Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sending spams over the server


  • This topic is locked This topic is locked
3 replies to this topic

#1 buzzchewan

buzzchewan

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 22 July 2010 - 04:41 AM

Dear all,

I got a big problem with a server and i need your expert help. My ISP detected that i am sending tons of spams over the world.

I scaned my computer with sophos, TrendMicro, Nod32, Kaspersky but they find nothing ! I tried to isolate only the server on internet, and it's sending spam... i tried to stop exchange service and still sending spams... when i stop smtp service, it stops.

I need your help guys, how can i first, identify the probleme, and second to resolve it ? My ISP told me it was a "proran", don't know if i'm writing it good

ps : sorry for my bad english

ZHP Report diag :

Rapport de ZHPDiag v1.26.29 par Nicolas Coolman, Update du 20/07/2010
Run by Administrateur at 22/07/2010 10:28:08
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Contact : nicolascoolman@yahoo.fr

---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702

---\\ System Information
Platform : Microsoft Windows Server 2003 (5.2.3790) Service Pack 2
Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3581 MB (54% free)
System drive C: has 98 GB (71%) free of 137 GB

---\\ Logged in mode
Computer Name: SRV-EXCH
User Name: Administrateur
All Users Names: *
Unselected Option: O1,O45,O61,O65,O82
Logged in as Administrator

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 98 Go of 137 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 134 Go of 273 Go)
E:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
F:\ CD-ROM drive (Not Inserted)


---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableTaskMgr: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableRegistryTools: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] NoDispScrSavPage: OK


---\\ Processus lancés
[MD5.1BBFD1D8AFB25D4DCEF8DC741A505461] - (.Microsoft Corporation - Microsoft® Certificate Service.) -- C:\WINDOWS\system32\certsrv.exe [324096]
[MD5.033A128E84991D0FF2BCEBFC7B485B37] - (.Hewlett-Packard Company - HP Smart Array SAS/SATA Notification Servic.) -- C:\Program Files\HP\Cissesrv\cissesrv.exe [142848]
[MD5.E5FC878BB47BC2C0FD1E1C954A75898E] - (.Hewlett-Packard Company - HP ProLiant Remote Monitor Service.) -- C:\WINDOWS\system32\cpqrcmc.exe [21032]
[MD5.CFB639CFA8093A16E82D426C46DA0004] - (.Hewlett-Packard Company - HP Version Control Agent.) -- C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe [729088]
[MD5.C27C56C05DCFFA5A1C661ACD855ECA2C] - (.Microsoft Corporation - Windows NT Distributed File System Service.) -- C:\WINDOWS\system32\Dfssvc.exe [164864]
[MD5.0160B1E59F9817EE2C1B7F3BC352ACAA] - (.http://www.directupdate.net/ - DirectUpdate - The service engine.) -- C:\PROGRA~1\DIRECT~1\DUService.exe [741376]
[MD5.752565B0BE3BF67E311FBBDDC20592EE] - (.Microsoft Corporation - Serveur du Système de Noms de Domaine (DNS).) -- C:\WINDOWS\System32\dns.exe [470528]
[MD5.8791F03854611DEAC8D2967C1C958A7E] - (.ESET - ESET Service.) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [731840]
[MD5.2DCCD6B954EED3F5F448044F743B442E] - (.The Firebird Project - Firebird SQL Server.) -- C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [65536]
[MD5.A446204304CA7D8BC2DAF6CEF61B059A] - (.Microsoft Corporation - Internet Information Services.) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe [14336]
[MD5.1834C96FB1F9280BCF6DDFA6DE8338BF] - (.Sun Microsystems, Inc. - Java™ Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376]
[MD5.CCBA7C24A9377669E52B8BE811D1BA39] - (.LogMeIn, Inc. - LogMeIn Maintenance Service.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe [116104]
[MD5.9015122D04C195BDAB88FEBCBAE229DB] - (.LogMeIn, Inc. - LogMeIn.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe [63040]
[MD5.018B593082DF3F06F8DAC92F8BECE073] - (.LogMeIn, Inc. - LMIGuardian.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe [378248]
[MD5.0609663A4842CA0771DC896DD13783ED] - (.Microsoft Corporation - SQL Server Windows NT.) -- c:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlservr.exe [9158656]
[MD5.B05640AC812FCCB488328DF34E7F663A] - (.Microsoft Corporation - SQL Server Windows NT.) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\sqlservr.exe [43010392]
[MD5.4088C02BD4C6994F8FD5E2AF79E0BCA1] - (.Microsoft Corporation - Service de réplication de fichiers.) -- C:\WINDOWS\system32\ntfrs.exe [792576]
[MD5.615A751726D3A14F10E32FD542936298] - (.Microsoft Corporation - Service SNMP.) -- C:\WINDOWS\System32\snmp.exe [40960]
[MD5.637A0F23F9012358E92E6F99835494D1] - (.Microsoft Corporation - SQL Server VSS Writer.) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [98840]
[MD5.31763C233677EFF564789C7CA8A7094A] - (.Hewlett-Packard Company - HP ProLiant System Shutdown Service.) -- C:\WINDOWS\system32\sysdown.exe [18472]
[MD5.31A7C2E39CAA39CDDEB96EFA57892491] - (.Hewlett-Packard Company - HP System Management Homepage Service.) -- C:\hp\hpsmh\bin\smhstart.exe [1585152]
[MD5.375640F39F2D613B6FDCF8C2F956205A] - (.Apache Software Foundation - Apache HTTP Server.) -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe [24636]
[MD5.4F75E2C8B167B4B7168F1F34C0DFB826] - (.Pas de propriétaire - Pas de description.) -- c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe [6562432]
[MD5.DB00E49C144686879B9EB93D5585ABA3] - (.Microsoft Corporation - WINS SERVER.) -- C:\WINDOWS\System32\wins.exe [157696]
[MD5.184185B92572219E7464EA4CC3E4BC86] - (.Microsoft Corporation - COM Surrogate.) -- C:\WINDOWS\system32\dllhost.exe [5632]
[MD5.8ADF822C2E1C0341C692A6FC7A7E74A1] - (.Hewlett-Packard Company - NIC Agents Service.) -- C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe [7680]
[MD5.DF0D46C798ED0F542023E44EBA901FEA] - (.Hewlett-Packard Company - Server Agent Service.) -- C:\WINDOWS\system32\CpqMgmt\cqmgserv\cqmgserv.exe [15400]
[MD5.FE1508E509111DA1EA7BED281504DE74] - (.Hewlett-Packard Company - HP Insight Storage Agents Service.) -- C:\WINDOWS\system32\CpqMgmt\cqmgstor\cqmgstor.exe [19456]
[MD5.4D10E8B6A971289BF8EBD2DB3E2F518B] - (.Microsoft Corporation - TCP/IP Services Application.) -- C:\WINDOWS\system32\tcpsvcs.exe [21504]
[MD5.EF635B57E832B2585ADA8241A8CF7463] - (.Hewlett-Packard Company - HP System Management Homepage.) -- C:\hp\hpsmh\bin\hpsmhd.exe [19968]
[MD5.B4CDB17C573E06DDBFA700CF99158515] - (.Microsoft Corporation - Fournisseur WMI Microsoft Exchange.) -- C:\Program Files\Exchsrvr\bin\exmgmt.exe [3217408]
[MD5.32C13ADADC481636F0B157BAA8EAA800] - (.Microsoft Corporation - Microsoft Exchange Server - Surveillance du.) -- C:\Program Files\Exchsrvr\bin\mad.exe [8920064]
[MD5.5C7157451DA94116443B96C4D59D059C] - (.Microsoft Corporation - Microsoft PKM Search Service.) -- C:\Program Files\Fichiers communs\System\MSSearch\Bin\mssearch.exe [69632]
[MD5.E5D5B16AB5AA69A498F6286522FF9A92] - (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\WINDOWS\system32\cmd.exe [401920]
[MD5.8B30EA5123CC80F14EEB5B8B24AF0CA0] - (.Hewlett-Packard Company - Foundation Agent Service.) -- C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.exe [15400]
[MD5.977F6F3A6571CA4011111C21409C173D] - (.Hewlett-Packard Company - HP System Management Homepage.) -- C:\hp\hpsmh\bin\rotatelogs.exe [53248]
[MD5.F99DB3062EC3E4CCC65FBCA547A31AE7] - (.Microsoft Corporation - Microsoft MDB Store.) -- C:\Program Files\Exchsrvr\bin\store.exe [5227520]
[MD5.F75E3E5C1F42B84EB9C9002A1089D217] - (.Microsoft Corporation - Module IMBSERVICE.) -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe [33600]
[MD5.196D57FC2A2ACA3D66CD88AEF5930205] - (.The Firebird Project - Firebird SQL Server.) -- C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [1532000]
[MD5.F85640ACCEC9252A16AD561DF088A094] - (.Microsoft Corporation - IIS Worker Process.) -- c:\windows\system32\inetsrv\w3wp.exe [7168]
[MD5.F329C0CFF42CC4A915A145A5FAC033DB] - (.Hewlett-Packard Company - CPQTEAM.EXE.) -- C:\Program Files\HP\NCU\cpqteam.exe [69632]
[MD5.234051C0D242A6F4A79AE5212C1323D4] - (.LogMeIn, Inc. - LogMeIn Desktop Application.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048]
[MD5.52DB6CDAC5BC7A1FC884E97C41C91213] - (.Sun Microsystems, Inc. - Java™ Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [248040]
[MD5.8A6758213E43B21159356DE834FE2ED3] - (.http://www.directupdate.net/ - DirectUpdate - The control tool.) -- C:\Program Files\DirectUpdate\DUControl.exe [77824]
[MD5.3FFE8752B77382C5050006C31781D05A] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Unlocker\UnlockerAssistant.exe [15872]
[MD5.9B0E0ED9171AF258ED60CD957EECA344] - (.ESET - ESET GUI.) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2029640]
[MD5.F45BFC03A06C9DCFA6731E551029B474] - (.Microsoft Corporation - SQL Server Service Manager.) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [81920]
[MD5.9EE273B1C13E07F805B328B57528A996] - (.Microsoft Corporation - Bloc-notes.) -- C:\WINDOWS\system32\NOTEPAD.EXE [70144]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [638816]
[MD5.CA28B4CC1865600931BD37BF7BA1AC00] - (.Pas de propriétaire - Pas de description.) -- C:\Documents and Settings\Administrateur.DOMAINE\Local Settings\Temporary Internet Files\Content.IE5\B2FDY8BV\ZHPDiag_silent[1].exe [704066]
[MD5.703D49C700A99556DC28620FB6297BA9] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [480768]


---\\ Plugins de navigateurs Opera/Firefox(P1/P2)
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll


---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"


---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


---\\ Internet Explorer URLSearchHook (R3)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.18928 (longhorn_ie8_gdr.100503-1700)) -- C:\WINDOWS\system32\ieframe.dll


---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java™ Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java™ Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll


---\\ Applications démarrées par registre & par dossier(O4)
O4 - HKLM\..\Run: [CPQTEAM] . (.Hewlett-Packard Company - CPQTEAM.EXE.) -- C:\Program Files\HP\NCU\cpqteam.exe
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- C:\PROGRA~1\FICHIE~1\MICROS~1\DW\DWTRIG20.exe
O4 - HKLM\..\Run: [LogMeIn GUI] . (.LogMeIn, Inc. - LogMeIn Desktop Application.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java™ Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [DUControl] . (.http://www.directupdate.net/ - DirectUpdate - The control tool.) -- C:\Program Files\DirectUpdate\DUControl.exe
O4 - HKLM\..\Run: [UnlockerAssistant] . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [egui] . (.ESET - ESET GUI.) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\policies\Explorer: [ShowSuperHidden] Data=1
O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data=1
O4 - HKLM\..\policies\Explorer: [NoWelcomeScreen] Data=1
O4 - HKCU\..\policies\Explorer: [NoDriveTypeAutoRun] Data=145
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [tscuninstall] . (.Microsoft Corporation - DLL d'action personnalisée d'installation.) -- C:\WINDOWS\system32\tscupgrd.exe
O4 - HKUS\S-1-5-18\..\Run: [tscuninstall] . (.Microsoft Corporation - DLL d'action personnalisée d'installation.) -- C:\WINDOWS\system32\tscupgrd.exe
O4 - HKUS\S-1-5-19\..\Run: [tscuninstall] . (.Microsoft Corporation - DLL d'action personnalisée d'installation.) -- C:\WINDOWS\system32\tscupgrd.exe
O4 - HKUS\S-1-5-20\..\Run: [tscuninstall] . (.Microsoft Corporation - DLL d'action personnalisée d'installation.) -- C:\WINDOWS\system32\tscupgrd.exe


---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} . (.not file.) - (.not file.)


---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll


---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14)
O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://companyweb


---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains\www] http.microsoft.com
O15 - Trusted Zone: [HKCU\...\EscDomains\www] http.google.fr
O15 - Trusted Zone: [HKCU\...\EscDomains] http.localhost
O15 - Trusted Zone: [HKCU\...\EscDomains\www] http.localhost


---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1250254048390
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} () - http://download.eset.com/special/eos/OnlineScanner.cab


---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FFBED57-BDBD-42FC-88C6-D826D9B27237}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1FFBED57-BDBD-42FC-88C6-D826D9B27237}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1FFBED57-BDBD-42FC-88C6-D826D9B27237}: NameServer = 192.168.0.1


---\\ Protocole additionnel et piratage de protocole (O18)
O18 - Handler: hpapp - {24F45006-5BD9-41B7-9BD9-5F8921C8EBD1} . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Compaq\Cpqacuxe\bin\hpapp.dll


---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent . (.Pas de propriétaire - Pas de description.) -- Ati2evxx.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll
O20 - Winlogon Notify: LMIinit . (.LogMeIn, Inc. - LogMeIn Remote Control Helper.) -- C:\WINDOWS\System32\LMIinit.dll


---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll


---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll


---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: HP Smart Array SAS/SATA Event Notification Service (Cissesrv) . (.Hewlett-Packard Company - HP Smart Array SAS/SATA Notification Servic.) - C:\Program Files\HP\Cissesrv\cissesrv.exe
O23 - Service: HP Insight NIC Agents (CpqNicMgmt) . (.Hewlett-Packard Company - NIC Agents Service.) - C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe
O23 - Service: HP ProLiant Remote Monitor Service (CpqRcmc) . (.Hewlett-Packard Company - HP ProLiant Remote Monitor Service.) - C:\WINDOWS\system32\cpqrcmc.exe
O23 - Service: HP Version Control Agent (cpqvcagent) . (.Hewlett-Packard Company - HP Version Control Agent.) - C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
O23 - Service: HP Insight Foundation Agents (CqMgHost) . (.Hewlett-Packard Company - Foundation Agent Service.) - C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.exe
O23 - Service: HP Insight Server Agents (CqMgServ) . (.Hewlett-Packard Company - Server Agent Service.) - C:\WINDOWS\system32\CpqMgmt\cqmgserv\cqmgserv.exe
O23 - Service: HP Insight Storage Agents (CqMgStor) . (.Hewlett-Packard Company - HP Insight Storage Agents Service.) - C:\WINDOWS\system32\CpqMgmt\cqmgstor\cqmgstor.exe
O23 - Service: DirectUpdate engine (DirectUpdate) . (.http://www.directupdate.net/ - DirectUpdate - The service engine.) - C:\PROGRA~1\DIRECT~1\DUService.exe
O23 - Service: ESET Service (ekrn) . (.ESET - ESET Service.) - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) . (.The Firebird Project - Firebird SQL Server.) - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java™ Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) . (.LogMeIn, Inc. - LogMeIn Maintenance Service.) - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn (LogMeIn) . (.LogMeIn, Inc. - LogMeIn.) - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: HP ProLiant System Shutdown Service (sysdown) . (.Hewlett-Packard Company - HP ProLiant System Shutdown Service.) - C:\WINDOWS\system32\sysdown.exe
O23 - Service: HP System Management Homepage (SysMgmtHp) . (.Hewlett-Packard Company - HP System Management Homepage Service.) - C:\hp\hpsmh\bin\smhstart.exe
O23 - Service: wampapache (wampapache) . (.Apache Software Foundation - Apache HTTP Server.) - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld (wampmysqld) . (.Pas de propriétaire - Pas de description.) - c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe


---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Backup.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\ShadowCopyVolume{b357c415-3e8f-11de-9fc9-806e6f6e6963}.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{ACCE2B21-7085-4FB6-A5E6-606DEA0B6C72}.job


---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Personnalisation du navigateur - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS . (.Pas de propriétaire - Pas de description.) -- RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java™ Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\msnetmtg.inf
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\wmp.inf
O40 - ASIC: Fax - {8b15971b-5355-4c82-8c07-7e181ea07608} . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\INF\fxsocm.inf
O40 - ASIC: %IEHARDENADMIN_BASE_DESC% - {A509B1A7-37EF-4b3f-8CFC-4F3A74704073} . (.Pas de propriétaire - Pas de description.) -- %SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenAdmin
O40 - ASIC: %IEHARDENUSER_DESC% - {A509B1A8-37EF-4b3f-8CFC-4F3A74704073} . (.Pas de propriétaire - Pas de description.) -- %SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenUser


---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: ehdrv (ehdrv) . (.ESET - ESET Helper driver.) - C:\Windows\system32\DRIVERS\ehdrv.sys
O41 - Driver: epfwtdir (epfwtdir) . (.ESET - ESET Antivirus Network Redirector.) - C:\Windows\system32\DRIVERS\epfwtdir.sys


---\\ Logiciels installés (O42)
O42 - Logiciel: 32 Bit HP BiDi Channel Components Installer - (.Hewlett-Packard.) [HKLM]
O42 - Logiciel: ATI Display Driver - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Adobe Reader 9.3.3 - Français - (.Adobe Systems Incorporated.) [HKLM]
O42 - Logiciel: Console de gestion de la stratégie de groupe Microsoft avec SP1 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: DirectUpdate - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: EPSON Logiciel imprimante - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: EPSON Monochrome Laser P6 - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Epson Universal Laser P5 - (.Pas de propriétaire.) [HKLM]
O42 - Logiciel: Firebird 1.5.6 - (.Firebird Project.) [HKLM]
O42 - Logiciel: FlameRobin 0.1.5 ALPHA - (.The FlameRobin Project.) [HKLM]
O42 - Logiciel: HP Array Configuration Utility - (.Hewlett Packard Development Company, L.P..) [HKLM]
O42 - Logiciel: HP Array Configuration Utility CLI - (.Hewlett-Packard Development Company, L.P..) [HKLM]
O42 - Logiciel: HP Insight Diagnostics Online Edition for Windows - (.Hewlett-Packard.) [HKLM]
O42 - Logiciel: HP Insight Management Agents - (.Hewlett-Packard Company.) [HKLM]
O42 - Logiciel: HP Lights-Out Online Configuration Utility - (.Hewlett-Packard Development Company, L.P..) [HKLM]
O42 - Logiciel: HP ProLiant Integrated Management Log Viewer - (.Hewlett-Packard Company.) [HKLM]
O42 - Logiciel: HP ProLiant PCI-express Power Management Update for Windows - (.Hewlett-Packard Company.) [HKLM]
O42 - Logiciel: HP ProLiant Remote Monitor Service - (.Hewlett-Packard Company.) [HKLM]
O42 - Logiciel: HP Smart Array SAS/SATA Event Notification Service - (.Hewlett-Packard Development Company, L.P..) [HKLM]
O42 - Logiciel: HP System Management Homepage - (.Hewlett-Packard Company.) [HKLM]
O42 - Logiciel: HP Version Control Agent - (.Hewlett Packard Development Group, L.P..) [HKLM]
O42 - Logiciel: Headless Server Registry Update - (.Hewlett-Packard Company.) [HKLM]
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Hotfix for Windows Server 2003 (KB958655-v2) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Java™ 6 Update 20 - (.Sun Microsystems, Inc..) [HKLM]
O42 - Logiciel: LogMeIn - (.LogMeIn, Inc..) [HKLM]
O42 - Logiciel: MAPILab Rules for Exchange - (.MAPILab Ltd..) [HKLM]
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: MSXML 6 Service Pack 2 (KB973686) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft .NET Framework 1.1 -- Device Update 4.0 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Health Monitor 2.1 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft SQL Server 2008 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft SQL Server 2008 Browser - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft SQL Server 2008 Common Files - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft SQL Server 2008 Database Engine Services - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft SQL Server 2008 Database Engine Shared - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft SQL Server 2008 Native Client - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft SQL Server 2008 RsFx Driver - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft SQL Server 2008 Setup Support Files - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft SQL Server Desktop Engine (SBSMonitoring) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft SQL Server Desktop Engine (SHAREPOINT) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft SQL Server VSS Writer - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Microsoft Windows SharePoint Services 2.0 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Service Pack 1 for SQL Server 2008 (KB968369) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Sophos Computer Security Scan - (.Sophos plc.) [HKLM]
O42 - Logiciel: Sql Server Customer Experience Improvement Program - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Unlocker 1.8.5 - (.Cedrick Collomb.) [HKLM]
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: WampServer 2.0 - (.Romain Bourdon (Roms).) [HKLM]
O42 - Logiciel: WinPcap 4.1.1 - (.CACE Technologies.) [HKLM]
O42 - Logiciel: Windows Imaging Component - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Resource Kit Tools - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Windows Small Business Server 2003 - (.Microsoft Corporation.) [HKLM]
O42 - Logiciel: Wireshark 1.2.9 - (.The Wireshark developer community, http://www.wireshark.org.) [HKLM]

---\\ HKCU & HKLM Software Keys
[HKCU\Software\Adobe]
[HKCU\Software\Classes]
[HKCU\Software\Compaq]
[HKCU\Software\EPSON]
[HKCU\Software\ESET]
[HKCU\Software\EasyDesk]
[HKCU\Software\F-Secure]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\JavaSoft]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\LogMeIn]
[HKCU\Software\Macromedia]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\Netscape]
[HKCU\Software\Policies]
[HKCU\Software\RICOH]
[HKCU\Software\SUPERAntiSpyware.com]
[HKCU\Software\Safer Networking Limited]
[HKCU\Software\Sophos]
[HKCU\Software\Sysinternals]
[HKCU\Software\Western Digital]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\Xerox]
[HKCU\Software\YahooPartnerToolbar]
[HKLM\Software\ADFS]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Adobe]
[HKLM\Software\Business Objects]
[HKLM\Software\C07ft5Y]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Compaq Insight Agent]
[HKLM\Software\Compaq]
[HKLM\Software\Description]
[HKLM\Software\EPSON]
[HKLM\Software\ESET]
[HKLM\Software\Firebird Project]
[HKLM\Software\Fraggers.net]
[HKLM\Software\Gemplus]
[HKLM\Software\Google]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\LogMeIn, Inc.]
[HKLM\Software\LogMeIn]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\ODBC]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\SUPERAntiSpyware.com]
[HKLM\Software\Safer Networking Limited]
[HKLM\Software\Schlumberger]
[HKLM\Software\Secure]
[HKLM\Software\Sophos]
[HKLM\Software\WinPcap]
[HKLM\Software\Xerox]


---\\ Contenu des dossiers Program Files (O43)
O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Cmak
O43 - CFD:Common File Directory ----D- C:\Program Files\Compaq
O43 - CFD:Common File Directory ----D- C:\Program Files\ComPlus Applications
O43 - CFD:Common File Directory ----D- C:\Program Files\DirectUpdate
O43 - CFD:Common File Directory ----D- C:\Program Files\EPSON
O43 - CFD:Common File Directory ----D- C:\Program Files\ESET
O43 - CFD:Common File Directory ----D- C:\Program Files\Exchsrvr
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers communs
O43 - CFD:Common File Directory ----D- C:\Program Files\Firebird
O43 - CFD:Common File Directory ----D- C:\Program Files\FlameRobin
O43 - CFD:Common File Directory ----D- C:\Program Files\Gestisoft
O43 - CFD:Common File Directory ----D- C:\Program Files\GPMC
O43 - CFD:Common File Directory ----D- C:\Program Files\Hewlett-Packard
O43 - CFD:Common File Directory ----D- C:\Program Files\HP
O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer
O43 - CFD:Common File Directory ----D- C:\Program Files\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\LogMeIn
O43 - CFD:Common File Directory ----D- C:\Program Files\MAPILab Ltd
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Integration
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft SQL Server
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft SQL Server SP4
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Visual Studio 9.0
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Windows Small Business Server
O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft.NET
O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild
O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0
O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 6.0
O43 - CFD:Common File Directory ----D- C:\Program Files\NetMeeting
O43 - CFD:Common File Directory ----D- C:\Program Files\Outlook Express
O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies
O43 - CFD:Common File Directory ----D- C:\Program Files\Services en ligne
O43 - CFD:Common File Directory ----D- C:\Program Files\Sophos
O43 - CFD:Common File Directory ----D- C:\Program Files\Spybot - Search & Destroy
O43 - CFD:Common File Directory ----D- C:\Program Files\Trend Micro
O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information
O43 - CFD:Common File Directory ----D- C:\Program Files\Unlocker
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows for Small Business Server
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT
O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Resource Kits
O43 - CFD:Common File Directory --H-D- C:\Program Files\WindowsUpdate
O43 - CFD:Common File Directory ----D- C:\Program Files\WinPcap
O43 - CFD:Common File Directory ----D- C:\Program Files\Wireshark
O43 - CFD:Common File Directory ----D- C:\Program Files\ZHPDiag
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Adobe
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Java
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Microsoft Shared
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\ODBC
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\Services
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\SpeechEngines
O43 - CFD:Common File Directory ----D- C:\Program Files\Fichiers Communs\System


---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.FDDA79E4DE162857191A886D47096355] - 22/07/2010 - 09:25:08 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\licstr.cpa [61736]
O44 - LFC:[MD5.E358D3020ED402F8C88E7B635DF9325B] - 22/07/2010 - 04:00:56 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\mapisvc.inf [6181]
O44 - LFC:[MD5.00000000000000000000000000000000] - 22/07/2010 - 02:00:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\WindowsUpdate.log [1998943]
O44 - LFC:[MD5.ABE7E106764B90300304AE1A83EEFDE6] - 21/07/2010 - 23:13:59 -S--- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\bootstat.dat [2048]
O44 - LFC:[MD5.8FF5EA76634EFE93C045163BE02E16D9] - 21/07/2010 - 22:15:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfc009.dat [296338]
O44 - LFC:[MD5.01890207FE5AF6D41CB490FD1EC37D9F] - 21/07/2010 - 22:15:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfc00C.dat [356864]
O44 - LFC:[MD5.95248115DB5BA70EBA4D6BB912D6B8D7] - 21/07/2010 - 22:15:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfh009.dat [1056108]
O44 - LFC:[MD5.6FA0BC8567AC1F35F99FC008838CA493] - 21/07/2010 - 22:15:25 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfh00C.dat [1192240]
O44 - LFC:[MD5.00000000000000000000000000000000] - 21/07/2010 - 21:47:21 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\NETLOGON.CHG [65536]
O44 - LFC:[MD5.D6EFAF429FD30C5DF613D220E344CCE7] - 05/07/2010 - 11:59:22 R---- . (.Western Digital Technologies - WD SCSI Architecture Model (SAM) driver.) -- C:\WINDOWS\System32\drivers\wdcsam.sys [11520]


---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - (no name) - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - shell32.dll


---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - (no data)


---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech™ DSP Group pour MSACM V3.50.) -- C:\WINDOWS\System32\tssoft32.acm
O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\System32\sl_anet.acm
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm


---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, pwdssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, pwdssp.dll


---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "disablecad"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=0
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1


---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDriveTypeAutoRun"=145
O56 - MWPE:[HKLM\...\Policies\Explorer] - "ShowSuperHidden"=1
O56 - MWPE:[HKLM\...\Policies\Explorer] - "HonorAutoRunSetting"=1
O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoWelcomeScreen"=1


---\\ Liste des Drivers Système (SDL) (O58)
O58 - SDL:[MD5.20E7D01444906CAE72FFCAC1B5931268] - 07/05/2007 - 14:12:42 ---A- . (.Advanced Micro Devices - AMD Processor Driver.) -- C:\WINDOWS\system32\drivers\amdk8.sys
O58 - SDL:[MD5.B9D9B1F5D22D992122338614B4F479FE] - 01/04/2009 - 21:18:08 ---A- . (.ATI Technologies Inc. - ATI Radeon WindowsNT Miniport Driver.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys
O58 - SDL:[MD5.0320FD91FB5ED4298355977CECFC0EB4] - 07/05/2007 - 14:12:42 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys
O58 - SDL:[MD5.D6EFAF429FD30C5DF613D220E344CCE7] - 13/02/2009 - 20:02:52 R---- . (.Western Digital Technologies - WD SCSI Architecture Model (SAM) driver.) -- C:\WINDOWS\system32\drivers\wdcsam.sys
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 07/05/2007 - 14:12:42 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ansi.sys
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 07/05/2007 - 14:12:42 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\country.sys
O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 07/05/2007 - 14:12:42 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\himem.sys
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 07/05/2007 - 14:12:42 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\key01.sys
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 07/05/2007 - 14:12:42 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\keyboard.sys
O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 07/05/2007 - 14:12:42 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos.sys
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 07/05/2007 - 14:12:42 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos404.sys
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 07/05/2007 - 14:12:42 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos411.sys
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 07/05/2007 - 14:12:42 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos412.sys
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 07/05/2007 - 14:12:42 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntdos804.sys
O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 07/05/2007 - 14:12:42 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio.sys
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 07/05/2007 - 14:12:42 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio404.sys
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 07/05/2007 - 14:12:42 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio411.sys
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 07/05/2007 - 14:12:42 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio412.sys
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 07/05/2007 - 14:12:42 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\ntio804.sys


---\\ Liste des outils de nettoyage (LATC) (O63)
O63 - Logiciel: Dial-a-fix - (.Djlizard.)


---\\ Liste des services Legacy (LALS) (O64)
O64 - Services: CurCS - C:\Program Files\HP\Cissesrv\cissesrv.exe - HP Smart Array SAS/SATA Event Notification Service (Cissesrv) .(.Hewlett-Packard Company - HP Smart Array SAS/SATA Notification Servic.) - LEGACY_CISSESRV
O64 - Services: CurCS - C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe - HP Insight NIC Agents (CpqNicMgmt) .(.Hewlett-Packard Company - NIC Agents Service.) - LEGACY_CPQNICMGMT
O64 - Services: CurCS - C:\WINDOWS\system32\cpqrcmc.exe - HP ProLiant Remote Monitor Service (CpqRcmc) .(.Hewlett-Packard Company - HP ProLiant Remote Monitor Service.) - LEGACY_CPQRCMC
O64 - Services: CurCS - C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe - HP Version Control Agent (cpqvcagent) .(.Hewlett-Packard Company - HP Version Control Agent.) - LEGACY_CPQVCAGENT
O64 - Services: CurCS - C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.exe - HP Insight Foundation Agents (CqMgHost) .(.Hewlett-Packard Company - Foundation Agent Service.) - LEGACY_CQMGHOST
O64 - Services: CurCS - C:\WINDOWS\system32\CpqMgmt\cqmgserv\cqmgserv.exe - HP Insight Server Agents (CqMgServ) .(.Hewlett-Packard Company - Server Agent Service.) - LEGACY_CQMGSERV
O64 - Services: CurCS - C:\WINDOWS\system32\CpqMgmt\cqmgstor\cqmgstor.exe - HP Insight Storage Agents (CqMgStor) .(.Hewlett-Packard Company - HP Insight Storage Agents Service.) - LEGACY_CQMGSTOR
O64 - Services: CurCS - C:\PROGRA~1\DIRECT~1\DUService.exe - DirectUpdate engine (DirectUpdate) .(.http://www.directupdate.net/ - DirectUpdate - The service engine.) - LEGACY_DIRECTUPDATE
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\eamon.sys - eamon (eamon) .(.ESET - Amon monitor.) - LEGACY_EAMON
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\ehdrv.sys - ehdrv (ehdrv) .(.ESET - ESET Helper driver.) - LEGACY_EHDRV
O64 - Services: CurCS - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe - ESET Service (ekrn) .(.ESET - ESET Service.) - LEGACY_EKRN
O64 - Services: CurCS - C:\Windows\system32\DRIVERS\epfwtdir.sys - epfwtdir (epfwtdir) .(.ESET - ESET Antivirus Network Redirector.) - LEGACY_EPFWTDIR
O64 - Services: CurCS - (.not file.) - esihdrv (esihdrv) .(.Pas de propriétaire - Pas de description.) - LEGACY_ESIHDRV
O64 - Services: CurCS - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe - Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) .(.The Firebird Project - Firebird SQL Server.) - LEGACY_FIREBIRDGUARDIANDEFAULTINSTANCE
O64 - Services: CurCS - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe - Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) .(.The Firebird Project - Firebird SQL Server.) - LEGACY_FIREBIRDSERVERDEFAULTINSTANCE
O64 - Services: CurCS - C:\Program Files\Java\jre6\bin\jqs.exe - Java Quick Starter (JavaQuickStarterService) .(.Sun Microsystems, Inc. - Java™ Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE
O64 - Services: CurCS - (.not file.) - Kl1 (kl1) .(.Pas de propriétaire - Pas de description.) - LEGACY_KL1
O64 - Services: CurCS - (.not file.) - Kaspersky Lab Driver (KLIF) .(.Pas de propriétaire - Pas de description.) - LEGACY_KLIF
O64 - Services: CurCS - C:\Program Files\LogMeIn\x86\RaInfo.sys - LogMeIn Kernel Information Provider (LMIInfo) .(.LogMeIn, Inc. - RemotelyAnywhere Kernel Information Provide.) - LEGACY_LMIINFO
O64 - Services: CurCS - C:\Program Files\LogMeIn\x86\RaMaint.exe - LogMeIn Maintenance Service (LMIMaint) .(.LogMeIn, Inc. - LogMeIn Maintenance Service.) - LEGACY_LMIMAINT
O64 - Services: CurCS - (.not file.) - LMIRfsClientNP (LMIRfsClientNP) .(.Pas de propriétaire - Pas de description.) - LEGACY_LMIRFSCLIENTNP
O64 - Services: CurCS - C:\WINDOWS\system32\drivers\LMIRfsDriver.sys - LogMeIn Remote File System Driver (LMIRfsDriver) .(.LogMeIn, Inc. - LogMeIn Rfs Drivemap Driver.) - LEGACY_LMIRFSDRIVER
O64 - Services: CurCS - C:\Program Files\LogMeIn\x86\LogMeIn.exe - LogMeIn (LogMeIn) .(.LogMeIn, Inc. - LogMeIn.) - LEGACY_LOGMEIN
O64 - Services: CurCS - (.not file.) - mountmgr (mountmgr) .(.Pas de propriétaire - Pas de description.) - LEGACY_MOUNTMGR
O64 - Services: CurCS - (.not file.) - Mup (Mup) .(.Pas de propriétaire - Pas de description.) - LEGACY_MUP
O64 - Services: CurCS - (.not file.) - Pilote système NDIS (NDIS) .(.Pas de propriétaire - Pas de description.) - LEGACY_NDIS
O64 - Services: CurCS - C:\Windows\system32\drivers\npf.sys - NetGroup Packet Filter Driver (NPF) .(.CACE Technologies, Inc. - npf.sys (NT5/6 x86) Kernel Driver.) - LEGACY_NPF
O64 - Services: CurCS - (.not file.) - Gestionnaire de partition (PartMgr) .(.Pas de propriétaire - Pas de description.) - LEGACY_PARTMGR
O64 - Services: CurCS - (.not file.) - PROCEXP141 (PROCEXP141) .(.Pas de propriétaire - Pas de description.) - LEGACY_PROCEXP141
O64 - Services: CurCS - (.not file.) - RDPNP (RDPNP) .(.Pas de propriétaire - Pas de description.) - LEGACY_RDPNP
O64 - Services: CurCS - (.not file.) - SASDIFSV (SASDIFSV) .(.Pas de propriétaire - Pas de description.) - LEGACY_SASDIFSV
O64 - Services: CurCS - (.not file.) - SASKUTIL (SASKUTIL) .(.Pas de propriétaire - Pas de description.) - LEGACY_SASKUTIL
O64 - Services: CurCS - (.not file.) - SAVOnAccessControl (SAVOnAccessControl) .(.Pas de propriétaire - Pas de description.) - LEGACY_SAVONACCESSCONTROL
O64 - Services: CurCS - (.not file.) - SAVOnAccessFilter (SAVOnAccessFilter) .(.Pas de propriétaire - Pas de description.) - LEGACY_SAVONACCESSFILTER
O64 - Services: CurCS - (.not file.) - Services SBCore (SBCore) .(.Pas de propriétaire - Pas de description.) - LEGACY_SBCORE
O64 - Services: CurCS - C:\WINDOWS\system32\sysdown.exe - HP ProLiant System Shutdown Service (sysdown) .(.Hewlett-Packard Company - HP ProLiant System Shutdown Service.) - LEGACY_SYSDOWN
O64 - Services: CurCS - C:\hp\hpsmh\bin\smhstart.exe - HP System Management Homepage (SysMgmtHp) .(.Hewlett-Packard Company - HP System Management Homepage Service.) - LEGACY_SYSMGMTHP
O64 - Services: CurCS - C:\Program Files\Unlocker\UnlockerDriver5.sys - UnlockerDriver5 (UnlockerDriver5) .(.Pas de propriétaire - Pas de description.) - LEGACY_UNLOCKERDRIVER5
O64 - Services: CurCS - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe - wampapache (wampapache) .(.Apache Software Foundation - Apache HTTP Server.) - LEGACY_WAMPAPACHE
O64 - Services: CurCS - c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe - wampmysqld (wampmysqld) .(.Pas de propriétaire - Pas de description.) - LEGACY_WAMPMYSQLD


---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <htmlfile>[HKCR\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\WINDOWS\regedit.exe


---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe


---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com


---\\ Recherche d'infection Master Boot Record (O80)
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
Run by Administrateur at 22/07/2010 10:30:18
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll HpCISSs2.sys
kernel: MBR read successfully
user & kernel MBR OK



End of the scan (586 lines in 02mn 09s)

Edited by buzzchewan, 22 July 2010 - 04:42 AM.


BC AdBot (Login to Remove)

 


#2 buzzchewan

buzzchewan
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 22 July 2010 - 06:37 AM

I have another log if it's usefull : Ad-remover log

http://www.cijoint.fr/cjlink.php?file=cj20.../cijvPdt0H6.txt

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:29 AM

Posted 28 July 2010 - 06:39 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


And

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.


Then

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Posted Image
m0le is a proud member of UNITE

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:29 AM

Posted 02 August 2010 - 06:43 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users