\windows\system32\ac3filter.cpl
2009-01-05 10:01 . 2002-11-15 13:11 77,824 --a------ c:\windows\system32\MMSwitch.dll
2009-01-05 10:01 . 2002-11-18 16:15 62,464 --a------ c:\windows\system32\MMSwitch.ax
2009-01-05 10:01 . 2002-11-18 16:02 40,960 --a------ c:\windows\system32\MMAVILNG.exe
2009-01-05 10:00 . 2003-03-15 22:15 90,112 --a------ c:\windows\unvise32.exe
2009-01-05 09:56 . 2009-01-05 09:57 <REP> d-------- c:\program files\Matroska Pack
2009-01-02 18:14 . 2008-12-03 15:04 189,440 --a------ c:\windows\system32\KSXPPI32.dll
2009-01-02 18:14 . 2008-11-06 18:41 7,556 --a------ c:\windows\system32\MixerDefaultXP.reg
2009-01-02 18:14 . 2008-08-28 23:02 3,556 --a------ c:\windows\system32\DeviceDefaultsXP.reg
2009-01-02 18:12 . 2009-01-02 18:12 <REP> d-------- c:\program files\Fichiers communs\Creative Labs Shared
2009-01-02 17:33 . 2009-01-02 18:32 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Creative
2009-01-02 17:30 . 2000-05-22 09:58 647,872 --------- c:\windows\system32\Mscomct2.ocx
2009-01-02 17:30 . 2006-10-06 07:17 53,248 --------- c:\windows\Ctregrun.exe
2009-01-02 17:30 . 2003-06-12 23:25 7,062 --a------ c:\windows\system32\audiopid.vxd
2009-01-02 17:29 . 1999-12-12 18:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE
2009-01-02 17:29 . 1999-11-17 18:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE
2009-01-02 17:28 . 2009-01-02 17:28 <REP> d-------- c:\program files\Fichiers communs\Creative
2009-01-02 17:28 . 2009-01-02 17:30 <REP> d--h----- c:\program files\Creative Installation Information
2009-01-02 17:27 . 2007-07-09 03:59 782,336 -ra------ c:\windows\system32\tmp5.tmp
2009-01-02 17:27 . 2007-07-09 03:59 782,336 -ra------ c:\windows\system32\tmp4.tmp
2009-01-02 17:27 . 2009-01-02 18:16 413,696 --a------ c:\windows\system32\wrap_oal.dll
2009-01-02 17:27 . 2009-01-02 18:16 110,592 --a------ c:\windows\system32\OpenAL32.dll
2009-01-02 17:10 . 2008-12-01 14:14 33,126 --a------ c:\windows\system32\kschimp.ini
2009-01-02 17:10 . 2007-12-13 17:45 25,022 --a------ c:\windows\ksaudFRN.reg
2009-01-02 17:10 . 2007-12-11 18:47 23,292 --a------ c:\windows\ksaudENG.reg
2009-01-02 17:10 . 2007-07-05 10:27 2,630 --a------ c:\windows\MixerName.reg
2009-01-02 17:10 . 2009-01-02 18:15 295 -rah----- c:\windows\ctfile.rfc
2009-01-02 17:09 . 2009-01-02 17:35 <REP> d-------- c:\documents and settings\Admin\Application Data\Creative
2009-01-02 16:59 . 2005-07-26 13:44 59,264 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2009-01-02 16:59 . 2005-07-26 13:44 59,264 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2008-12-11 11:04 . 2008-12-11 11:04 768,768 --a------ c:\windows\system32\drivers\ksaud.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 02:32 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2009-01-05 21:11 --------- d-----w c:\program files\eMule
2009-01-05 10:54 --------- d-----w c:\program files\DivX
2009-01-04 12:31 --------- d-----w c:\documents and settings\Admin\Application Data\dvdcss
2009-01-03 10:44 --------- d-----w c:\program files\XoftSpySE
2009-01-02 17:16 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-02 17:14 --------- d-----w c:\program files\Creative
2008-12-31 19:54 --------- d-----w c:\documents and settings\Admin\Application Data\CopyToDvd
2008-12-18 09:45 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-12-03 07:58 --------- d-----w c:\program files\Java
2008-11-29 00:51 --------- d-----w c:\program files\Shareaza
2008-11-15 14:09 --------- d-----w c:\documents and settings\Admin\Application Data\Skype
2008-11-15 11:21 --------- d-----w c:\documents and settings\Admin\Application Data\skypePM
2008-10-16 11:24 22,200 ----a-w c:\documents and settings\Admin\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-01-06 81000]
"Module Loader"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-18 57344]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe" [2007-12-19 217192]
"Creative KSRun Persistence Module"="KSRun.dll" [2008-08-29 c:\windows\system32\KSRun.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-18 9117696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"Config"="c:\windows\system32\run.cmd" [2005-08-23 341]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"CmSTP"="c:\docume~1\Admin\LOCALS~1\APPLIC~1\MICROS~1\cmstp.exe" [2009-01-05 81920]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"IEudinit"="c:\docume~1\Admin\LOCALS~1\APPLIC~1\MICROS~1\ieudinit.exe" [2009-01-05 81920]

[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Logman"="c:\windows\logman.exe" [2009-01-05 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
"HideClock"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=c:\docume~1\Admin\APPLIC~1\comrepl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"vidc.3IV2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.X264"= x264vfw.dll
"vidc.davc"= davcvfw.dll
"vidc.xvid"= xvid.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 14:08 136136 c:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
--a------ 2005-07-26 17:52 184408 c:\program files\Executive Software\Diskeeper\DkIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-03-02 15:24 257088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 14:44 196608 c:\program files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 17:32 221184 c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2008-04-18 00:27 9117696 c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-01-20 08:09 200704 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 10:54 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
--a------ 2007-11-24 20:14 606456 c:\program files\Registry Clean Expert\RCHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-05-30 14:54 21718312 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-10 05:43 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-23 06:52 185896 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
--a------ 2002-09-27 13:47 20480 c:\windows\wt\updater\wcmdmgrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
--a------ 2005-08-08 13:48 1109504 c:\program files\Webroot\Washer\wwDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2005-12-20 26112]
R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2008-12-11 768768]
R3 ksaudfl;ksaudfl;c:\windows\system32\drivers\ksaudfl.sys [2008-10-24 1830912]
S0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2005-12-20 77312]
S1 aswSP;avast! Self Protection; [x]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Fichiers communs\Creative Labs Shared\Service\CTAELicensing.exe [2009-01-02 79360]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2007-02-17 163328]
S4 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9636019a-cef0-11db-9e07-00112fad6785}]
\Shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb43d86d-e9c9-11dc-a04b-00112fad6785}]
\Shell\AutoRun\command - J:\
\Shell\explore\Command - RECYCLED\INFO.exe
\Shell\open\Command - RECYCLED\INFO.exe
.
Contenu du dossier 'Tâches planifiées'

2009-01-06 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 08:43]

2009-01-06 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 08:43]
.
- - - - ORPHELINS SUPPRIMES - - - -

SSODL-msduo2-{BA9CB520-5267-4562-869D-C99100B25475} - (no file)
MSConfigStartUp-Gadu-Gadu - c:\program files\Gadu-Gadu\gg.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
MSConfigStartUp-winINI - c:\arquivos de programas\winINI.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.dogpile.com
mStart Page = hxxp://www.dogpile.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.fr/
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
IE: &Download All with FlashGet - c:\documents and settings\Admin\Bureau\FlashGet.v1.72.Multilanguage.WinALL.Cracked-CzW\Crack\jc_all.htm
IE: &Download with FlashGet - c:\documents and settings\Admin\Bureau\FlashGet.v1.72.Multilanguage.WinALL.Cracked-CzW\Crack\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\cu5vaq8h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.dogpile.com/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\cu5vaq8h.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\cu5vaq8h.default\extensions\tcastv1@tom.com\plugins\nptcast40.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 14:14:19
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WFIPS"="c:\\Documents and Settings\\Admin\\Bureau\\ip hider.exe -autoboot"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Executive Software\Diskeeper\DkService.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\sessmgr.exe
c:\windows\system32\wwSecure.exe
c:\windows\system32\rundll32.exe
c:\program files\Creative\ShareDLL\CADI\NotiMan.exe
.
**************************************************************************
.
Heure de fin: 2009-01-06 14:23:01 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-06 13:22:45

Avant-CF: 54,718,181,376 octets libres
Après-CF: 55,150,731,264 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

459 --- E O F --- 2008-12-18 02:04:29

and here comes hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:30:18, on 06/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\DOCUME~1\Admin\LOCALS~1\APPLIC~1\MICROS~1\cmstp.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\System32\drivers\spoolsv.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Module Loader] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe -StartUpRun
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [Creative KSRun Persistence Module] RunDll32 KSRun.dll,RunDLLEntry
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [CmSTP] C:\DOCUME~1\Admin\LOCALS~1\APPLIC~1\MICROS~1\cmstp.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [IEudinit] C:\DOCUME~1\Admin\LOCALS~1\APPLIC~1\MICROS~1\ieudinit.exe /waitservice
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Logman] C:\WINDOWS\logman.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Logman] C:\WINDOWS\logman.exe /waitservice (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Documents and Settings\Admin\Bureau\FlashGet.v1.72.Multilanguage.WinALL.Cracked-CzW\Crack\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Documents and Settings\Admin\Bureau\FlashGet.v1.72.Multilanguage.WinALL.Cracked-CzW\Crack\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15106/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

--
End of file - 7054 bytes

#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 06 January 2009 - 09:51 AM

Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please reboot into Safe Mode
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.



NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



Run Combo-Fix again.. Post these logs in your next reply..

1. SDFix
2. Malwarebytes'
3. Combo-Fix

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 jomenace

jomenace
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 07 January 2009 - 07:39 PM

Since the beginning of my virus, I brought my pc to the store to get a ram and graphic card update. I am running a 1.6ghz Athlon with 1ghz ddr 400 PC 3200 of ram, the graphic card is an Nvidia NX7600GT at 512mb and already 4 times in 2 days I had a blue screen appearing with
DRIVER_IRQL_NOT_LESS_OR_EQUAL, my guess is that it could be related to hijack since I get this error message from mbam:
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> No action taken.

Finally regarding my XP Version I am very concerned because ever so often it asks me for the original CD which I've lost, I however own a newer XP SP3, is it better for me to reformat?

As asked here are the files:


SDFix: Version 1.240
Run by Admin on 07/01/2009 at 23:23

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\drivers\Spoolsv.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 23:33:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000000
"hdf12"=hex:aa,de,5d,fb,ad,53,d8,be,f4,c8,19,17,66,00,34,eb,df,dc,e0,b9,7f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,27,60,7f,27,c6,15,fb,1e,3b,e9,c1,9f,79,a3,8c,c2,39,..
"hdf12"=hex:1b,e7,47,44,f0,3f,0c,a3,0f,12,3e,cb,e2,a0,18,22,60,af,23,cb,c9,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:55,96,82,ed,42,78,61,2c,1a,fe,64,87,c3,2a,ff,a8,48,b5,be,90,f8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000000
"hdf12"=hex:aa,de,5d,fb,ad,53,d8,be,f4,c8,19,17,66,00,34,eb,df,dc,e0,b9,7f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,27,60,7f,27,c6,15,fb,1e,3b,e9,c1,9f,79,a3,8c,c2,39,..
"hdf12"=hex:1b,e7,47,44,f0,3f,0c,a3,0f,12,3e,cb,e2,a0,18,22,60,af,23,cb,c9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:55,96,82,ed,42,78,61,2c,1a,fe,64,87,c3,2a,ff,a8,48,b5,be,90,f8,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 9 Apr 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
Fri 29 Aug 2008 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp"
Tue 16 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5c703fe0947475848e966b61999878d1\BIT1.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\Documents and Settings\Admin\Application Data\U3\temp\Launchpad Removal.exe"

Finished!

Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1629
Windows 5.1.2600 Service Pack 2

08/01/2009 01:06:01
mbam-log-2009-01-08 (01-05-56).txt

Type de recherche: Examen complet (C:\|F:\|)
Eléments examinés: 136234
Temps écoulé: 50 minute(s), 6 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Qoobox\Quarantine\C\Documents and Settings\Admin\Application Data\drivers\srosa2.sys.vir (Worm.Bagel) -> No action taken.
C:\System Volume Information\_restore{0E7248D8-BF46-4094-908A-8F5B0A5A2456}\RP2\A0000061.sys (Worm.Bagel) -> No action taken.
C:\Documents and Settings\Admin\Bureau\Avast.Professional.v4.8.1229.Incl.Keymaker-CORE\Avast.Professional.v4.8.1229.Incl.Keymaker-CORE\keygen.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\drivers\comrepl.exe (Trojan.Agent) -> No action taken.

ComboFix 09-01-07.01 - Admin 2009-01-08 1:15:19.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1024.731 [GMT 1:00]
Lancé depuis: c:\documents and settings\Admin\Bureau\Combo-Fix.exe
* Un nouveau point de restauration a été créé

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Admin\Application Data\comrepl.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-08 au 2009-01-08 ))))))))))))))))))))))))))))))))))))
.

2009-01-07 23:51 . 2009-01-07 23:51 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-07 23:51 . 2009-01-07 23:51 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-01-07 23:51 . 2009-01-07 23:51 <REP> d-------- c:\documents and settings\Admin\Application Data\Malwarebytes
2009-01-07 23:51 . 2009-01-04 18:41 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-07 23:51 . 2009-01-04 18:41 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-07 23:19 . 2009-01-07 23:19 <REP> d-------- c:\windows\ERUNT
2009-01-07 23:11 . 2009-01-07 23:40 <REP> d-------- C:\SDFix
2009-01-06 16:58 . 2009-01-06 16:58 0 --a------ c:\windows\msicpl.ini
2009-01-06 16:47 . 2009-01-06 16:53 127,254 --a------ c:\windows\system32\nvapps.xml
2009-01-06 16:45 . 2007-06-29 01:54 356,352 --a------ c:\windows\system32\NVUNINST.EXE
2009-01-05 14:14 . 2009-01-05 14:14 <REP> d-------- c:\program files\Trend Micro
2009-01-05 12:10 . 2009-01-05 12:10 81,920 --a------ c:\windows\logman.exe
2009-01-05 12:04 . 2009-01-05 12:04 <REP> d-------- c:\program files\Combined Community Codec Pack
2009-01-05 10:44 . 2009-01-06 14:10 <REP> d--h----- c:\documents and settings\Admin\Application Data\drivers
2009-01-05 10:05 . 2009-01-05 10:06 <REP> d-------- c:\windows\system32\URTTemp
2009-01-05 10:01 . 2009-01-05 10:01 <REP> d-------- c:\program files\XviD
2009-01-05 10:01 . 2009-01-05 10:01 <REP> d-------- c:\program files\Morgan
2009-01-05 10:01 . 2009-01-05 10:01 <REP> d-------- c:\program files\AC3Filter
2009-01-05 10:01 . 2003-08-19 08:20 180,224 --a------ c:\windows\system32\ac3filter.cpl
2009-01-05 10:01 . 2002-11-15 13:11 77,824 --a------ c:\windows\system32\MMSwitch.dll
2009-01-05 10:01 . 2002-11-18 16:15 62,464 --a------ c:\windows\system32\MMSwitch.ax
2009-01-05 10:01 . 2002-11-18 16:02 40,960 --a------ c:\windows\system32\MMAVILNG.exe
2009-01-05 10:00 . 2003-03-15 22:15 90,112 --a------ c:\windows\unvise32.exe
2009-01-05 09:56 . 2009-01-05 09:57 <REP> d-------- c:\program files\Matroska Pack
2009-01-02 18:14 . 2008-12-03 15:04 189,440 --a------ c:\windows\system32\KSXPPI32.dll
2009-01-02 18:14 . 2008-11-06 18:41 7,556 --a------ c:\windows\system32\MixerDefaultXP.reg
2009-01-02 18:14 . 2008-08-28 23:02 3,556 --a------ c:\windows\system32\DeviceDefaultsXP.reg
2009-01-02 18:12 . 2009-01-02 18:12 <REP> d-------- c:\program files\Fichiers communs\Creative Labs Shared
2009-01-02 17:33 . 2009-01-02 18:32 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Creative
2009-01-02 17:30 . 2000-05-22 09:58 647,872 --------- c:\windows\system32\Mscomct2.ocx
2009-01-02 17:30 . 2006-10-06 07:17 53,248 --------- c:\windows\Ctregrun.exe
2009-01-02 17:30 . 2003-06-12 23:25 7,062 --a------ c:\windows\system32\audiopid.vxd
2009-01-02 17:29 . 1999-12-12 18:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE
2009-01-02 17:29 . 1999-11-17 18:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE
2009-01-02 17:28 . 2009-01-02 17:28 <REP> d-------- c:\program files\Fichiers communs\Creative
2009-01-02 17:28 . 2009-01-02 17:30 <REP> d--h----- c:\program files\Creative Installation Information
2009-01-02 17:27 . 2007-07-09 03:59 782,336 -ra------ c:\windows\system32\tmp5.tmp
2009-01-02 17:27 . 2007-07-09 03:59 782,336 -ra------ c:\windows\system32\tmp4.tmp
2009-01-02 17:27 . 2009-01-02 18:16 413,696 --a------ c:\windows\system32\wrap_oal.dll
2009-01-02 17:27 . 2009-01-02 18:16 110,592 --a------ c:\windows\system32\OpenAL32.dll
2009-01-02 17:10 . 2008-12-01 14:14 33,126 --a------ c:\windows\system32\kschimp.ini
2009-01-02 17:10 . 2007-12-13 17:45 25,022 --a------ c:\windows\ksaudFRN.reg
2009-01-02 17:10 . 2007-12-11 18:47 23,292 --a------ c:\windows\ksaudENG.reg
2009-01-02 17:10 . 2007-07-05 10:27 2,630 --a------ c:\windows\MixerName.reg
2009-01-02 17:10 . 2009-01-02 18:15 295 -rah----- c:\windows\ctfile.rfc
2009-01-02 17:09 . 2009-01-02 17:35 <REP> d-------- c:\documents and settings\Admin\Application Data\Creative
2009-01-02 16:59 . 2005-07-26 13:44 59,264 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2009-01-02 16:59 . 2005-07-26 13:44 59,264 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2008-12-11 11:04 . 2008-12-11 11:04 768,768 --a------ c:\windows\system32\drivers\ksaud.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 21:53 --------- d-----w c:\program files\eMule
2009-01-07 07:50 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2009-01-06 21:14 --------- d-----w c:\documents and settings\Admin\Application Data\dvdcss
2009-01-05 10:54 --------- d-----w c:\program files\DivX
2009-01-03 10:44 --------- d-----w c:\program files\XoftSpySE
2009-01-02 17:16 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-02 17:14 --------- d-----w c:\program files\Creative
2008-12-31 19:54 --------- d-----w c:\documents and settings\Admin\Application Data\CopyToDvd
2008-12-18 09:45 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-12-03 07:58 --------- d-----w c:\program files\Java
2008-11-29 00:51 --------- d-----w c:\program files\Shareaza
2008-11-28 10:25 86,528 ----a-w c:\windows\system32\CtCoInst.dll
2008-11-28 10:24 184,320 ----a-w c:\windows\system32\CtDvInst.dll
2008-11-15 14:09 --------- d-----w c:\documents and settings\Admin\Application Data\Skype
2008-11-15 11:21 --------- d-----w c:\documents and settings\Admin\Application Data\skypePM
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 11:24 22,200 ----a-w c:\documents and settings\Admin\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2009-01-06_14.19.37.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-05 09:05:42 7,168 ----a-w c:\windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-01-06 13:46:12 8,192 ----a-w c:\windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-01-05 09:05:37 32,768 ----a-w c:\windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-01-06 13:46:14 32,768 ----a-w c:\windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-01-05 09:05:26 716,800 ----a-w c:\windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-01-06 13:46:24 720,896 ----a-w c:\windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-01-05 09:05:27 299,008 ----a-w c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-01-06 13:46:14 299,008 ----a-w c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-01-05 09:05:42 32,768 ----a-w c:\windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2009-01-06 13:46:22 32,768 ----a-w c:\windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
- 2009-01-05 09:05:44 299,008 ----a-w c:\windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-01-06 13:46:20 303,104 ----a-w c:\windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2009-01-05 09:05:39 1,290,240 ----a-w c:\windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2009-01-06 13:46:22 1,294,336 ----a-w c:\windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
- 2009-01-05 09:05:39 1,699,840 ----a-w c:\windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-01-06 13:46:13 1,703,936 ----a-w c:\windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-01-05 09:05:39 86,016 ----a-w c:\windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-01-06 13:46:24 90,112 ----a-w c:\windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-01-05 09:05:39 466,944 ----a-w c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-01-06 13:46:19 466,944 ----a-w c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-01-05 09:05:39 241,664 ----a-w c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-01-06 13:46:17 241,664 ----a-w c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-01-05 09:05:39 64,000 ----a-w c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2009-01-06 13:46:17 66,560 ----a-w c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
- 2009-01-05 09:05:40 368,640 ----a-w c:\windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-01-06 13:46:21 372,736 ----a-w c:\windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-01-05 09:05:40 241,664 ----a-w c:\windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-01-06 13:46:25 241,664 ----a-w c:\windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-01-05 09:05:40 323,584 ----a-w c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-01-06 13:46:20 323,584 ----a-w c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-01-05 09:05:40 131,072 ----a-w c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-01-06 13:46:17 131,072 ----a-w c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-01-05 09:05:40 77,824 ----a-w c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-01-06 13:46:19 77,824 ----a-w c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-01-05 09:05:40 126,976 ----a-w c:\windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-01-06 13:46:22 126,976 ----a-w c:\windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-01-05 09:05:43 819,200 ----a-w c:\windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-01-06 13:46:12 819,200 ----a-w c:\windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-01-05 09:05:40 57,344 ----a-w c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-01-06 13:46:15 57,344 ----a-w c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-01-05 09:05:40 569,344 ----a-w c:\windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-01-06 13:46:13 573,440 ----a-w c:\windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2009-01-05 09:05:40 1,245,184 ----a-w c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-01-06 13:46:23 1,257,472 ----a-w c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-01-05 09:05:41 2,039,808 ----a-w c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-01-06 13:46:18 2,052,096 ----a-w c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-01-05 09:05:42 1,335,296 ----a-w c:\windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll
+ 2009-01-06 13:46:21 1,339,392 ----a-w c:\windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
- 2009-01-05 09:05:39 1,216,512 ----a-w c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-01-06 13:46:25 1,224,704 ----a-w c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-01-06 13:58:09 118,784 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_13c5b753\CustomMarshalers.dll
+ 2009-01-06 13:46:37 61,440 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_3f2f7b13\CustomMarshalers.dll
+ 2009-01-06 13:58:03 3,379,200 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_42b46ac1\mscorlib.dll
+ 2009-01-06 13:58:31 8,880,128 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_72b43314\mscorlib.dll
+ 2009-01-06 13:57:48 1,466,368 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_9627c9e4\System.Design.dll
+ 2009-01-06 13:58:21 3,395,584 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_a8e85df2\System.Design.dll
+ 2009-01-06 13:57:21 90,112 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_4375db18\System.Drawing.Design.dll
+ 2009-01-06 13:58:09 192,512 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_7df9b935\System.Drawing.Design.dll
+ 2009-01-06 13:58:23 2,244,608 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_857fc16f\System.Drawing.dll
+ 2009-01-06 13:58:00 835,584 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_8ef1ea40\System.Drawing.dll
+ 2009-01-06 13:57:35 3,014,656 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_49faab95\System.Windows.Forms.dll
+ 2009-01-06 13:58:14 7,880,704 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_b86b1b86\System.Windows.Forms.dll
+ 2009-01-06 13:58:18 5,505,024 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_322b6ac2\System.Xml.dll
+ 2009-01-06 13:57:41 2,088,960 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_c707e687\System.Xml.dll
+ 2009-01-06 13:58:08 4,763,648 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_36acfe47\System.dll
+ 2009-01-06 13:46:36 1,953,792 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_725f5ea7\System.dll
+ 2008-08-07 14:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-01-07 22:20:08 9,416,704 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2009-01-07 22:20:08 278,528 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 14:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-01-07 22:19:58 9,416,704 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2009-01-07 22:19:59 278,528 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2003-02-20 18:19:32 253,952 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2004-07-15 00:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2003-02-20 18:19:34 20,480 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2004-07-15 00:49:18 20,480 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
- 2003-02-20 18:19:38 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2004-07-15 00:49:26 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
- 2003-02-20 18:19:36 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2004-07-15 00:49:22 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-20 18:09:08 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2004-07-14 23:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-21 09:20:44 49,152 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2004-07-15 10:23:28 49,152 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
- 2003-02-21 09:21:00 626,688 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2004-07-15 10:23:44 626,688 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
- 2003-02-20 18:06:20 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2004-07-14 23:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-10-08 13:30:14 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\gacutil.exe
- 2003-02-21 06:24:38 7,168 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2004-07-15 13:31:00 8,192 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
- 2003-02-21 06:24:40 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2004-07-15 13:31:04 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
- 2003-02-20 18:09:40 196,608 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2004-07-14 23:35:30 196,608 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
- 2003-02-21 06:26:36 716,800 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2004-07-15 13:28:58 720,896 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
- 2003-02-21 06:26:38 299,008 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2004-07-15 13:28:56 299,008 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
- 2003-02-21 06:25:04 49,152 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2004-07-15 13:28:50 49,152 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
- 2003-02-21 06:25:04 49,152 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2004-07-15 13:28:50 49,152 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
- 2003-02-20 18:09:12 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2004-07-14 23:32:44 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
- 2003-02-20 18:09:12 233,472 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2004-07-14 23:32:46 233,472 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
- 2003-02-20 18:06:32 311,296 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2004-07-14 23:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2003-02-20 18:09:16 98,304 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2004-07-14 23:33:04 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2003-02-21 06:26:34 2,088,960 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2004-07-15 13:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-20 18:09:18 143,360 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2004-07-14 23:33:22 143,360 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
- 2003-02-20 18:09:18 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2004-07-14 23:33:24 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
- 2003-02-20 18:07:34 2,494,464 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2004-07-14 23:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2003-02-20 18:08:32 2,482,176 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2004-07-14 23:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2004-08-10 15:20:00 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
- 2003-02-20 18:09:30 90,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2004-07-14 23:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
- 2003-02-21 06:26:46 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2004-07-15 13:28:48 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
- 2003-02-20 18:09:34 319,488 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2004-07-14 23:35:04 319,488 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
- 2003-02-21 06:26:38 1,290,240 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2004-07-15 13:32:00 1,294,336 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
- 2003-02-21 06:25:42 299,008 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2004-07-15 13:31:14 303,104 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
- 2003-02-21 06:26:42 1,699,840 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2004-07-15 13:29:02 1,703,936 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
- 2003-02-21 06:26:44 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2004-07-15 13:28:54 90,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
- 2003-02-21 06:26:46 1,216,512 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2004-07-15 13:31:16 1,224,704 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2003-02-21 06:26:50 466,944 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2004-07-15 13:28:58 466,944 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
- 2003-02-21 06:26:50 241,664 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2004-07-15 13:28:56 241,664 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
- 2003-02-20 18:09:36 64,000 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2004-07-14 23:35:12 66,560 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
- 2003-02-21 06:26:52 368,640 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2004-07-15 13:31:58 372,736 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
- 2003-02-21 06:26:54 241,664 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2004-07-15 13:31:12 241,664 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
- 2003-02-21 06:26:56 323,584 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2004-07-15 13:28:58 323,584 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
- 2003-02-21 06:26:56 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2004-07-15 13:31:54 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
- 2003-02-21 06:26:58 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2004-07-15 13:28:52 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2003-02-21 06:27:00 126,976 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2004-07-15 13:28:54 126,976 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
- 2003-02-21 06:27:02 1,245,184 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2004-07-15 13:29:00 1,257,472 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2003-02-21 06:27:06 819,200 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2004-07-15 13:28:58 819,200 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
- 2003-02-21 06:24:18 57,344 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2004-07-15 13:28:52 57,344 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
- 2003-02-21 06:27:06 569,344 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2004-07-15 13:31:16 573,440 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
- 2003-02-21 06:27:08 2,039,808 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2004-07-15 13:32:02 2,052,096 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
- 2003-02-21 06:27:10 1,335,296 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-07-15 13:29:00 1,339,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-06-22 12:51:38 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2003-02-21 09:20:38 737,280 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2004-07-15 10:23:20 737,280 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
- 2003-02-21 04:04:18 1,032,192 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2004-07-15 07:15:14 1,032,192 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
- 2003-02-20 19:10:40 31,744 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2004-07-15 01:11:56 31,744 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2006-08-14 03:31:06 32,768 ----a-r c:\windows\system32\Auxiliary.dll
+ 2005-07-22 11:59:00 2,319,568 ----a-r c:\windows\system32\d3dx9_27.dll
+ 2005-12-05 10:09:18 2,323,664 ----a-r c:\windows\system32\d3dx9_28.dll
- 2005-07-26 13:44:02 1,897,408 ----a-w c:\windows\system32\drivers\nv4_mini.sys
+ 2007-06-28 16:43:00 6,807,328 ----a-w c:\windows\system32\drivers\nv4_mini.sys
+ 2007-07-25 08:55:22 262,144 ----a-r c:\windows\system32\HookMAp.dll
+ 2007-07-25 08:54:28 266,240 ----a-r c:\windows\system32\HookShield.dll
+ 2007-06-28 16:43:00 425,984 ----a-w c:\windows\system32\keystone.exe
+ 2007-05-28 15:13:36 130,048 ----a-r c:\windows\system32\MadCHook.dll
- 2003-02-20 18:06:24 155,648 ----a-w c:\windows\system32\mscoree.dll
+ 2004-07-14 23:24:50 155,648 ----a-w c:\windows\system32\mscoree.dll
- 2003-02-20 17:43:38 16,896 ----a-w c:\windows\system32\mscorier.dll
+ 2004-07-14 22:34:06 16,896 ----a-w c:\windows\system32\mscorier.dll
+ 2007-07-25 08:20:34 1,748,992 ----a-r c:\windows\system32\msicpl.dll
- 2003-02-21 04:42:22 348,160 ----a-w c:\windows\system32\msvcr71.dll
+ 2003-02-21 12:42:22 348,160 ----a-r c:\windows\system32\msvcr71.dll
- 2005-07-26 13:44:00 4,274,816 ----a-w c:\windows\system32\nv4_disp.dll
+ 2007-06-28 16:43:00 5,690,624 ----a-w c:\windows\system32\nv4_disp.dll
+ 2007-06-28 16:43:00 360,448 ----a-w c:\windows\system32\nvapi.dll
+ 2007-06-28 16:43:00 442,368 ----a-w c:\windows\system32\nvappbar.exe
+ 2007-06-28 16:43:00 37,376 ----a-w c:\windows\system32\nvcod.dll
+ 2007-06-28 16:43:00 37,376 ----a-w c:\windows\system32\nvcodins.dll
+ 2007-06-28 16:43:00 147,456 ----a-w c:\windows\system32\nvcolor.exe
+ 2007-06-28 16:43:00 8,466,432 ----a-w c:\windows\system32\nvcpl.dll
+ 2007-06-28 16:43:00 753,664 ----a-w c:\windows\system32\nvcplui.exe
+ 2007-06-28 16:43:00 1,073,152 ----a-w c:\windows\system32\nvcpluir.dll
+ 2007-06-28 16:43:00 6,234,112 ----a-w c:\windows\system32\nvdisps.dll
+ 2007-06-28 16:43:00 5,455,872 ----a-w c:\windows\system32\nvdispsr.dll
+ 2007-06-28 16:43:00 1,339,392 ----a-w c:\windows\system32\nvdspsch.exe
+ 2007-06-28 16:43:00 307,200 ----a-w c:\windows\system32\nvexpbar.dll
+ 2007-06-28 16:43:00 3,321,856 ----a-w c:\windows\system32\nvgames.dll
+ 2007-06-28 16:43:00 3,072,000 ----a-w c:\windows\system32\nvgamesr.dll
+ 2006-06-01 09:22:00 53,248 ----a-r c:\windows\system32\Nvgpio.dll
+ 2007-06-28 16:43:00 1,474,560 ----a-w c:\windows\system32\nview.dll
+ 2007-06-28 16:43:00 229,376 ----a-w c:\windows\system32\nvmccs.dll
+ 2007-06-28 16:43:00 45,056 ----a-w c:\windows\system32\nvmccsrs.dll
+ 2007-06-28 16:43:00 188,416 ----a-w c:\windows\system32\nvmccss.dll
+ 2007-06-28 16:43:00 458,752 ----a-w c:\windows\system32\nvmccssr.dll
+ 2007-06-28 16:43:00 81,920 ----a-w c:\windows\system32\nvmctray.dll
+ 2007-06-28 16:43:00 1,142,784 ----a-w c:\windows\system32\nvmobls.dll
+ 2007-06-28 16:43:00 2,854,912 ----a-w c:\windows\system32\nvmoblsr.dll
+ 2007-06-28 16:43:00 286,720 ----a-w c:\windows\system32\nvnt4cpl.dll
+ 2007-06-28 16:43:00 6,729,728 ----a-w c:\windows\system32\nvoglnt.dll
+ 2007-06-28 16:43:00 327,680 ----a-w c:\windows\system32\nvrsar.dll
+ 2007-06-28 16:43:00 249,856 ----a-w c:\windows\system32\nvrscs.dll
+ 2007-06-28 16:43:00 253,952 ----a-w c:\windows\system32\nvrsda.dll
+ 2007-06-28 16:43:00 278,528 ----a-w c:\windows\system32\nvrsde.dll
+ 2007-06-28 16:43:00 282,624 ----a-w c:\windows\system32\nvrsel.dll
+ 2007-06-28 16:43:00 245,760 ----a-w c:\windows\system32\nvrseng.dll
+ 2007-06-28 16:43:00 282,624 ----a-w c:\windows\system32\nvrses.dll
+ 2007-06-28 16:43:00 274,432 ----a-w c:\windows\system32\nvrsesm.dll
+ 2007-06-28 16:43:00 249,856 ----a-w c:\windows\system32\nvrsfi.dll
+ 2007-06-28 16:43:00 282,624 ----a-w c:\windows\system32\nvrsfr.dll
+ 2007-06-28 16:43:00 327,680 ----a-w c:\windows\system32\nvrshe.dll
+ 2007-06-28 16:43:00 258,048 ----a-w c:\windows\system32\nvrshu.dll
+ 2007-06-28 16:43:00 278,528 ----a-w c:\windows\system32\nvrsit.dll
+ 2007-06-28 16:43:00 266,240 ----a-w c:\windows\system32\nvrsja.dll
+ 2007-06-28 16:43:00 262,144 ----a-w c:\windows\system32\nvrsko.dll
+ 2007-06-28 16:43:00 274,432 ----a-w c:\windows\system32\nvrsnl.dll
+ 2007-06-28 16:43:00 253,952 ----a-w c:\windows\system32\nvrsno.dll
+ 2007-06-28 16:43:00 253,952 ----a-w c:\windows\system32\nvrspl.dll
+ 2007-06-28 16:43:00 274,432 ----a-w c:\windows\system32\nvrspt.dll
+ 2007-06-28 16:43:00 266,240 ----a-w c:\windows\system32\nvrsptb.dll
+ 2007-06-28 16:43:00 270,336 ----a-w c:\windows\system32\nvrsru.dll
+ 2007-06-28 16:43:00 258,048 ----a-w c:\windows\system32\nvrssk.dll
+ 2007-06-28 16:43:00 258,048 ----a-w c:\windows\system32\nvrssl.dll
+ 2007-06-28 16:43:00 253,952 ----a-w c:\windows\system32\nvrssv.dll
+ 2007-06-28 16:43:00 258,048 ----a-w c:\windows\system32\nvrstr.dll
+ 2007-06-28 16:43:00 225,280 ----a-w c:\windows\system32\nvrszhc.dll
+ 2007-06-28 16:43:00 126,976 ----a-w c:\windows\system32\nvrszht.dll
+ 2007-06-28 16:43:00 466,944 ----a-w c:\windows\system32\nvshell.dll
+ 2007-06-28 16:43:00 155,716 ----a-w c:\windows\system32\nvsvc32.exe
+ 2007-06-28 16:43:00 1,018,772 ----a-w c:\windows\system32\nvucode.bin
+ 2007-06-28 16:43:00 356,352 ----a-w c:\windows\system32\nvudisp.exe
+ 2007-06-28 16:43:00 3,518,464 ----a-w c:\windows\system32\nvvitvs.dll
+ 2007-06-28 16:43:00 3,600,384 ----a-w c:\windows\system32\nvvitvsr.dll
+ 2007-06-28 16:43:00 81,920 ----a-w c:\windows\system32\nvwddi.dll
+ 2007-06-28 16:43:00 1,703,936 ----a-w c:\windows\system32\nvwdmcpl.dll
+ 2007-06-28 16:43:00 1,019,904 ----a-w c:\windows\system32\nvwimg.dll
+ 2007-06-28 16:43:00 282,624 ----a-w c:\windows\system32\nvwrsar.dll
+ 2007-06-28 16:43:00 286,720 ----a-w c:\windows\system32\nvwrscs.dll
+ 2007-06-28 16:43:00 294,912 ----a-w c:\windows\system32\nvwrsda.dll
+ 2007-06-28 16:43:00 311,296 ----a-w c:\windows\system32\nvwrsde.dll
+ 2007-06-28 16:43:00 335,872 ----a-w c:\windows\system32\nvwrsel.dll
+ 2007-06-28 16:43:00 286,720 ----a-w c:\windows\system32\nvwrseng.dll
+ 2007-06-28 16:43:00 335,872 ----a-w c:\windows\system32\nvwrses.dll
+ 2007-06-28 16:43:00 327,680 ----a-w c:\windows\system32\nvwrsesm.dll
+ 2007-06-28 16:43:00 303,104 ----a-w c:\windows\system32\nvwrsfi.dll
+ 2007-06-28 16:43:00 327,680 ----a-w c:\windows\system32\nvwrsfr.dll
+ 2007-06-28 16:43:00 278,528 ----a-w c:\windows\system32\nvwrshe.dll
+ 2007-06-28 16:43:00 315,392 ----a-w c:\windows\system32\nvwrshu.dll
+ 2007-06-28 16:43:00 323,584 ----a-w c:\windows\system32\nvwrsit.dll
+ 2007-06-28 16:43:00 212,992 ----a-w c:\windows\system32\nvwrsja.dll
+ 2007-06-28 16:43:00 196,608 ----a-w c:\windows\system32\nvwrsko.dll
+ 2007-06-28 16:43:00 319,488 ----a-w c:\windows\system32\nvwrsnl.dll
+ 2007-06-28 16:43:00 299,008 ----a-w c:\windows\system32\nvwrsno.dll
+ 2007-06-28 16:43:00 294,912 ----a-w c:\windows\system32\nvwrspl.dll
+ 2007-06-28 16:43:00 323,584 ----a-w c:\windows\system32\nvwrspt.dll
+ 2007-06-28 16:43:00 319,488 ----a-w c:\windows\system32\nvwrsptb.dll
+ 2007-06-28 16:43:00 315,392 ----a-w c:\windows\system32\nvwrsru.dll
+ 2007-06-28 16:43:00 299,008 ----a-w c:\windows\system32\nvwrssk.dll
+ 2007-06-28 16:43:00 303,104 ----a-w c:\windows\system32\nvwrssl.dll
+ 2007-06-28 16:43:00 294,912 ----a-w c:\windows\system32\nvwrssv.dll
+ 2007-06-28 16:43:00 303,104 ----a-w c:\windows\system32\nvwrstr.dll
+ 2007-06-28 16:43:00 163,840 ----a-w c:\windows\system32\nvwrszhc.dll
+ 2007-06-28 16:43:00 167,936 ----a-w c:\windows\system32\nvwrszht.dll
+ 2007-06-28 16:43:00 2,330,624 ----a-w c:\windows\system32\nvwss.dll
+ 2007-06-28 16:43:00 2,416,640 ----a-w c:\windows\system32\nvwssr.dll
+ 2007-06-28 16:43:00 1,626,112 ----a-w c:\windows\system32\nwiz.exe
- 2009-01-05 09:08:21 52,936 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-06 13:46:02 52,936 ----a-w c:\windows\system32\perfc009.dat
- 2009-01-05 09:08:21 69,072 ----a-w c:\windows\system32\perfc00C.dat
+ 2009-01-06 13:46:02 63,786 ----a-w c:\windows\system32\perfc00C.dat
- 2009-01-05 09:08:21 380,702 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-06 13:46:02 380,702 ----a-w c:\windows\system32\perfh009.dat
- 2009-01-05 09:08:21 501,480 ----a-w c:\windows\system32\perfh00C.dat
+ 2009-01-06 13:46:02 445,368 ----a-w c:\windows\system32\perfh00C.dat
+ 2006-07-12 21:00:04 131,072 ----a-r c:\windows\system32\smdll.dll
+ 2006-12-15 02:58:28 208,896 ----a-r c:\windows\system32\sw20.exe
+ 2006-12-15 02:58:48 69,632 ----a-r c:\windows\system32\sw24.exe
+ 2006-06-01 09:22:00 114,688 ----a-r c:\windows\system32\sysinfo.dll
+ 2006-06-01 09:22:00 8,192 ----a-r c:\windows\system32\sysinfo.sys
+ 2006-06-01 09:22:00 9,728 ----a-r c:\windows\system32\sysinfoX64.sys
+ 2006-12-15 02:57:08 200,704 ----a-r c:\windows\system32\WinSys.exe
+ 2006-04-29 03:36:54 208,896 ----a-r c:\windows\system32\WinSys2.exe
+ 2009-01-08 00:11:32 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_130.dat
+ 2009-01-08 00:11:32 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7f0.dat
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Module Loader"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-18 57344]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe" [2007-12-19 217192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"WinSys2"="c:\windows\system32\winsys2.exe" [2006-04-29 208896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"Creative KSRun Persistence Module"="KSRun.dll" [2008-08-29 c:\windows\system32\KSRun.dll]
"nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-18 9117696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"Config"="c:\windows\system32\run.cmd" [2005-08-23 341]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
"HideClock"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"vidc.3IV2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.X264"= x264vfw.dll
"vidc.davc"= davcvfw.dll
"vidc.xvid"= xvid.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 14:08 136136 c:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
--a------ 2005-07-26 17:52 184408 c:\program files\Executive Software\Diskeeper\DkIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-03-02 15:24 257088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 14:44 196608 c:\program files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 17:32 221184 c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2008-04-18 00:27 9117696 c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-01-20 08:09 200704 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 10:54 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
--a------ 2007-11-24 20:14 606456 c:\program files\Registry Clean Expert\RCHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-05-30 14:54 21718312 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-10 05:43 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-23 06:52 185896 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
--a------ 2002-09-27 13:47 20480 c:\windows\wt\updater\wcmdmgrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
--a------ 2005-08-08 13:48 1109504 c:\program files\Webroot\Washer\wwDisp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2005-12-20 26112]
R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2007-02-17 163328]
S0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2005-12-20 77312]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Fichiers communs\Creative Labs Shared\Service\CTAELicensing.exe [2009-01-02 79360]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2008-12-11 768768]
S3 ksaudfl;ksaudfl;c:\windows\system32\drivers\ksaudfl.sys [2008-10-24 1830912]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9636019a-cef0-11db-9e07-00112fad6785}]
\Shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb43d86d-e9c9-11dc-a04b-00112fad6785}]
\Shell\AutoRun\command - J:\
\Shell\explore\Command - RECYCLED\INFO.exe
\Shell\open\Command - RECYCLED\INFO.exe
.
Contenu du dossier 'Tâches planifiées'

2009-01-08 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 08:43]

2009-01-06 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 08:43]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.dogpile.com
mStart Page = hxxp://www.dogpile.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.fr/
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
IE: &Download All with FlashGet - c:\documents and settings\Admin\Bureau\FlashGet.v1.72.Multilanguage.WinALL.Cracked-CzW\Crack\jc_all.htm
IE: &Download with FlashGet - c:\documents and settings\Admin\Bureau\FlashGet.v1.72.Multilanguage.WinALL.Cracked-CzW\Crack\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\cu5vaq8h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.dogpile.com/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\cu5vaq8h.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\cu5vaq8h.default\extensions\tcastv1@tom.com\plugins\nptcast40.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 01:17:11
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WFIPS"="c:\\Documents and Settings\\Admin\\Bureau\\ip hider.exe -autoboot"
.
Heure de fin: 2009-01-08 1:19:37
ComboFix-quarantined-files.txt 2009-01-08 00:18:21
ComboFix2.txt 2009-01-06 13:23:03

Avant-CF: 60 213 166 080 octets libres
Après-CF: 60,202,643,456 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

568 --- E O F --- 2009-01-06 13:46:32

Thank you!

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 08 January 2009 - 01:48 AM

Finally regarding my XP Version I am very concerned because ever so often it asks me for the original CD which I've lost, I however own a newer XP SP3, is it better for me to reformat?



Format will wipe out everything clean, surely.. And the process will only take hours rather than days.. It will surely settle your computer problem (as long as it is not hardware issues)..

Should you decide to reformat, don't forget to backup everything that's important for you.. songs/movies/saved games/data/documents/pictures/etc...


Tell me your desicion about it :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 jomenace

jomenace
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 08 January 2009 - 05:38 AM

Thanx for still hanging on with me. As of now, I think I mostly recovered from the Trojan, although avast did find another 7 Trojan downloaders...
I put them all in the chest. To tell you the truth if I could avoid a reformatting it would probably a little better, I don't mind the extra time I might be putting in.

My primary concern right now would be to get rid of this annoying 'Restarting of the installation process which asks me for my original XP SP2 disc that I lost.

Does that have to do with Windows Genuine Advantage? Can you prevent it from setting itself up through every restart of the PC?

Also, you still haven't answerred me, could hi-jack this cause that blue error screen DRIVER_IRQL_NOT_LESS_OR_EQUAL ??

I am waiting for your new orders, boss :thumbsup:

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 08 January 2009 - 08:50 AM

Restarting of the installation process which asks me for my original XP SP2 disc that I lost.


Please give me the screenshot and the full error of it.. Most probably I will head you to Windows forum for further assistance..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 jomenace

jomenace
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 08 January 2009 - 10:43 AM

I don't know how to capture the whole message since it just appeared when it crashed and I couldn't save it. anyways, since then, I am experiencing problems it seems with my graphic card impossible to even start a basic came without crashing. Can you tell me what should I do next please?

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 09 January 2009 - 07:48 AM

I am experiencing problems it seems with my graphic card impossible to even start a basic came without crashing


Sounds like hardware issues.. Kindly go for our Hardware Forum for further assistance.. Link below

http://www.bleepingcomputer.com/forums/f/7/internal-hardware/


Tell them about your computer problem :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users